CAS server 自定义认证方式和返回多个参数

Mac上搭建cas

http://blog.csdn.net/qq_33264648/article/details/66475964

自定义认证方式

在项目的webapp/WEB-INF文件夹下，有个deployerConfigContext.xml文件，打开，找到这个地方。

<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<!--
| IMPORTANT
| Every handler requires a unique name.
| If more than one instance of the same handler class is configured, you must explicitly
| set its name to something other than its default name (typically the simple class name).
-->
<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver"/>
<entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver"/>
</map>
</constructor-arg>

<!-- Uncomment the metadata populator to allow clearpass to capture and cache the password
This switch effectively will turn on clearpass.
<property name="authenticationMetaDataPopulators">
<util:list>
<bean class="org.jasig.cas.extension.clearpass.CacheCredentialsMetaDataPopulator"
c:credentialCache-ref="encryptedMap" />
</util:list>
</property>
-->

<!--
| Defines the security policy around authentication. Some alternative policies that ship with CAS:
|
| * NotPreventedAuthenticationPolicy - all credential must either pass or fail authentication
| * AllAuthenticationPolicy - all presented credential must be authenticated successfully
| * RequiredHandlerAuthenticationPolicy - specifies a handler that must authenticate its credential to pass
-->
<property name="authenticationPolicy">
<bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy"/>
</property>
</bean>

<entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver"/>
primaryAuthenticationHandler对应的bean就是cas默认的认证方式

我们可以去修改它，添加我们自己认证的方式。新建ValidUserQueryAuthenticationHandler类，继承org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler这个类，在authenticateUsernamePasswordInternal这个方法中写自己的验证逻辑，我这里用jdbc的方式认证，首先在pom.xm中添加

<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>${mysql.version}</version>
</dependency>

<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>${druid.version}</version>
</dependency>

<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-support-jdbc</artifactId>
<version>${cas.version}</version>
</dependency>

在cas-server-support-jdbc这个模块中有4个可以继承的类，在这里我选择继承org.jasig.cas.adaptors.jdbc.AbstractJdbcUsernamePasswordAuthenticationHandler这个类，

public class ValidUserQueryAuthenticationHandler extends AbstractJdbcUsernamePasswordAuthenticationHandler {

private final String sql;

public ValidUserQueryAuthenticationHandler() {
sql = "SELECT password FROM user where name=?";
}

@Override
protected final
4000
HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential)
throws GeneralSecurityException, PreventedException {
String username = credential.getUsername();
String password = credential.getPassword();
try {
if (username == null || username.length() == 0) {
throw new FailedLoginException("username can't be null");
}
String e = this.getJdbcTemplate().queryForObject(this.sql, String.class, username);
String encryptedPassword = this.getPasswordEncoder().encode(password);
if (!e.equals(encryptedPassword)) {
throw new FailedLoginException("Password does not match value on record.");
}
} catch (IncorrectResultSizeDataAccessException var5) {
if (var5.getActualSize() == 0) {
throw new AccountNotFoundException(username + " not found with SQL query");
}
throw new FailedLoginException("Multiple records found for " + username);
} catch (DataAccessException var6) {
throw new PreventedException("SQL exception while executing query for " + username, var6);
}
return this.createHandlerResult(credential, new SimplePrincipal(username), null);
}

}

然后在deployerConfigContext.xml文件中写上

<!--<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
<property name="users">
<map>
<entry key="casuser" value="Mellon"/>
</map>
</property>
</bean>-->

<bean id="primaryAuthenticationHandler" class="com.castest.ValidUserQueryAuthenticationHandler"
p:dataSource-ref="dataSource" p:passwordEncoder-ref="passwordEncoder"/>

<bean id="passwordEncoder" class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" c:_0="md5"/>

<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource" init-method="init" destroy-method="close">
<property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<property name="url" value="jdbc:mysql://localhost:3306/webtest?useUnicode=true&characterEncoding=utf-8"/>
<property name="username" value="root"/>
<property name="password" value="123456"/>
<property name="validationQuery" value="select 1"/>
</bean>

它原来的认证逻辑要注释掉，换上自己的，这里有一个passwordEncoder，这是密码加密方式，可以不写，也可以自定义，只要实现接口org.jasig.cas.authentication.handler.PasswordEncoder就可以了，dataSource是数据源，自己另外配置。

整个流程就完成了。

返回多个参数

在deployerConfigContext.xml文件中找到这段代码

<bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"
p:backingMap-ref="attrRepoBackingMap"/>

<util:map id="attrRepoBackingMap">
<entry key="uid" value="uid"/>
<entry key="eduPersonAffiliation" value="eduPersonAffiliation"/>
<entry key="groupMembership" value="groupMembership"/>
</util:map>

StubPersonAttributeDao这个类就是对返回的值的处理，我们可以继承这个类来处理。新建MultipleAttributeUserDao类，继承StubPersonAttributeDao，在deployerConfigContext.xml文件中把上面的代码换成下面的代码。

<bean id="attributeRepository" class="com.castest.MultipleAttributeUserDao"/>

在MultipleAttributeUserDao这个类中重写public IPersonAttributes getPerson(String uid)这个方法，这个类就是处理返回值的方法，uid就是登陆传的username，类似下面的代码。

@Override
public IPersonAttributes getPerson(String uid) {
Map<String, List<Object>> attributes = new HashMap<String, List<Object>>();
attributes.put("from_name", Collections.<Object>singletonList(uid));
attributes.put("email", Collections.<Object>singletonList("123456@qq.com"));
attributes.put("phone", Collections.<Object>singletonList("123456"));
return new AttributeNamedPersonImpl(attributes);
}