實現方式有兩種
一是自己寫數據庫獲取用戶名密碼再認證的類
一是借助CAS自帶的JDBC支持來實現認證
1、CSA的默認登錄用戶密碼配置在deployerConfigContext.xml,所以就到deployerConfigContext.xml里面找
可以找到<bean id="PRimaryAuthenticationHandler" class="org.jasig...AcceptUsersAuthenticationHandler">
我們在AcceptUsersAuthenticationHandler.java中發現CAS是把配置的用戶密碼讀取到全局Map<String, String>中的
2、而AcceptUsersAuthenticationHandler.java是通過繼承AbstractUsernamePassWordAuthenticationHandler.java才實現的認證
所以創建com.jadyer.sso.authentication.UserAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler
再重寫authenticateUsernamePasswordInternal()方法,在里面獲取到前臺頁面輸入的用戶密碼,再到數據庫中校驗就行了
3、接下來創建/WEB-INF/spring-configuration/applicationContext-datasource.xml
它會在啟動時被自動加載(web.xml中設定的)
然后在里面配置數據庫連接池,連接池的用戶名密碼等可以配置在/WEB-INF/cas.properties
同時增加<context:component-scan base-package="com.jadyer.sso"/>,使得可以在自定義類中應用Spring注解
4、新建一個UserDaoJdbc.java類,通過它利用SpringJDBCTemplate訪問數據庫
因為要連接數據庫,所以還要把druid-1.0.14.jar以及MySQL-connector-java-5.1.35.jar加入到lib目錄中
5、最后記得deployerConfigContext.xml里面把這段Bean配置給注釋掉<bean id="primaryAuthenticationHandler">
并在自定義的UserAuthenticationHandler.java中使用@Component(value="primaryAuthenticationHandler")聲明其為Bean
注意其名字應該是primaryAuthenticationHandler,因為deployerConfigContext.xml的其它配置引用了primaryAuthenticationHandler
否則你還要找到引用了primaryAuthenticationHandler的位置修改為新的Bean
1、這一種方式就簡單一些了,先引入c3p0-0.9.1.2.jar以及cas-server-support-jdbc-4.0.3.jar
2、修改deployerConfigContext.xml,注釋掉
并增加(下方會貼出具體代碼)
同樣這里也是從cas.properties讀取的數據庫連接用戶密碼
3、由于在認證過程中是通過引用了來實現的
所以修改這里的primaryAuthenticationHandler為我們新建的mssoUsersAuthenticationHandler
4、通過查看org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler源碼會發現
這與上面自己寫認證類的方式,原理一樣,都是直接或間接的擴展AbstractUsernamePasswordAuthenticationHandler
本文源碼下載:(下面兩個地址的文件的內容,都是一樣的)
http://oirr30q6q.bkt.clouddn.com/jadyer/code/sso-cas-login-db.rar
http://download.csdn.net/detail/jadyer/8911139
下面是新創建的/WEB-INF/spring-configuration/applicationContext-datasource.xml
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd"> <bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource" init-method="init" destroy-method="close"> <property name="url" value="${jdbc.url}"/> <property name="username" value="${jdbc.username}"/> <property name="password" value="${jdbc.password}"/> <!-- 配置初始化大小、最小、最大 --> <property name="initialSize" value="1"/> <property name="minIdle" value="1"/> <property name="maxActive" value="20"/> <!-- 配置獲取連接等待超時的時間 --> <property name="maxWait" value="60000"/> <!-- 配置間隔多久才進行一次檢測,檢測需要關閉的空閑連接,單位是毫秒 --> <property name="timeBetweenEvictionRunsMillis" value="60000"/> <!-- 配置一個連接在池中最小生存的時間,單位是毫秒 --> <property name="minEvictableIdleTimeMillis" value="300000"/> <property name="validationQuery" value="SELECT 'x'"/> <property name="testWhileIdle" value="true"/> <property name="testOnBorrow" value="false"/> <property name="testOnReturn" value="false"/> <!-- 打開PSCache,并且指定每個連接上PSCache的大小 --> <!-- PSCache(preparedStatement)對支持游標的數據庫性能提升巨大,比如說Oracle/DB2/SQL Server,在mysql下建議關閉 --> <property name="poolPreparedStatements" value="false"/> <property name="maxPoolPreparedStatementPerConnectionSize" value="-1"/> <!-- 配置監控統計攔截的filters --> <property name="filters" value="wall,mergeStat"/> </bean> <bean id="txManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager"> <property name="dataSource" ref="dataSource"/> </bean> <tx:annotation-driven transaction-manager="txManager"/> <context:component-scan base-package="com.jadyer.sso"/></beans>下面是cas.properties中新添加的數據庫元信息的配置
#<<數據庫元信息>>jdbc.url=jdbc:mysql://192.168.2.41:3306/turtle?useUnicode=true&characterEncoding=UTF8&zeroDateTimeBehavior=convertToNull&autoReconnect=true&failOverReadOnly=falsejdbc.username=turtlejdbc.password=turtle下面是自定義的UserDaoJdbc.java
package com.jadyer.sso.authentication;import javax.annotation.Resource;import javax.sql.DataSource;import org.springframework.dao.EmptyResultDataaccessException;import org.springframework.jdbc.core.JdbcTemplate;import org.springframework.stereotype.Repository;@Repositorypublic class UserDaoJdbc { private static final String SQL_VERIFY_ACCOUNT = "SELECT COUNT(*) FROM permission_Operator WHERE operator_login=? AND operator_pwd=SHA1(?)"; private JdbcTemplate jdbcTemplate; @Resource public void setDataSource(DataSource dataSource){ this.jdbcTemplate = new JdbcTemplate(dataSource); } public boolean verifyAccount(String username, String password){ try{ //驗證用戶名和密碼是否正確 return 1==this.jdbcTemplate.queryForObject(SQL_VERIFY_ACCOUNT, new Object[]{username, password}, Integer.class); }catch(EmptyResultDataAccessException e){ return false; } }}下面是自定義的用戶登錄認證類UserAuthenticationHandler.java
package com.jadyer.sso.authentication;import java.security.GeneralSecurityException;import javax.annotation.Resource;import javax.security.auth.login.FailedLoginException;import org.jasig.cas.authentication.HandlerResult;import org.jasig.cas.authentication.PreventedException;import org.jasig.cas.authentication.UsernamePasswordCredential;import org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;import org.jasig.cas.authentication.principal.SimplePrincipal;import org.springframework.stereotype.Component;/** * 自定義的用戶登錄認證類 */@Component(value="primaryAuthenticationHandler")public class UserAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler { @Resource private UserDaoJdbc userDaoJdbc; @Override protected HandlerResult authenticateUsernamePasswordInternal(UsernamePasswordCredential transformedCredential) throws GeneralSecurityException, PreventedException { //UsernamePasswordCredential參數包含了前臺頁面輸入的用戶信息 String username = transformedCredential.getUsername(); String password = transformedCredential.getPassword(); //認證用戶名和密碼是否正確 if(userDaoJdbc.verifyAccount(username, password)){ return createHandlerResult(transformedCredential, new SimplePrincipal(username), null); } throw new FailedLoginException(); }}最后是deployerConfigContext.xml中的改動部分
<!-- 下面是采用cas-server-support-jdbc-4.0.3.jar實現數據庫認證的Bean配置 --><!--配置數據源、聲明密碼加密方式、指定用戶名密碼的認證器<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" p:driverClass="com.mysql.jdbc.Driver" p:jdbcUrl="${jdbc.url}" p:user="${jdbc.username}" p:password="${jdbc.password}"/><bean id="passwordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" c:encodingAlgorithm="SHA1" p:characterEncoding="UTF-8"/><bean id="mssoUsersAuthenticationHandler" class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler" p:dataSource-ref="dataSource" p:passwordEncoder-ref="passwordEncoder" p:sql="SELECT operator_pwd FROM permission_operator WHERE operator_login=?"/> --><bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager"> <constructor-arg> <map> <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" /> <!-- 下面是采用cas-server-support-jdbc-4.0.3.jar實現數據庫認證的Bean聲明 --> <!-- <entry key-ref="mssoUsersAuthenticationHandler" value-ref="primaryPrincipalResolver" /> --> </map> </constructor-arg> <property name="authenticationPolicy"> <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" /> </property></bean><!-- 取消默認的用戶名和密碼,改為我們自己從數據庫查詢的用戶名和密碼 --><!--<bean id="primaryAuthenticationHandler" class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler"> <property name="users"> <map> <entry key="xuanyu" value="xuanyu"/> </map> </property></bean> -->
新聞熱點
疑難解答
