cas 单点登录使用spring集成的ShaPasswordEncoder实现

1. 在本地生成证书

   keytool -genkey -alias ssodemo -keyalg RSA -keysize 1024 -keypass password -validity 365 -keystore c:\password.keystore -storepass password

2. 导出证书

   keytool -export -alias ssodemo -keystore c:\password.keystore -file c:\password.crt -storepass password

3. 客户端导出证书

   keytool -import -keystore %JAVA_HOME%\jre\lib\security\cacerts -file c:\ password.crt -alias ssodemo 说明：这里如果导入不成功javahome换成决定目录试试，密码不是上面设置的密码changeit

4. 服务器端的设置
   在E:\apache-tomcat-7.0.57\conf\server.xml目录找到类似的并替换掉


<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="C:/password.keystore" keystorePass="password"
clientAuth="false" sslProtocol="TLS" />


>
5. 验证cas服务器是否正确启动

https://localhost:8443/

>
6. 添加的jar包
c3p0-0.9.1.2.jar、cas-server-support-jdbc-4.0.0.jar、mysql-connector-java-5.1.13-bin.jar拷贝到 E:\apache-tomcat-7.0.57\webapps\cas\WEB-INF\lib目录下。

>
7. 修改配置，修改E:\apache-tomcat-7.0.57\webapps\cas\WEB-INF\ deployerConfigContext.xml
首先添加数据源

<!-- 指定c3p0数据源 --><bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource">    <property name="driverClass" value="com.mysql.jdbc.Driver" />    <property ame="jdbcUrl" value="jdbc:mysql://127.0.0.1:3306/myProject?useUnicode=true&amp;characterEncoding=UTF-8" />    <property name="user" value="root" />    <property name="password" value="root</bean>然后使用数据源，找到authenticationHandlers替换第二个bean        <property name="authenticationHandlers">            <list>                <bean                    class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"                    p:httpClient-ref="httpClient" />                <bean                    class="org.jasig.cas.authentication.handler.support.JdbcUsernamePasswordAuthHandlerImpl">                    <property name="dataSource" ref="dataSource" />                </bean>            </list>        </property>

>
8. 由于数据库使用的ShaPasswordEncoder加密方式所以重新写密码验证方式

package org.jasig.cas.authentication.handler.support;import java.util.Map;import org.jasig.cas.adaptors.jdbc.AbstractJdbcUsernamePasswordAuthenticationHandler;import org.jasig.cas.authentication.handler.AuthenticationException;import org.jasig.cas.authentication.handler.UnknownUsernameAuthenticationException;import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;import org.springframework.dao.IncorrectResultSizeDataAccessException;import org.springframework.jdbc.core.JdbcTemplate;import org.springframework.security.authentication.encoding.PasswordEncoder;import org.springframework.security.authentication.encoding.ShaPasswordEncoder;import org.springframework.stereotype.Component;@Component("jdbcUsernamePasswordAuthHandlerImpl")public class JdbcUsernamePasswordAuthHandlerImpl extends AbstractJdbcUsernamePasswordAuthenticationHandler {        /**在spring中集成的有三个实现类，我们使用ShaPasswordEncoder实现的类进行初始化        *这里其实可以使用注入的方式实现，但是我没有实现，只能使用这种低级的方法去初始化了        */    private PasswordEncoder passwordEncoder = new ShaPasswordEncoder();    private static final String QUERY_USER_SQL = "select SALT_,PASSWORD_ from t_user where USERNAME_ = ?";    protected boolean authenticateUsernamePasswordInternal(final UsernamePasswordCredentials credentials) throws AuthenticationException {        final String username = credentials.getUsername();        final String password = credentials.getPassword();        JdbcTemplate template = new JdbcTemplate(getDataSource());        try {            Map mp = template.queryForMap(QUERY_USER_SQL, new String[] { username });            String salt = (String) mp.get("SALT_");            String userPassword = (String) mp.get("PASSWORD_");            System.out.println(salt + "salt");            System.out.println(userPassword + "userPassword");            String cPassword = passwordEncoder.encodePassword(password, salt);            System.out.println(cPassword + "cPassword");            //比较密码是否相同，相同就返回true，不相同就返回false            if (cPassword.equals(userPassword)) {                return true;            } else {                return false;            }        } catch (final IncorrectResultSizeDataAccessException e) {            // this means the username was not found.            throw new UnknownUsernameAuthenticationException();        }    }}

登陆测试看是否可用！前提是数据库有密码！

>
11. 测试登陆

自行测试

博主的测试是可以通过的，如果没有测试通过，请在private PasswordEncoder passwordEncoder = new ShaPasswordEncoder();这个地方打个断点试试，看看能否得到passwordEncoder