经过前面说明,已经完成了CAS服务器的搭建,代理客户端的搭建以及普通客户端,back-end-service客户端的搭建。如果不明白的,参照如下链接。
现在的CAS服务器认证功能弱到爆了,使用模式自带的认证Handler,用在模拟测试玩玩上课,用在系统中,压根还不行。这一节,咱们就增加这一方面的功能。
主要内容
1.用户名和密码从数据库中读取(用户量有保障)
2.密码保障
前言
咱们知道CAS默认提供的认证服务,只需要输入的用户名和密码相同,即可通过认证。咱们先要找到这一块的配置信息。
在deployerConfigContext.xml中找到代码片段如下
1
|
<
bean
class
=
"org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler"
/>
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
public
final
class
SimpleTestUsernamePasswordAuthenticationHandler
extends
AbstractUsernamePasswordAuthenticationHandler {
public
SimpleTestUsernamePasswordAuthenticationHandler() {
log
.warn(
this
.getClass().getName()
+
" is only to be used in a testing environment. NEVER enable this in a production environment."
);
}
public
boolean
authenticateUsernamePasswordInternal(
final
UsernamePasswordCredentials credentials) {
final
String username = credentials.getUsername();
final
String password = credentials.getPassword();
if
(StringUtils.hasText(username) && StringUtils.hasText(password)
&& username.equals(getPasswordEncoder().encode(password))) {
log
.debug(
"User ["
+ username
+
"] was successfully authenticated."
);
return
true
;
}
log.debug(
"User ["
+ username +
"] failed authentication"
);
return
false
;
}
}
|
通过分析代码,应该很容易看明白。如果大家对面向接口编程有一定了解的话,就应该知道咱们下一步是做什么了。重点分析SimpleTestUsernamePasswordAuthenticationHandler 的结构树。
这时候应该留意到了QueryDatabaseAuthenticationHandler这个类,没错。接下来的这一章的过程实质上就是一步步将SimpleTestUsernamePasswordAuthenticationHandler替换为QueryDatabaseAuthenticationHandler的过程。
-
添加依赖(cas jdbc支持包,及数据库驱动)
修改pom.xml,增加2个依赖。
org.jasig.cas cas-server-support-jdbc 3.5.3 mysql mysql-connector-java 5.1.38
如果要使用commons-dbcp的话,请自行添加以下依赖
-
commons-collections-3.2.jar
-
commons-dbcp-1.2.1.jar
-
commons-pool-1.3.jar
2.修改deployerConfigContext.xml文件
准备数据库环境
1
2
3
4
5
6
7
8
9
10
|
DROP
TABLE
IF EXISTS `t_users`;
CREATE
TABLE
`t_users` (
`user_name`
varchar
(32)
DEFAULT
NULL
,
`
password
`
varchar
(64)
DEFAULT
NULL
) ENGINE=InnoDB
DEFAULT
CHARSET=utf8;
-- ----------------------------
-- Records of t_users
-- ----------------------------
INSERT
INTO
`t_users`
VALUES
(
'jdbc_user'
,
'jdbc_password'
);
|
密码暂时是明文
2.1 注释掉SimpleTestUsernamePasswordAuthenticationHandler
1
|
<!--<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler"/>-->
|
2.2增加QueryDatabaseAuthenticationHandler相关配置
1
2
3
4
5
6
7
8
9
10
11
12
|
<
bean
id
=
"authenticationManager"
class
=
"org.jasig.cas.authentication.AuthenticationManagerImpl"
>
...
<
property
name
=
"authenticationHandlers"
>
<
list
>
<
bean
class
=
"org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
>
<
property
name
=
"dataSource"
ref
=
"dataSource"
/>
<
property
name
=
"sql"
value
=
"select password from t_users where lower(user_name) = lower(?)"
/>
</
bean
>
</
list
>
</
property
>
</
bean
>
|
其中,没有考虑加密处理,别急,一步步来。
到这一步就把JDBC集成到CAS服务了了。
2.3.验证,输入jdbc_user/jdbc_password,认证通过。
2.4增加密码认证功能,上面的结构树大家如果注意到了passwordEncoder属性,接下来就应该知道怎么了。没错为QueryDatabaseAuthenticationHandler的passwordEncoder属性赋值
2.5 完整配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
...
<
bean
id
=
"authenticationManager"
class
=
"org.jasig.cas.authentication.AuthenticationManagerImpl"
>
<
property
name
=
"credentialsToPrincipalResolvers"
>
<
list
>
<
bean
class
=
"org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
>
<
property
name
=
"attributeRepository"
ref
=
"attributeRepository"
/>
</
bean
>
<
bean
class
=
"org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
/>
</
list
>
</
property
>
<
property
name
=
"authenticationHandlers"
>
<
list
>
<
bean
class
=
"org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref
=
"httpClient"
p:requireSecure
=
"false"
/>
<!--
<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler"/>
-->
<
bean
class
=
"org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
>
<
property
name
=
"dataSource"
ref
=
"dataSource"
/>
<
property
name
=
"sql"
value
=
"select password from t_users where lower(user_name) = lower(?)"
/>
<
property
name
=
"passwordEncoder"
ref
=
"passwordEncoder"
/>
</
bean
>
</
list
>
</
property
>
</
bean
>
<
bean
id
=
"passwordEncoder"
class
=
"org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
p:characterEncoding
=
"UTF-8"
>
<
constructor-arg
index
=
"0"
value
=
"MD5"
/>
</
bean
>
<!-- Data source definition -->
<
bean
id
=
"dataSource"
class
=
"org.springframework.jdbc.datasource.DriverManagerDataSource"
>
<
property
name
=
"driverClassName"
>
<
value
>com.mysql.jdbc.Driver</
value
>
</
property
>
<
property
name
=
"url"
>
<
value
>jdbc:mysql://localhost:3306/exampledb</
value
>
</
property
>
<
property
name
=
"username"
>
<
value
>root</
value
>
</
property
>
<
property
name
=
"password"
>
<
value
>root</
value
>
</
property
>
</
bean
>
...
|
2.6 认证
这时候需要手动改一下数据库记录的密码了
apple 对应的MD5字符串是1f3870be274f6c49b3e31a0c6728957f。
也可以执行如下语句
1
|
INSERT
INTO
`t_users`
VALUES
(
'jdbc_user'
,
'1f3870be274f6c49b3e31a0c6728957f'
);
|
2.7 重启服务器,输入jdbc_user/apple ,认证通过。
最后,其他数据库的话,可以如下配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
<!-- Oracle connector -->
<
bean
id
=
"dataSource"
class
=
"org.apache.commons.dbcp.BasicDataSource"
>
<
property
name
=
"driverClassName"
>
<
value
>oracle.jdbc.driver.OracleDriver</
value
>
</
property
>
<
property
name
=
"url"
>
<
value
>jdbc:oracle:thin:@database-server-name:1521:SID</
value
>
</
property
>
<
property
name
=
"username"
>
<
value
>admusr</
value
>
</
property
>
<
property
name
=
"password"
>
<
value
>admpwd</
value
>
</
property
>
</
bean
>
<!-- MySQL connector -->
<
bean
id
=
"dataSource"
class
=
"org.apache.commons.dbcp.BasicDataSource"
>
<
property
name
=
"driverClassName"
>
<
value
>com.mysql.jdbc.Driver</
value
>
</
property
>
<
property
name
=
"url"
>
<
value
>jdbc:mysql://database-server-name:3306/db-name</
value
>
</
property
>
<
property
name
=
"username"
>
<
value
>admusr</
value
>
</
property
>
<
property
name
=
"password"
>
<
value
>admpwd</
value
>
</
property
>
</
bean
>
<!-- PostgreSQL connector -->
<
bean
id
=
"dataSource"
class
=
"org.apache.commons.dbcp.BasicDataSource"
>
<
property
name
=
"driverClassName"
>
<
value
>org.postgresql.Driver</
value
>
</
property
>
<
property
name
=
"url"
>
<
value
>jdbc:postgresql://database-server-name:5432/db-name</
value
>
</
property
>
<
property
name
=
"username"
>
<
value
>admusr</
value
>
</
property
>
<
property
name
=
"password"
>
<
value
>admpwd</
value
>
</
property
>
</
bean
>
|
参考链接
https://wiki.jasig.org/display/CASUM/Using+JDBC+for+Authentication
https://wiki.jasig.org/display/CASUM/JDBC
https://wiki.jasig.org/display/CAS/Examples+to+Configure+CAS
一步步走下来,一点也不难。祝好运。
本文出自 “简单” 博客,请务必保留此出处http://dba10g.blog.51cto.com/764602/1753680