在做SSO時,有時不一定返回客戶端的不僅僅是用戶名,有時還會要求返回用戶ID等。
一、準備工作
cas官方網站
http://www.jasig.org/cas
下載最新的服務端 CAS Server 3.3.3 Final
cas官方網站上面的客戶端下載地址比較隱祕,沒有完全公開,具體地址爲
http://www.ja-sig.org/downloads/cas-clients/
下載最新的cas-client-3.1.6-release.zip
下載附件中的所有JAR包。
二、數據庫設置
create database userinfo
go
use userinfo
create table tb_userinfo(
id int identity primary key,
username varchar(20) NOT NULL,
password varchar(50) NOT NULL
)
insert into tb_userinfo values('arix04','123456')
三、服務器設置
1、將服務器端解壓,將modules下面的cas-server-webapp-3.3.3.war部署到web服務器,重命名爲CAS.war,作爲單點的服務器。
2、導入modules中的cas-server-support-jdbc-3.3.3.jar包
3、導入數據庫驅動
4、導入附件中的所有文件
修改WEB-INF中的deployerConfigContext.xml文件
5、添加數據源
<bean id="casDataSource" class="org.apache.commons.dbcp.BasicDataSource"> <property name="driverClassName"> <value>com.microsoft.sqlserver.jdbc.SQLServerDriver</value> </property> <property name="url"> <value>jdbc:sqlserver://localhost:1433;databaseName=userinfo</value> </property> <property name="username"> <value>sa</value> </property> <property name="password"> <value>123456</value> </property> </bean>
6、配置authenticationManager下面的authenticationHandlers屬性
CAS原有的認證方式爲用戶名和密碼一樣,現在我們修改成通過數據庫查找
先將以下配置註釋掉
<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
在註釋掉的相應的位置加入以下配置
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="casDataSource" />
<property name="sql" value="select password from tb_userinfo where username = ?" />
</bean>
7、定義attributeRepository,通過jdbc查詢用戶的詳細信息,可以把用戶表的信息查詢出來。
<bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao"> <constructor-arg index="0" ref="casDataSource" /> <constructor-arg index="1" > <list> <value>username</value> </list> </constructor-arg> <constructor-arg index="2"> <value> select id,username,password from tb_userinfo where username = ? </value> </constructor-arg> <property name="columnsToAttributes"> <map> <entry key="id" value="id" /> <entry key="userName" value="userName" /> <entry key="password" value="password" /> </map> </property> </bean>
8、配置authenticationManager中credentialsToPrincipalResolvers屬性
<bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" > <property name="attributeRepository" ref="attributeRepository"/>
9、默認cas登錄服務器沒有把用戶信息傳到客戶端中,所以要修改WEB-INF\view\jsp\protocol\2.0\casServiceValidationSuccess.jsp文件,增加以下代碼:
<c:if test="${fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes) > 0}">
<cas:attributes>
<c:forEach var="attr" items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}">
<cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>
</c:forEach>
</cas:attributes>
</c:if>
四、配置客戶端
1、解壓後把modules下面的包放到我們的web應用中。導入相慶的SPRING.JAR包
2.配置web.xml,注意encodingFilter要提前配置,不然會出現數據插入數據庫的時候有亂碼。
serverName是我們web應用的地址和端口
<context-param> <param-name>serverName</param-name> <param-value>www.test.com:9080</param-value> </context-param> <filter> <filter-name>encodingFilter</filter-name> <filter-class> org.springframework.web.filter.CharacterEncodingFilter </filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> <init-param> <param-name>forceEncoding</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>encodingFilter</filter-name> <url-pattern>*.htm</url-pattern> </filter-mapping> <filter-mapping> <filter-name>encodingFilter</filter-name> <url-pattern>*.ftl</url-pattern> </filter-mapping> <filter-mapping> <filter-name>encodingFilter</filter-name> <url-pattern>*.xhtml</url-pattern> </filter-mapping> <filter-mapping> <filter-name>encodingFilter</filter-name> <url-pattern>*.html</url-pattern> </filter-mapping> <filter-mapping> <filter-name>encodingFilter</filter-name> <url-pattern>*.shtml</url-pattern> </filter-mapping> <filter-mapping> <filter-name>encodingFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> <filter-mapping> <filter-name>encodingFilter</filter-name> <url-pattern>*.do</url-pattern> </filter-mapping> <filter-mapping> <filter-name>encodingFilter</filter-name> <url-pattern>*.vm</url-pattern> </filter-mapping> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class> org.jasig.cas.client.session.SingleSignOutFilter </filter-class> </filter> <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class> org.jasig.cas.client.session.SingleSignOutHttpSessionListener </listener-class> </listener> <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class> org.jasig.cas.client.authentication.AuthenticationFilter </filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://www.test.com:8443/cas/login</param-value> </init-param> </filter> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class> org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter </filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://www.test.com:8443/cas</param-value> </init-param> </filter> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class> org.jasig.cas.client.util.HttpServletRequestWrapperFilter </filter-class> </filter> <filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class> org.jasig.cas.client.util.AssertionThreadLocalFilter </filter-class> </filter> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
3、得到相應的返回參數
AttributePrincipal principal = (AttributePrincipal)request.getUserPrincipal();
String username = principal.getName();
Long id = Long.parseLong(principal.getAttributes().get("id").toString());
String password = principal.getAttributes().get("password").toString();
out.println(username);
out.println(id);
out.println(password);