CAS单点登录__me(SQL)
来源:互联网 发布:白虹软件倒闭 编辑:程序博客网 时间:2024/05/01 19:40
由于在内网使用所以去掉了SSL,直接通过数据库验证实现了单点登录。
参考:
http://wenku.baidu.com/link?url=SXz2R0lc7byvd5Ncdg3bqwrW11YU62a5z1pe7TAHTMykH6BCvMyIbvtgKgE3C5iXhdAAvJsEePFh2CO7VJN2zMfPXYGNoY2sFEPBVIWWNsS
casServer:
1.deployerConfigContext.xml修改如下:
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:sec="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <!-- datasource --> <bean id="dataSource" class="com.jolbox.bonecp.BoneCPDataSource" destroy-method="close"> <property name="driverClass" value="com.mysql.jdbc.Driver" /> <property name="jdbcUrl" value="jdbc:mysql://127.0.0.1:3306/platadmin" /> <property name="username" value="game" /> <property name="password" value="game" /> </bean> <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <property name="credentialsToPrincipalResolvers"> <list> <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> </list> </property> <property name="authenticationHandlers"> <list> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" p:requireSecure="false" /> <bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"> <property name="sql" value="select password from wanba_platadmin_info where userName = ?" /> <property name="passwordEncoder" ref="passwordEncoder" /> <property name="dataSource" ref="dataSource" /> </bean> </list> </property> </bean><bean id="passwordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" autowire="byName"> <constructor-arg value="MD5"/> </bean> <sec:user-service id="userDetailsService"> <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" /> </sec:user-service> <!-- Bean that defines the attributes that a service may return. This example uses the Stub/Mock version. A real implementation may go against a database or LDAP server. The id should remain "attributeRepository" though. --> <bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"> <property name="backingMap"> <map> <entry key="uid" value="uid" /> <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> <entry key="groupMembership" value="groupMembership" /> </map> </property> </bean> <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> <property name="registeredServices"> <list> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="0" /> <property name="name" value="HTTP" /> <property name="description" value="Only Allows HTTP Urls" /> <property name="serviceId" value="http://**" /> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="1" /> <property name="name" value="HTTPS" /> <property name="description" value="Only Allows HTTPS Urls" /> <property name="serviceId" value="https://**" /> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="2" /> <property name="name" value="IMAPS" /> <property name="description" value="Only Allows HTTPS Urls" /> <property name="serviceId" value="imaps://**" /> </bean> <bean class="org.jasig.cas.services.RegisteredServiceImpl"> <property name="id" value="3" /> <property name="name" value="IMAP" /> <property name="description" value="Only Allows IMAP Urls" /> <property name="serviceId" value="imap://**" /> </bean> </list> </property> </bean></beans>
2.新建org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler类覆盖原有的。
方便调试。
package org.jasig.cas.adaptors.jdbc;import org.jasig.cas.authentication.handler.AuthenticationException;import org.jasig.cas.authentication.handler.DefaultPasswordEncoder;import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;import org.springframework.dao.IncorrectResultSizeDataAccessException;public class QueryDatabaseAuthenticationHandler extends AbstractJdbcUsernamePasswordAuthenticationHandler{ public QueryDatabaseAuthenticationHandler() { } public static void main(String[] args) { DefaultPasswordEncoder dd=new DefaultPasswordEncoder(""); System.out.println(dd.equals("123456")); } protected final boolean authenticateUsernamePasswordInternal(UsernamePasswordCredentials credentials) throws AuthenticationException { System.out.println("ssssssssssss"); String username = getPrincipalNameTransformer().transform(credentials.getUsername()); System.out.println("username : "+username); String password = credentials.getPassword(); System.out.println("password : "+password); String encryptedPassword = getPasswordEncoder().encode(password); System.out.println("encryptedPassword : "+encryptedPassword); try { String dbPassword = (String)getJdbcTemplate().queryForObject(sql, String.class, new Object[] {username}); System.out.println("dbPassword : "+dbPassword); System.out.println("true"); return dbPassword.equals(encryptedPassword); } catch (IncorrectResultSizeDataAccessException _ex) { System.out.println("error"); return false; } } public void setSql(String sql) { this.sql = sql; } private String sql;}
3.修改/Jasig CAS Web Application/src/main/webapp/WEB-INF/view/jsp/default/ui/casLoginView.jsp
实现登录后自定义界面。
casClient
1.引入
<dependency> <groupId>org.jasig.cas.client</groupId> <artifactId>cas-client-core</artifactId> <version>3.1.12</version> </dependency>
2.在web.xml添加
<!-- CAS 单点登录(SSO) 过滤器配置 (start) --> <!-- 该过滤器用于实现单点登出功能。 --> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- CAS: 用于单点退出 --> <listener> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> </listener> <!-- 该过滤器负责用户的认证工作,必须启用它 --> <filter> <filter-name>CASFilter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <!-- 下面的URL是Cas服务器的登录地址 --> <param-value>http://127.0.0.1:9114/cas/login</param-value><!-- <param-value>http://CAS服务端所在服务器IP:8080/cas/login</param-value> --> </init-param> <init-param> <param-name>serverName</param-name> <!-- 下面的URL是具体某一个应用的访问地址 --> <param-value>http://127.0.0.1:8081</param-value><!-- <param-value>http://具体web应用程序所在服务器IP:8080</param-value> --> </init-param> </filter> <filter-mapping> <filter-name>CASFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 该过滤器负责对Ticket的校验工作,必须启用它 --> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <!-- 下面的URL是Cas服务器的认证地址 --> <param-value>http://127.0.0.1:9114/cas</param-value><!-- <param-value>http://CAS服务端所在服务器IP:8080/cas</param-value> --> </init-param> <init-param> <param-name>serverName</param-name> <!-- 下面的URL是具体某一个应用的访问地址 --> <param-value>http://127.0.0.1:8081</param-value><!-- <param-value>http://具体web应用程序所在服务器IP:8080</param-value> --> </init-param> <init-param> <param-name>renew</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>gateway</param-name> <param-value>false</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 该过滤器负责实现HttpServletRequest请求的包裹, 比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。 --> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。 比如AssertionHolder.getAssertion().getPrincipal().getName()。 --> <filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 自动根据单点登录的结果设置本系统的用户信息(具体某一个应用实现) --> <filter> <filter-name>CasForInvokeContextFilter</filter-name> <filter-class>com.cm.demo.filter.CasForInvokeContextFilter</filter-class> <init-param> <param-name>appId</param-name> <param-value>a5ea611bbff7474a81753697a1714fb0</param-value> </init-param> </filter> <filter-mapping> <filter-name>CasForInvokeContextFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- CAS 单点登录(SSO) 过滤器配置 (end) -->
(注意,编码过略器放在这些之前)
3.编写过滤器
package com.cm.demo.filter;import java.io.IOException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletContext;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;import org.springframework.web.context.WebApplicationContext;import org.springframework.web.context.support.WebApplicationContextUtils;import com.baidu.newplat.admin.user.service.NewAdminInfoService;import com.baidu.wanba.core.AdminCookie;public class CasForInvokeContextFilter implements Filter{ @Override public void destroy() { } @Override public void doFilter(ServletRequest request1, ServletResponse response1, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest)request1; HttpServletResponse response = (HttpServletResponse)response1; HttpSession session = ((HttpServletRequest)request).getSession(); ServletContext servletContext = session.getServletContext(); WebApplicationContext wc = WebApplicationContextUtils.getWebApplicationContext(servletContext); NewAdminInfoService adminInfoService = (NewAdminInfoService)wc.getBean("newAdminInfoService"); AdminCookie adminCookie = new AdminCookie(request, response); adminCookie = adminCookie.getCookieAdmin(); // System.out.println("----------------------50-----------------------"); System.out.println("adminCookie.getLoginName() : "+adminCookie.getLoginName()); // 如果session中没有用户信息,则填充用户信息 if (session.getAttribute("j_userId") == null || adminCookie.getLoginName() == null) { /** * 业务逻辑 */ } chain.doFilter(request, response); } @Override public void init(FilterConfig config) throws ServletException { }}
0 0
- CAS单点登录__me(SQL)
- cas实现单点登录
- CAS 单点登录原理
- cas 实现单点登录
- CAS 实现单点登录
- CAS单点登录
- CAS单点登录原理图
- CAS单点登录配置
- cas单点登录系统
- 单点登录 CAS分析
- cas实现单点登录
- cas 单点登录
- CAS单点登录
- cas单点登录
- CAS单点登录(SSO)
- CAS单点登录
- CAS单点登录
- cas单点登录系统
- NSDate,NSCalendar,制作日历简单实用的方法
- JSON和XML优缺点的比较
- org.hibernate.exception.ConstraintViolationException: Could not execute JDBC batch update
- apache域名重定向rewrite
- nginx配置cgi
- CAS单点登录__me(SQL)
- 常用的webservice接口
- JQuery+ajax实现类似百度搜索自动匹配功能
- ubuntu 操作补充 查找文件 和 awk
- Lenovo G470 Yosemite 10.10.5 双系统 原版镜像安装
- Android沉浸式状态栏、导航栏
- 【Tech-Lua】Cocos-2dx-Lua调用java的小白教程(二)
- HashSet中hashCode()的作用和覆写的理由
- requirejs加载文件带上md5版本号的解决方案