本文借鉴单点登录CAS系列第04节
首先我们要将cas导入到myeclipse中,具体方法(自己创建项目,gradle转),我用的第一个方法,创建web项目后,将编译后的文件拷贝到项目中,目录一定要正确哦,
如图:
![](https://img.laitimes.com/img/_0nNw4CM6IyYiwiM6ICdiwiI9s2RkBnVHFmb1clWvB3MaVnRtp1XlBXe0xCMy81dvRWYoNHLwEzX5xCMx8FesU2cfdGLwMzX0xiRGZkRGZ0Xy9GbvNGLpZTY1EmMZVDUSFTU4VFRR9Fd4VGdsYTMfVmepNHLrJXYtJXZ0F2dvwVZnFWbp1zczV2YvJHctM3cv1Ce-cmbw5SO2YzN5kzY5gzNhNDOzITZyYzX4EDOxUTM4IzLcdDMyIDMy8CXn9Gbi9CXzV2Zh1WavwVbvNmLvR3YxUjLyM3Lc9CX6MHc0RHaiojIsJye.png)
1、
CSA
的默认登录用户密码配置在
deployerConfigContext.xml
,所以就到deployerConfigContext.xml里面找
可以找到
<bean id="primaryAuthenticationHandler" class="org.jasig...AcceptUsersAuthenticationHandler">
我们在AcceptUsersAuthenticationHandler.java中发现CAS是把配置的用户密码读取到全局
Map<String, String>
中的
2、而AcceptUsersAuthenticationHandler.java是通过继承AbstractUsernamePasswordAuthenticationHandler.java才实现的认证
所以创建com.jadyer.sso.authentication.UserAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler
再重写authenticateUsernamePasswordInternal()方法,在里面获取到前台页面输入的用户密码,再到数据库中校验就行了。
3、接下来创建
\WEB-INF\spring-configuration\applicationContext-datasource.xml
它会在启动时被自动加载(web.xml中设定的)
然后在里面配置数据库连接池,连接池的用户名密码等可以配置在
\WEB-INF\cas.properties
同时增加
<context:component-scan base-package="com.jadyer.sso"/>
,使得可以在自定义类中应用Spring注解
4、新建一个UserDaoJdbc.java类,通过它利用SpringJDBCTemplate访问数据库
因为要连接数据库,所以还要把druid jar包以及mysql-connector-java jar包加入到lib目录中
5、最后记得
deployerConfigContext.xml
里面把这段Bean配置给注释掉
<bean id="primaryAuthenticationHandler">
并在自定义的
UserAuthenticationHandler.java
中使用
@Component(value="primaryAuthenticationHandler")
声明其为Bean
注意其名字应该是primaryAuthenticationHandler,因为deployerConfigContext.xml的其它配置引用了primaryAuthenticationHandler
否则你还要找到引用了primaryAuthenticationHandler的位置修改为新的Bean
下面我们来具体的执行:
1、认证类UserAuthenticationHandler.java
[html] view plain copy
- package authentication;
- import java.security.GeneralSecurityException;
- import javax.annotation.Resource;
- import javax.security.auth.login.FailedLoginException;
- import org.jasig.cas.authentication.HandlerResult;
- import org.jasig.cas.authentication.PreventedException;
- import org.jasig.cas.authentication.UsernamePasswordCredential;
- import org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
- import org.jasig.cas.authentication.principal.SimplePrincipal;
- import org.springframework.stereotype.Component;
- /**
- * 自定义的用户登录认证类
- */
- @Component(value="primaryAuthenticationHandler")
- public class UserAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {
- @Resource
- private UserDaoJdbc userDaoJdbc;
- @Override
- protected HandlerResult authenticateUsernamePasswordInternal(UsernamePasswordCredential transformedCredential) throws GeneralSecurityException, PreventedException {
- //UsernamePasswordCredential参数包含了前台页面输入的用户信息
- username = transformedCredential.getUsername();
- password = transformedCredential.getPassword();
- //认证用户名和密码是否正确
- if(userDaoJdbc.verifyAccount(username, password)){
- return createHandlerResult(transformedCredential, new SimplePrincipal(username), null);
- }
- throw new FailedLoginException();
- }
- }
2、密码校验类UserDaoJdbc.java,为了符合jeesite中的认证方式,将jeesite的解密方法拿过来
[html] view plain copy
- package authentication;
- import javax.annotation.Resource;
- import javax.sql.DataSource;
- import org.springframework.dao.EmptyResultDataAccessException;
- import org.springframework.jdbc.core.JdbcTemplate;
- import org.springframework.stereotype.Repository;
- @Repository
- public class UserDaoJdbc {
- SQL_VERIFY_ACCOUNT = "SELECT COUNT(*) FROM sys_user WHERE login_name=? AND del_flag=0";
- SQL_VERIFY_PASSWORD = "SELECT password FROM sys_user WHERE login_name=? AND del_flag=0";
- private JdbcTemplate jdbcTemplate;
- HASH_INTERATIONS = 1024;
- @Resource
- public void setDataSource(DataSource dataSource){
- this.jdbcTemplate = new JdbcTemplate(dataSource);
- }
- public boolean verifyAccount(String username, String plainPassword){
- try{
- //验证用户名和密码是否正确
- 1==this.jdbcTemplate.queryForObject(SQL_VERIFY_ACCOUNT, new Object[]{username}, Integer.class)){
- password =this.jdbcTemplate.queryForObject(SQL_VERIFY_PASSWORD, new Object[]{username},String.class);
- plain = Encodes.unescapeHtml(plainPassword);
- salt = Encodes.decodeHex(password.substring(0,16));
- hashPassword = Digests.sha1(plain.getBytes(), salt, HASH_INTERATIONS);
- return password.equals(Encodes.encodeHex(salt)+Encodes.encodeHex(hashPassword));
- }
- return false;
- }catch(EmptyResultDataAccessException e){
- return false;
- }
- }
- }
3、链接数据库的配置文件spring-configuration\applicationContext-datasource.xml
[html] view plain copy
- <?xml version="1.0" encoding="UTF-8"?>
- <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">
- <bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource" init-method="init" destroy-method="close">
- <property name="url" value="jdbc:mysql://"/>
- <property name="username" value=""/>
- <property name="password" value=""/>
- <!-- 配置初始化大小、最小、最大 -->
- <property name="initialSize" value="1"/>
- <property name="minIdle" value="1"/>
- <property name="maxActive" value="20"/>
- <!-- 配置获取连接等待超时的时间 -->
- <property name="maxWait" value="60000"/>
- <!-- 配置间隔多久才进行一次检测,检测需要关闭的空闲连接,单位是毫秒 -->
- <property name="timeBetweenEvictionRunsMillis" value="60000"/>
- <!-- 配置一个连接在池中最小生存的时间,单位是毫秒 -->
- <property name="minEvictableIdleTimeMillis" value="300000"/>
- <property name="validationQuery" value="SELECT 'x'"/>
- <property name="testWhileIdle" value="true"/>
- <property name="testOnBorrow" value="false"/>
- <property name="testOnReturn" value="false"/>
- <!-- 打开PSCache,并且指定每个连接上PSCache的大小 -->
- <!-- PSCache(preparedStatement)对支持游标的数据库性能提升巨大,比如说Oracle/DB2/SQL Server,在mysql下建议关闭 -->
- <property name="poolPreparedStatements" value="false"/>
- <property name="maxPoolPreparedStatementPerConnectionSize" value="-1"/>
- <!-- 配置监控统计拦截的filters -->
- <property name="filters" value="wall,mergeStat"/>
- </bean>
- <bean id="txManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
- <property name="dataSource" ref="dataSource"/>
- </bean>
- <tx:annotation-driven transaction-manager="txManager"/>
- <context:component-scan base-package="authentication"/>
- </beans>
4、修改cas的认证方法。新添信息,以前的可以注释掉
[html] view plain copy
- <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
- <constructor-arg>
- <map>
- <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
- <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" />
- <!-- 下面是采用cas-server-support-jdbc-4.0.3.jar实现数据库认证的Bean声明 -->
- <!--
- <entry key-ref="mssoUsersAuthenticationHandler" value-ref="primaryPrincipalResolver" />
- -->
- </map>
- </constructor-arg>
- <property name="authenticationPolicy">
- <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
- </property>
- </bean>
- <bean id="primaryAuthenticationHandler"
- class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
- <property name="users">
- <map>
- <entry key="casuser" value="Mellon"/>
- </map>
- </property>
- </bean> -->