1. CAS版本
CAS server3.4.1 http://downloads.jasig.org/cas/
CAS client3.1.12 http://downloads.jasig.org/cas-clients/
2. 修改server端 deployerConfigContext.xml 配置文件。
<?xml version="1.0" encoding="UTF-8"?>
<!--
| deployerConfigContext.xml centralizes into one file some of the declarative configuration that
| all CAS deployers will need to modify.
|
| This file declares some of the Spring-managed JavaBeans that make up a CAS deployment.
| The beans declared in this file are instantiated at context initialization time by the Spring
| ContextLoaderListener declared in web.xml. It finds this file because this
| file is among those declared in the context parameter "contextConfigLocation".
|
| By far the most common change you will need to make in this file is to change the last bean
| declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler with
| one implementing your approach for authenticating usernames and passwords.
+-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<!--
| This bean declares our AuthenticationManager. The CentralAuthenticationService service bean
| declared in applicationContext.xml picks up this AuthenticationManager by reference to its id,
| "authenticationManager". Most deployers will be able to use the default AuthenticationManager
| implementation and so do not need to change the class of this bean. We include the whole
| AuthenticationManager here in the userConfigContext.xml so that you can see the things you will
| need to change in context.
+-->
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<!--
| This is the List of CredentialToPrincipalResolvers that identify what Principal is trying to authenticate.
| The AuthenticationManagerImpl considers them in order, finding a CredentialToPrincipalResolver which
| supports the presented credentials.
|
| AuthenticationManagerImpl uses these resolvers for two purposes. First, it uses them to identify the Principal
| attempting to authenticate to CAS /login . In the default configuration, it is the DefaultCredentialsToPrincipalResolver
| that fills this role. If you are using some other kind of credentials than UsernamePasswordCredentials, you will need to replace
| DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that supports the credentials you are
| using.
|
| Second, AuthenticationManagerImpl uses these resolvers to identify a service requesting a proxy granting ticket.
| In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose.
| You will need to change this list if you are identifying services by something more or other than their callback URL.
+-->
<property name="credentialsToPrincipalResolvers">
<list>
<!--
| UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login
| by default and produces SimplePrincipal instances conveying the username from the credentials.
|
| If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also
| need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the
| Credentials you are using.
+-->
<bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" >
<property name="attributeRepository" >
<ref local="attributeRepository"/>
</property>
</bean>
<!--
| HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials. It supports the CAS 2.0 approach of
| authenticating services by SSL callback, extracting the callback URL from the Credentials and representing it as a
| SimpleService identified by that callback URL.
|
| If you are representing services by something more or other than an HTTPS URL whereat they are able to
| receive a proxy callback, you will need to change this bean declaration (or add additional declarations).
+-->
<bean
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
</list>
</property>
<!--
| Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate,
| AuthenticationHandlers actually authenticate credentials. Here we declare the AuthenticationHandlers that
| authenticate the Principals that the CredentialsToPrincipalResolvers identified. CAS will try these handlers in turn
| until it finds one that both supports the Credentials presented and succeeds in authenticating.
+-->
<property name="authenticationHandlers">
<list>
<!--
| This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
| a server side SSL certificate.
+-->
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" p:requireSecure="false"/>
<!--
| This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS
| into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
| where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your
| local authentication strategy. You might accomplish this by coding a new such handler and declaring
| edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
+-->
<!-- 配置用户验证,验证方式可以配置多个。 只要有一个验证成功就会退出-->
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="sql" value="select account_password from utv_account where account_username=?" />
<property name="dataSource" ref="dataSource" />
<property name="passwordEncoder" ref="passwordEncoder" />
</bean>
</list>
</property>
</bean>
<!-- 数据源配置 -->
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" >
<property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property>
<property name="url"><value>jdbc:mysql://192.168.1.88:3306/utvvideo?useUnicode=true&characterEncoding=UTF-8</value></property>
<property name="username"><value>utvchina</value></property>
<property name="password"><value>utvchina</value></property>
</bean>
<!-- 定义自己的加密机制 -->
<bean id="passwordEncoder" class="org.jasig.cas.authentication.handler.EncryptPasswordEncoder"
autowire="byName">
<constructor-arg value="MD5" />
</bean>
<!--
This bean defines the security roles for the Services Management application. Simple deployments can use the in-memory version.
More robust deployments will want to use another option, such as the Jdbc version.
The name of this should remain "userDetailsService" in order for Spring Security to find it.
-->
<!-- <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />-->
<sec:user-service id="userDetailsService">
<sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />
</sec:user-service>
<!-- 在这里配置获取更多的信息 -->
<bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
<constructor-arg index="0" ref="dataSource" />
<constructor-arg index="1" value="select U_id as UId,U_type as UType,U_email as UEmail from t_user where U_username=?" />
<property name="queryAttributeMapping">
<map>
<entry key="username" value="uid"/><!-- 这里必须这么写,系统会自己匹配。 -->
</map>
</property>
<!-- 要获取的属性在这里配置 -->
<property name="resultAttributeMapping">
<map>
<entry key="UId" value="U_id" />
<entry key="UType" value="U_type" />
<entry key="UEmail" value="U_email" />
</map>
</property>
</bean>
<!--
Sample, in-memory data store for the ServiceRegistry. A real implementation
would probably want to replace this with the JPA-backed ServiceRegistry DAO
The name of this bean should remain "serviceRegistryDao".
-->
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
</bean>
</beans>
3. 修改WEB-INF\view\jsp\protocol\2.0\casServiceValidationSuccess.jsp文件,如下:
<%@ page session="false"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%>
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.id)}</cas:user>
<c:if test="${not empty pgtIou}">
<cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket>
</c:if>
<c:if test="${fn:length(assertion.chainedAuthentications) > 1}">
<cas:proxies>
<c:forEach var="proxy" items="${assertion.chainedAuthentications}"
varStatus="loopStatus" begin="0"
end="${fn:length(assertion.chainedAuthentications)-2}" step="1">
<cas:proxy>${fn:escapeXml(proxy.principal.id)}</cas:proxy>
</c:forEach>
</cas:proxies>
</c:if>
<c:if
test="${fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes) > 0}">
<cas:attributes>
<c:forEach var="attr"
items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}"
varStatus="loopStatus" begin="0"
end="${fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes)-1}"
step="1">
<cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>
</c:forEach>
</cas:attributes>
</c:if>
</cas:authenticationSuccess>
</cas:serviceResponse>
4. 在客户端获取信息
AttributePrincipal principal = (AttributePrincipal) request.getUserPrincipal();
String loginName = principal.getName();//获取用户名
Map<String, Object> attributes = principal.getAttributes();
if(attributes != null) {
System.out.println(attributes.get("U_id"));
System.out.println(attributes.get("U_type"));
System.out.println(attributes.get("U_email"));
}
分享到:
相关推荐
在这个过程中,我们使用Pac4J的CasClient来处理请求,获取并验证ticket,然后将用户信息返回给客户端,完成认证过程。 5. 用户认证流程优化:通过上述配置,用户在访问受保护的REST接口时,不会被重定向到CAS服务器...
CAS Server 5.3.9是CAS的一个特定版本,它引入了更多的功能和改进,以提供更稳定和安全的认证服务。 在CAS Server 5.3.9中整合数据库验证用户信息是常见的应用场景,这意味着CAS会与一个或多个数据库进行交互,以...
总结,配置CAS 3.1的PersonDirectory以获取更多用户属性涉及到理解CAS架构,熟悉PersonDirectory的工作原理,以及对Spring XML配置的理解。通过正确配置`deployerConfigContext.xml`,我们可以实现从多个数据源获取...
4. **扩展CAS服务端**:为了返回更多用户信息,可能需要对CAS服务器进行扩展,比如使用自定义的UserDetailsService或AuthenticationManager。这些组件可以让服务端根据用户凭证查询数据库或其他数据源,获取额外的...
微信API不仅可以用于微信登录,还可以实现更多社交功能。 接入新浪微博第三方登录的流程类似,需要注册成为微博开发者,获取API Key和Secret,然后通过SDK实现授权和信息获取。在开发过程中,可以利用官方提供的...
7. **www.pudn.com.txt**:这个文件可能是包含有关CAS客户端使用或部署指南的文本文件,或者是一个链接到更多信息的资源。 8. **Yale大学**:CAS最初由耶鲁大学开发并开源,现在已成为一个广泛使用的标准,有许多...
- **配置JDBC认证器**:定义如何查询数据库获取用户信息。 ##### 2.4 扩展CASServer界面 CAS提供了自定义界面的功能,可以通过修改模板文件来自定义登录页面的外观。 #### 3. 部署SpringSecurity应用 ##### 3.1 ...
2. 初始化CAS客户端,可以选择是否启用调试模式以获取更多信息。 3. 使用`phpCAS::client()`方法创建CAS客户端实例。 4. 调用`phpCAS::forceAuthentication()`或`phpCAS::checkAuthentication()`来触发或检查用户的...
2. **数据库连接**:为了从数据库中获取和验证用户信息,我们需要数据库驱动。`mysql-connector-java-5.1.32.jar`是MySQL的JDBC驱动,用于与MySQL数据库建立连接。确保这个驱动与你的数据库版本兼容是非常重要的。 ...
在实际的企业环境中,根据业务需求,我们可能需要对默认的CAS登录页面进行自定义,以提供更符合品牌形象或用户体验的界面。下面将详细讲解如何配置和实现CAS的自定义登录页面。 一、CAS自定义登录页面概述 CAS的...
其流程主要包括:服务请求、重定向到CAS服务器、用户身份验证、返回Ticket、服务验证Ticket并获取用户信息。 2. CAS组件: - CAS Server:负责处理用户的登录请求,验证用户身份,并生成Ticket。 - CAS Client:...
4. **用户信息获取**:成功认证后,可以调用`phpCAS::getUser()`获取用户名,或者使用`phpCAS::getProxiedServiceURL()`和`phpCAS::getProxiedServiceTicket()`获取代理服务信息。 5. **会话集成**:phpCAS可以与PHP...
CAS服务器负责处理用户的身份验证请求,并在用户成功验证后提供服务票据(Ticket Granting Ticket, TGT),使得用户在访问多个受保护应用时只需登录一次。以下是搭建CAS服务的步骤: 1. **环境准备**:确保你的开发...
这通常通过`CasValidationFilter`和`CasAssertionAuthenticationFilter`完成,它们会处理ticket,获取用户信息,并将其转化为Spring Security的Authentication对象。 7. **配置Spring Security**:Spring Security...
- `UserDetails`: 用户信息类,存储了从CAS返回的用户信息。 - `CasTicketValidator`: 自定义的票证验证器,扩展了CAS的默认验证器,可能包含了对服务端票证验证的特殊处理。 5. 应用场景 这种结合模式常见于...
该系统旨在简化Web应用的安全认证过程,允许用户通过一个统一的入口点登录,之后访问多个受保护的应用时无需再次验证身份。这个压缩包包含的是CAS服务器端API的3.5.3版本和CAS客户端核心组件3.3.3版本的CHM...
在描述中提到的"服务端数据库配置"是指设置CAS服务器以与特定的数据库进行交互,存储和验证用户信息。这通常涉及到以下几个步骤: 1. 配置数据源:在`pom.xml`中添加数据库驱动依赖,并在`cas-server-support-jdbc`...
1. **配置Shiro Realm**:创建一个实现CAS Realm的Shiro Realm,以便从CAS服务器获取用户信息。 2. **设置CasFilter**:在Shiro配置中添加CasFilter,处理CAS的登录、服务验证和登出请求。 3. **共享Session**:通过...
通过Google搜索"CAS SSO",你可以找到更多关于CAS单点登录系统的资料,包括详细的文档、示例代码、用户案例和社区讨论,帮助你深入理解和使用这个强大的身份认证解决方案。同时,下载的"cas-4.1.2"压缩包应该包含了...