应需求的变化,在登录cas的时候,默认根据用户名和密码进行验证,如果加上用户名,密码和一个系统标识进行验证呢?该如何做呢?
我们知道cas默认的登录界面中,输入的用户名和密码,再配置一下deployerConfigContext.xml 这个文件中的bean org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler 的这个标签,写上对应的sql,以及在<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">中配置数据库驱动,数据库名称,以及登陆密码等。
如果再加上一个其他的验证该怎么做呢?
1 根据xml中bean标签的提示,很容器找到这个类QueryDatabaseAuthenticationHandler.java类,首先先修改login-webflow.xml,修改代码如下所示:
<binder>
<binding property="username" />
<binding property="password" />
<binding property="systemId" />
</binder>
其中<bingding property="systemId" />与界面中传递过来的隐含域一致。
2 casLoginView.jsp中增加的js代码如下所示,从登陆地址的url传递参数。
<script language="javascript" type="text/javascript">
window.onload=function()//用window的onload事件,窗体加载完毕的时候
{
//do something
var result = location.search.match(new RegExp("[\?\&]" + 'systemId'+ "=([^\&]+)","i"));
if(result == null || result.length < 1){
result ="";
}
$("#systemId")[0].value=result[1];
}
</script>
参登陆页面地址为https://www.cdvcloud.com:8443/cas/login?systemId=vms2.0 ,在第一次登陆界面的时候会携带这两个参数https://www.cdvcloud.com:8443/cas/login?service=http%3A%2F%2F172.16.3.101%3A8080%2Fvms2.0%2Fuser%2FtoMain%2F 其中的一个为我们的自定义的系统标识,第二个为cas验证数据库成功后转到的主界面。
3 在登录界面中加上了hidden,以此来传递给CAS。
<input type="hidden" name="systemId" id="systemId">
4 修改CAS源代码,UsernamePasswordCredentials.java,代码如下所示。
/*
* Copyright 2007 The JA-SIG Collaborative. All rights reserved. See license
* distributed with this file and available online at
* http://www.ja-sig.org/products/cas/overview/license/
*/
package org.jasig.cas.authentication.principal;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Size;
/**
* UsernamePasswordCredentials respresents the username and password that a user
* may provide in order to prove the authenticity of who they say they are.
*
* @author Scott Battaglia
* @version $Revision: 1.2 $ $Date: 2007/01/22 20:35:26 $
* @since 3.0
* <p>
* This is a published and supported CAS Server 3 API.
* </p>
*/
public class UsernamePasswordCredentials implements Credentials {
/** Unique ID for serialization. */
private static final long serialVersionUID = -8343864967200862794L;
/** The username. */
@NotNull
@Size(min=1,message = "required.username")
private String username;
/** The password. */
@NotNull
@Size(min=1, message = "required.password")
private String password;
/** The systemId for vms2.0 for sql validate xinghaifang add 2014??7??21??16:12:51. */
@NotNull
@Size(min=1, message = "required.systemId")
private String systemId;
/*systemId begin*/
/**
* @return Returns the systemId.
*/
public String getSystemId() {
return systemId;
}
public void setSystemId(String systemId) {
this.systemId = systemId;
}
public String toStringSystemId() {
return "[systemId: " + this.systemId + "]";
}
/*end */
/**
* @return Returns the password.
*/
public final String getPassword() {
return this.password;
}
/**
* @param password The password to set.
*/
public final void setPassword(final String password) {
this.password = password;
}
/**
* @return Returns the userName.
*/
public final String getUsername() {
return this.username;
}
/**
* @param userName The userName to set.
*/
public final void setUsername(final String userName) {
this.username = userName;
}
public String toString() {
return "[username: " + this.username + "]";
}
@Override
public boolean equals(final Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
UsernamePasswordCredentials that = (UsernamePasswordCredentials) o;
if (password != null ? !password.equals(that.password) : that.password != null) return false;
if (username != null ? !username.equals(that.username) : that.username != null) return false;
return true;
}
@Override
public int hashCode() {
int result = username != null ? username.hashCode() : 0;
result = 31 * result + (password != null ? password.hashCode() : 0);
return result;
}
}
除了cas自己的用户名和密码,添加自己的systemId标识。
5 修改QueryDatabaseAuthenticationHandler.java类 , 代码如下所示。
/*
* Copyright 2007 The JA-SIG Collaborative. All rights reserved. See license
* distributed with this file and available online at
* http://www.ja-sig.org/products/cas/overview/license/
*/
package org.jasig.cas.adaptors.jdbc;
import org.jasig.cas.authentication.handler.AuthenticationException;
import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;
import org.springframework.dao.IncorrectResultSizeDataAccessException;
import javax.validation.constraints.NotNull;
/**
* Class that if provided a query that returns a password (parameter of query
* must be username) will compare that password to a translated version of the
* password provided by the user. If they match, then authentication succeeds.
* Default password translator is plaintext translator.
*
* @author Scott Battaglia
* @author Dmitriy Kopylenko
* @version $Revision$ $Date$
* @since 3.0
*/
public final class QueryDatabaseAuthenticationHandler extends
AbstractJdbcUsernamePasswordAuthenticationHandler {
@NotNull
private String sql;
protected final boolean authenticateUsernamePasswordInternal(final UsernamePasswordCredentials credentials) throws AuthenticationException {
final String username = getPrincipalNameTransformer().transform(credentials.getUsername());
final String password = credentials.getPassword();
//xx add 2014 7 21 16:27:58 for vms2.0 systemid begin----------
//final String systemId = credentials.getSystemId();
String mySystemId = credentials.getSystemId();
String[] systemIdGroup=mySystemId.split(",");
String systemId= systemIdGroup[0];
System.out.println("systemId---------"+systemId+"----------------systemid value");
//xxadd 2014 7 21 16:27:58 for vms2.0 systemid end----------
final String encryptedPassword = this.getPasswordEncoder().encode(
password);
try {
final String dbPassword = getJdbcTemplate().queryForObject(
this.sql, String.class, username,systemId);
return dbPassword.equals(encryptedPassword);
} catch (final IncorrectResultSizeDataAccessException e) {
// this means the username was not found.
return false;
}
}
/**
* @param sql The sql to set.
*/
public void setSql(final String sql) {
this.sql = sql;
}
}
在这过程中学习:
部署的项目如何调试:当我无法在自己的本地上附上cas源代码,进行断点调试,就只能根据CAS的日志文件来看到底是哪里出的错误,cas的日志文件一大堆,到底是哪个我需要的日志文件,删了刷新看到底哪个文件变化,这都是我需要学习的。
面对你认为的庞然大物时:第一次接触CAS陌生,根着文档一步一步的做,中间出现一些错误,再不断的改正错误,从CAS一些基本的样式和功能不符合需求的时候,就需要改动CAS源代码了,总是把他捧的高高在上,总是感觉自己触不可及这都是错误的心态;其实当你打开他的源代码,静下心来研究,也会感觉没有什么,和自己的项目又有什么不同呢?换做是自己要开发一个CAS的项目,是怎样的一个思路?
对CAS的认识:第一次能弄出登录界面,十分兴奋,到后来不断的发现CAS的缺点,不断的需要改动CAS源代码,不断的要替换他的文件,只能说CAS虽然是开源的,有很多我们学习的地方,但我认为对于最好不使用CAS还是不要使用,他的可配置性,灵活性,可扩展性能不是十分的友好,还是慎重选择吧。
(四)SSO之CAS框架单点登录,修改验证数据库的方式,布布扣,bubuko.com
原文地址:http://blog.csdn.net/lovesummerforever/article/details/38023385
