参考文章:
https://apereo.github.io/2017/02/22/cas51-dbauthn-tutorial/
http://www.cnblogs.com/flying607/p/7598248.html
https://www.jianshu.com/p/eefddd410aaf
ssl设置文档(可选)
cas默认jdbc认证成功后返回登陆用户名,有时候我们可能需要多个用户属性。
就需要按照cas个文档来配置相关属性,但是cas的官方文档有的内容描述的不够清晰。只能靠一个个去调试,才能弄清楚其中的用处。这里笔者就简单的配置了一下。
本片文章基于cas 5.2.3版本,通过参考上面的文章。一步步来实现返回多个数据的功能。
步骤
- 1、配置database验证
- 2、配置database多属性获取
- 3、注册service
下面是部分代码
- 数据库脚本
CREATE TABLE `USERS` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`uid` varchar(45) NOT NULL,
`psw` varchar(45) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1;
CREATE TABLE `USERATTRS` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`uid` varchar(45) NOT NULL,
`attrname` varchar(45) NOT NULL,
`attrvalue` varchar(45) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1;
#psw为123456经过MD5加密后字符
INSERT INTO USERS (uid, psw)
VALUES ('mmoayyed', 'e10adc3949ba59abbe56e057f20f883e');
INSERT INTO USERATTRS (uid, attrname, attrvalue)
VALUES ('mmoayyed', 'firstname', 'Misagh');
INSERT INTO USERATTRS (uid, attrname, attrvalue)
VALUES ('mmoayyed', 'lastname', 'Moayyed');
INSERT INTO USERATTRS (uid, attrname, attrvalue)
VALUES ('mmoayyed', 'phone', '+13476452319');
- 通过maven覆盖来修改cas服务端配置
添加jdbc认证支持
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-jdbc</artifactId>
<version>${cas.version}</version>
</dependency>
配置jdbc认证属性
追加到application.properties文件后
#配置认证数据库
cas.authn.jdbc.query[0].sql=SELECT * FROM USERS WHERE uid=?
cas.authn.jdbc.query[0].url=jdbc:mysql://192.168.190.129:3306/demo
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQL57InnoDBDialect
cas.authn.jdbc.query[0].user=root
cas.authn.jdbc.query[0].password=xxx
cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver
cas.authn.jdbc.query[0].fieldPassword=psw
cas.authn.jdbc.query[0].passwordEncoder.type=DEFAULT
#密码设置为md5算法
cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=MD5
cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=UTF-8
logging.level.org.apereo=DEBUG
#去掉默认的用户认证数据
cas.authn.accept.users=
配置jdbc多属性获取
追加到application.properties文件后,多属性解析类为MultiRowJdbcPersonAttributeDao.java。有兴趣可以看看
#多属性
cas.authn.attributeRepository.jdbc[0].singleRow=false
cas.authn.attributeRepository.jdbc[0].order=0
cas.authn.attributeRepository.jdbc[0].url=jdbc:mysql://192.168.190.129:3306/demo
cas.authn.attributeRepository.jdbc[0].user=root
cas.authn.attributeRepository.jdbc[0].password=xxx
cas.authn.attributeRepository.jdbc[0].sql=SELECT * FROM USERATTRS WHERE {0}
cas.authn.attributeRepository.jdbc[0].username=uid
#指定返回的键值对 column=column(列对列)
cas.authn.attributeRepository.jdbc[0].columnMappings.attrname=attrvalue
cas.authn.attributeRepository.jdbc[0].dialect=org.hibernate.dialect.MySQL57InnoDBDialect
cas.authn.attributeRepository.jdbc[0].ddlAuto=none
cas.authn.attributeRepository.jdbc[0].driverClass=com.mysql.jdbc.Driver
cas.authn.attributeRepository.jdbc[0].leakThreshold=10
cas.authn.attributeRepository.jdbc[0].propagationBehaviorName=PROPAGATION_REQUIRED
cas.authn.attributeRepository.jdbc[0].batchSize=1
cas.authn.attributeRepository.jdbc[0].healthQuery=SELECT 1
cas.authn.attributeRepository.jdbc[0].failFast=true
- 注册服务
添加json服务注册支持
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-json-service-registry</artifactId>
<version>${cas.version}</version>
</dependency>
添加http请求支持
修改HTTPSandIMAPS-10000001.json文件,添加http支持(可选)。把overlays下的HTTPSandIMAPS-10000001.json文件移动到工程的resources目录下(没有就新建一下),添加多属性返回策略
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https|imaps|http)://.*",
"name" : "HTTPS and IMAPS",
"id" : 10000001,
"description" : "This service definition authorizes all application urls that support HTTPS and IMAPS protocols.",
"evaluationOrder" : 1,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
}
}
image.png
配置cas客户端
修改web.xml内容
<!--
<context-param>
<param-name>renew</param-name>
<param-value>true</param-value>
</context-param>
-->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<!--cas服务注销地址-->
<param-value>http://localhost:8080/logout</param-value>
</init-param>
</filter>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<!--<filter-class>org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class>-->
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<!--cas服务登陆地址-->
<param-value>http://localhost:8080/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<!--cas客户端地址-->
<param-value>http://localhost:8089</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<!--<filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>-->
<filter-class>org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<!--cas服务端ticket验证地址-->
<param-value>http://localhost:8080</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<!--cas客户端地址-->
<param-value>http://localhost:8089</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>useSession</param-name>
<param-value>true</param-value>
</init-param>
<!--
<init-param>
<param-name>acceptAnyProxy</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>proxyReceptorUrl</param-name>
<param-value>/sample/proxyUrl</param-value>
</init-param>
<init-param>
<param-name>proxyCallbackUrl</param-name>
<param-value>https://mmoayyed.unicon.net:9443/sample/proxyUrl</param-value>
</init-param>
-->
<init-param>
<param-name>authn_method</param-name>
<param-value>mfa-duo</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>
index.jsp
</welcome-file>
</welcome-file-list>
最终客户端登陆后获得数据如下图
image.png
cas服务端和cas客户端:码云地址
cas-overlay-template:cas服务端
cas-sample-java-webapp:cas客户端
客户端直接部署在tomcat中启动就可以了。
登陆用户名:mmoayyed
密码:123456
