cas 单点登录修改认证方式 jeesite
2017-06-06 17:39
447 查看
本文借鉴单点登录CAS系列第04节
首先我们要将cas导入到myeclipse中,具体方法(自己创建项目,gradle转),我用的第一个方法,创建web项目后,将编译后的文件拷贝到项目中,目录一定要正确哦,
如图:
![](https://img-blog.csdn.net/20170401145359993)
![](https://img-blog.csdn.net/20170401145406883)
1、
可以找到
我们在AcceptUsersAuthenticationHandler.Java中发现CAS是把配置的用户密码读取到全局
2、而AcceptUsersAuthenticationHandler.java是通过继承AbstractUsernamePasswordAuthenticationHandler.java才实现的认证
所以创建com.jadyer.sso.authentication.UserAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler
再重写authenticateUsernamePasswordInternal()方法,在里面获取到前台页面输入的用户密码,再到数据库中校验就行了。
3、接下来创建
它会在启动时被自动加载(web.xml中设定的)
然后在里面配置数据库连接池,连接池的用户名密码等可以配置在
同时增加
4、新建一个UserDaoJdbc.java类,通过它利用SpringJDBCTemplate访问数据库
因为要连接数据库,所以还要把druid jar包以及MySQL-connector-java jar包加入到lib目录中
5、最后记得
并在自定义的
注意其名字应该是primaryAuthenticationHandler,因为deployerConfigContext.xml的其它配置引用了primaryAuthenticationHandler
否则你还要找到引用了primaryAuthenticationHandler的位置修改为新的Bean
下面我们来具体的执行:
1、认证类UserAuthenticationHandler.java
[html]
view plain
copy
print?
package authentication;
import java.security.GeneralSecurityException;
import javax.annotation.Resource;
import javax.security.auth.login.FailedLoginException;
import org.jasig.cas.authentication.HandlerResult;
import org.jasig.cas.authentication.PreventedException;
import org.jasig.cas.authentication.UsernamePasswordCredential;
import org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.jasig.cas.authentication.principal.SimplePrincipal;
import org.springframework.stereotype.Component;
/**
* 自定义的用户登录认证类
*/
@Component(value="primaryAuthenticationHandler")
public class UserAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {
@Resource
private UserDaoJdbc userDaoJdbc;
@Override
protected HandlerResult authenticateUsernamePasswordInternal(UsernamePasswordCredential transformedCredential) throws GeneralSecurityException, PreventedException {
//UsernamePasswordCredential参数包含了前台页面输入的用户信息
String username = transformedCredential.getUsername();
String password = transformedCredential.getPassword();
//认证用户名和密码是否正确
if(userDaoJdbc.verifyAccount(username, password)){
return createHandlerResult(transformedCredential, new SimplePrincipal(username), null);
}
throw new FailedLoginException();
}
}
2、密码校验类UserDaoJdbc.java,为了符合jeesite中的认证方式,将jeesite的解密方法拿过来
[html]
view plain
copy
print?
package authentication;
import javax.annotation.Resource;
import javax.sql.DataSource;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.stereotype.Repository;
@Repository
public class UserDaoJdbc {
private static final String SQL_VERIFY_ACCOUNT = "SELECT COUNT(*) FROM sys_user WHERE login_name=? AND del_flag=0";
private static final String SQL_VERIFY_PASSWORD = "SELECT password FROM sys_user WHERE login_name=? AND del_flag=0";
private JdbcTemplate jdbcTemplate;
public static final int HASH_INTERATIONS = 1024;
@Resource
public void setDataSource(DataSource dataSource){
this.jdbcTemplate = new JdbcTemplate(dataSource);
}
public boolean verifyAccount(String username, String plainPassword){
try{
//验证用户名和密码是否正确
if(1==this.jdbcTemplate.queryForObject(SQL_VERIFY_ACCOUNT, new Object[]{username}, Integer.class)){
String password =this.jdbcTemplate.queryForObject(SQL_VERIFY_PASSWORD, new Object[]{username},String.class);
String plain = Encodes.unescapeHtml(plainPassword);
byte[] salt = Encodes.decodeHex(password.substring(0,16));
byte[] hashPassword = Digests.sha1(plain.getBytes(), salt, HASH_INTERATIONS);
return password.equals(Encodes.encodeHex(salt)+Encodes.encodeHex(hashPassword));
}
return false;
}catch(EmptyResultDataAccessException e){
return false;
}
}
}
3、链接数据库的配置文件spring-configuration\applicationContext-datasource.xml
[html]
view plain
copy
print?
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">
<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource" init-method="init" destroy-method="close">
<property name="url" value="jdbc:mysql://"/>
<property name="username" value=""/>
<property name="password" value=""/>
<!-- 配置初始化大小、最小、最大 -->
<property name="initialSize" value="1"/>
<property name="minIdle" value="1"/>
<property name="maxActive" value="20"/>
<!-- 配置获取连接等待超时的时间 -->
<property name="maxWait" value="60000"/>
<!-- 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒 -->
<property name="timeBetweenEvictionRunsMillis" value="60000"/>
<!-- 配置一个连接在池中最小生存的时间,单位是毫秒 -->
<property name="minEvictableIdleTimeMillis" value="300000"/>
<property name="validationQuery" value="SELECT 'x'"/>
<property name="testWhileIdle" value="true"/>
<property name="testOnBorrow" value="false"/>
<property name="testOnReturn" value="false"/>
<!-- 打开PSCache,并且指定每个连接上PSCache的大小 -->
<!-- PSCache(preparedStatement)对支持游标的数据库性能提升巨大,比如说Oracle/DB2/SQL Server,在mysql下建议关闭 -->
<property name="poolPreparedStatements" value="false"/>
<property name="maxPoolPreparedStatementPerConnectionSize" value="-1"/>
<!-- 配置监控统计拦截的filters -->
<property name="filters" value="wall,mergeStat"/>
</bean>
<bean id="txManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource"/>
</bean>
<tx:annotation-driven transaction-manager="txManager"/>
<context:component-scan base-package="authentication"/>
</beans>
4、修改cas的认证方法。新添信息,以前的可以注释掉
[html]
view plain
copy
print?
<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
<entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" />
<!-- 下面是采用cas-server-support-jdbc-4.0.3.jar实现数据库认证的Bean声明 -->
<!--
<entry key-ref="mssoUsersAuthenticationHandler" value-ref="primaryPrincipalResolver" />
-->
</map>
</constructor-arg>
<property name="authenticationPolicy">
<bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
</property>
</bean>
<!-- <bean id="primaryAuthenticationHandler"
class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
<property name="users">
<map>
<entry key="casuser" value="Mellon"/>
</map>
</property>
</bean> -->
至此完毕,重启系统,使用项目中的用户登录。
首先我们要将cas导入到myeclipse中,具体方法(自己创建项目,gradle转),我用的第一个方法,创建web项目后,将编译后的文件拷贝到项目中,目录一定要正确哦,
如图:
1、
CSA的默认登录用户密码配置在
deployerConfigContext.xml,所以就到deployerConfigContext.xml里面找
可以找到
<bean id="primaryAuthenticationHandler" class="org.jasig...AcceptUsersAuthenticationHandler">
我们在AcceptUsersAuthenticationHandler.Java中发现CAS是把配置的用户密码读取到全局
Map<String, String>中的
2、而AcceptUsersAuthenticationHandler.java是通过继承AbstractUsernamePasswordAuthenticationHandler.java才实现的认证
所以创建com.jadyer.sso.authentication.UserAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler
再重写authenticateUsernamePasswordInternal()方法,在里面获取到前台页面输入的用户密码,再到数据库中校验就行了。
3、接下来创建
\WEB-INF\spring-configuration\applicationContext-datasource.xml
它会在启动时被自动加载(web.xml中设定的)
然后在里面配置数据库连接池,连接池的用户名密码等可以配置在
\WEB-INF\cas.properties
同时增加
<context:component-scan base-package="com.jadyer.sso"/>,使得可以在自定义类中应用Spring注解
4、新建一个UserDaoJdbc.java类,通过它利用SpringJDBCTemplate访问数据库
因为要连接数据库,所以还要把druid jar包以及MySQL-connector-java jar包加入到lib目录中
5、最后记得
deployerConfigContext.xml里面把这段Bean配置给注释掉
<bean id="primaryAuthenticationHandler">
并在自定义的
UserAuthenticationHandler.java中使用
@Component(value="primaryAuthenticationHandler")声明其为Bean
注意其名字应该是primaryAuthenticationHandler,因为deployerConfigContext.xml的其它配置引用了primaryAuthenticationHandler
否则你还要找到引用了primaryAuthenticationHandler的位置修改为新的Bean
下面我们来具体的执行:
1、认证类UserAuthenticationHandler.java
[html]
view plain
copy
print?
package authentication;
import java.security.GeneralSecurityException;
import javax.annotation.Resource;
import javax.security.auth.login.FailedLoginException;
import org.jasig.cas.authentication.HandlerResult;
import org.jasig.cas.authentication.PreventedException;
import org.jasig.cas.authentication.UsernamePasswordCredential;
import org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.jasig.cas.authentication.principal.SimplePrincipal;
import org.springframework.stereotype.Component;
/**
* 自定义的用户登录认证类
*/
@Component(value="primaryAuthenticationHandler")
public class UserAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {
@Resource
private UserDaoJdbc userDaoJdbc;
@Override
protected HandlerResult authenticateUsernamePasswordInternal(UsernamePasswordCredential transformedCredential) throws GeneralSecurityException, PreventedException {
//UsernamePasswordCredential参数包含了前台页面输入的用户信息
String username = transformedCredential.getUsername();
String password = transformedCredential.getPassword();
//认证用户名和密码是否正确
if(userDaoJdbc.verifyAccount(username, password)){
return createHandlerResult(transformedCredential, new SimplePrincipal(username), null);
}
throw new FailedLoginException();
}
}
package authentication; import java.security.GeneralSecurityException; import javax.annotation.Resource; import javax.security.auth.login.FailedLoginException; import org.jasig.cas.authentication.HandlerResult; import org.jasig.cas.authentication.PreventedException; import org.jasig.cas.authentication.UsernamePasswordCredential; import org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler; import org.jasig.cas.authentication.principal.SimplePrincipal; import org.springframework.stereotype.Component; /** * 自定义的用户登录认证类 */ @Component(value="primaryAuthenticationHandler") public class UserAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler { @Resource private UserDaoJdbc userDaoJdbc; @Override protected HandlerResult authenticateUsernamePasswordInternal(UsernamePasswordCredential transformedCredential) throws GeneralSecurityException, PreventedException { //UsernamePasswordCredential参数包含了前台页面输入的用户信息 String username = transformedCredential.getUsername(); String password = transformedCredential.getPassword(); //认证用户名和密码是否正确 if(userDaoJdbc.verifyAccount(username, password)){ return createHandlerResult(transformedCredential, new SimplePrincipal(username), null); } throw new FailedLoginException(); } }
2、密码校验类UserDaoJdbc.java,为了符合jeesite中的认证方式,将jeesite的解密方法拿过来
[html]
view plain
copy
print?
package authentication;
import javax.annotation.Resource;
import javax.sql.DataSource;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.stereotype.Repository;
@Repository
public class UserDaoJdbc {
private static final String SQL_VERIFY_ACCOUNT = "SELECT COUNT(*) FROM sys_user WHERE login_name=? AND del_flag=0";
private static final String SQL_VERIFY_PASSWORD = "SELECT password FROM sys_user WHERE login_name=? AND del_flag=0";
private JdbcTemplate jdbcTemplate;
public static final int HASH_INTERATIONS = 1024;
@Resource
public void setDataSource(DataSource dataSource){
this.jdbcTemplate = new JdbcTemplate(dataSource);
}
public boolean verifyAccount(String username, String plainPassword){
try{
//验证用户名和密码是否正确
if(1==this.jdbcTemplate.queryForObject(SQL_VERIFY_ACCOUNT, new Object[]{username}, Integer.class)){
String password =this.jdbcTemplate.queryForObject(SQL_VERIFY_PASSWORD, new Object[]{username},String.class);
String plain = Encodes.unescapeHtml(plainPassword);
byte[] salt = Encodes.decodeHex(password.substring(0,16));
byte[] hashPassword = Digests.sha1(plain.getBytes(), salt, HASH_INTERATIONS);
return password.equals(Encodes.encodeHex(salt)+Encodes.encodeHex(hashPassword));
}
return false;
}catch(EmptyResultDataAccessException e){
return false;
}
}
}
package authentication; import javax.annotation.Resource; import javax.sql.DataSource; import org.springframework.dao.EmptyResultDataAccessException; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.stereotype.Repository; @Repository public class UserDaoJdbc { private static final String SQL_VERIFY_ACCOUNT = "SELECT COUNT(*) FROM sys_user WHERE login_name=? AND del_flag=0"; private static final String SQL_VERIFY_PASSWORD = "SELECT password FROM sys_user WHERE login_name=? AND del_flag=0"; private JdbcTemplate jdbcTemplate; public static final int HASH_INTERATIONS = 1024; @Resource public void setDataSource(DataSource dataSource){ this.jdbcTemplate = new JdbcTemplate(dataSource); } public boolean verifyAccount(String username, String plainPassword){ try{ //验证用户名和密码是否正确 if(1==this.jdbcTemplate.queryForObject(SQL_VERIFY_ACCOUNT, new Object[]{username}, Integer.class)){ String password =this.jdbcTemplate.queryForObject(SQL_VERIFY_PASSWORD, new Object[]{username},String.class); String plain = Encodes.unescapeHtml(plainPassword); byte[] salt = Encodes.decodeHex(password.substring(0,16)); byte[] hashPassword = Digests.sha1(plain.getBytes(), salt, HASH_INTERATIONS); return password.equals(Encodes.encodeHex(salt)+Encodes.encodeHex(hashPassword)); } return false; }catch(EmptyResultDataAccessException e){ return false; } } }
3、链接数据库的配置文件spring-configuration\applicationContext-datasource.xml
[html]
view plain
copy
print?
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">
<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource" init-method="init" destroy-method="close">
<property name="url" value="jdbc:mysql://"/>
<property name="username" value=""/>
<property name="password" value=""/>
<!-- 配置初始化大小、最小、最大 -->
<property name="initialSize" value="1"/>
<property name="minIdle" value="1"/>
<property name="maxActive" value="20"/>
<!-- 配置获取连接等待超时的时间 -->
<property name="maxWait" value="60000"/>
<!-- 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒 -->
<property name="timeBetweenEvictionRunsMillis" value="60000"/>
<!-- 配置一个连接在池中最小生存的时间,单位是毫秒 -->
<property name="minEvictableIdleTimeMillis" value="300000"/>
<property name="validationQuery" value="SELECT 'x'"/>
<property name="testWhileIdle" value="true"/>
<property name="testOnBorrow" value="false"/>
<property name="testOnReturn" value="false"/>
<!-- 打开PSCache,并且指定每个连接上PSCache的大小 -->
<!-- PSCache(preparedStatement)对支持游标的数据库性能提升巨大,比如说Oracle/DB2/SQL Server,在mysql下建议关闭 -->
<property name="poolPreparedStatements" value="false"/>
<property name="maxPoolPreparedStatementPerConnectionSize" value="-1"/>
<!-- 配置监控统计拦截的filters -->
<property name="filters" value="wall,mergeStat"/>
</bean>
<bean id="txManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource"/>
</bean>
<tx:annotation-driven transaction-manager="txManager"/>
<context:component-scan base-package="authentication"/>
</beans>
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd"> <bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource" init-method="init" destroy-method="close"> <property name="url" value="jdbc:mysql://"/> <property name="username" value=""/> <property name="password" value=""/> <!-- 配置初始化大小、最小、最大 --> <property name="initialSize" value="1"/> <property name="minIdle" value="1"/> <property name="maxActive" value="20"/> <!-- 配置获取连接等待超时的时间 --> <property name="maxWait" value="60000"/> <!-- 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒 --> <property name="timeBetweenEvictionRunsMillis" value="60000"/> <!-- 配置一个连接在池中最小生存的时间,单位是毫秒 --> <property name="minEvictableIdleTimeMillis" value="300000"/> <property name="validationQuery" value="SELECT 'x'"/> <property name="testWhileIdle" value="true"/> <property name="testOnBorrow" value="false"/> <property name="testOnReturn" value="false"/> <!-- 打开PSCache,并且指定每个连接上PSCache的大小 --> <!-- PSCache(preparedStatement)对支持游标的数据库性能提升巨大,比如说Oracle/DB2/SQL Server,在mysql下建议关闭 --> <property name="poolPreparedStatements" value="false"/> <property name="maxPoolPreparedStatementPerConnectionSize" value="-1"/> <!-- 配置监控统计拦截的filters --> <property name="filters" value="wall,mergeStat"/> </bean> <bean id="txManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager"> <property name="dataSource" ref="dataSource"/> </bean> <tx:annotation-driven transaction-manager="txManager"/> <context:component-scan base-package="authentication"/> </beans>
4、修改cas的认证方法。新添信息,以前的可以注释掉
[html]
view plain
copy
print?
<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
<entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" />
<!-- 下面是采用cas-server-support-jdbc-4.0.3.jar实现数据库认证的Bean声明 -->
<!--
<entry key-ref="mssoUsersAuthenticationHandler" value-ref="primaryPrincipalResolver" />
-->
</map>
</constructor-arg>
<property name="authenticationPolicy">
<bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
</property>
</bean>
<!-- <bean id="primaryAuthenticationHandler"
class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
<property name="users">
<map>
<entry key="casuser" value="Mellon"/>
</map>
</property>
</bean> -->
<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"> <constructor-arg> <map> <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" /> <!-- 下面是采用cas-server-support-jdbc-4.0.3.jar实现数据库认证的Bean声明 --> <!-- <entry key-ref="mssoUsersAuthenticationHandler" value-ref="primaryPrincipalResolver" /> --> </map> </constructor-arg> <property name="authenticationPolicy"> <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" /> </property> </bean> <!-- <bean id="primaryAuthenticationHandler" class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler"> <property name="users"> <map> <entry key="casuser" value="Mellon"/> </map> </property> </bean> -->
至此完毕,重启系统,使用项目中的用户登录。
相关文章推荐
- cas 单点登录修改认证方式 jeesite
- CAS修改源码支持多种方式登录认证
- CAS修改源码支持多种方式登录认证
- oracle修改登录认证方式
- 修改cas-server(二),修改认证方式为jdbc。
- CAS 实现单点登录(SSO)数据库查询认证机制-xml方式(三)
- oracle修改登录认证方式
- 修改cas-server(三),自定义登录验证方式。
- 修改CAS框架源码实现多字段认证单点登录
- oracle修改登录认证方式
- 单点登录cas常见问题(十) - 怎么将认证方式改为JDBC方式?
- oracle修改登录认证方式
- CAS 实现单点登录(SSO)数据库查询认证机制-自定义编码方式(四)
- 修改CAS框架源码实现多字段认证单点登录
- SSH session key (证书认证方式SSH登录配置)
- 修改SQL2005的认证方式和表所有者
- SharePoint用Forms方式登录时美化和修改登陆页
- 基于公钥认证方式的 OpenSSH Server 自动登录完全手册
- MaNGOS-Zero源码学习之realmd认证登录服务器(二):socket的处理方式
- 修改Linux的登录方式