CAS Server 如何連接WebService驗密?
一般常用的有連接AD 域控的LDAP或DB去做用戶和密碼的驗證,網上也有很多介紹。
CAS Server的source code初始化時,使用的是casuser/Mellon,以方便大家初次使用。
最簡的方式就是從這裏入手,大家可以在deployerConfigContext.xml裏找CASUSER或Mellon.
下面是我修改後的配置文件,用最簡單的SOAP去連接,利用原始功能從配置文件裏讀取URL和SOAP信息。
直接修改這個方法的中問部分即可,如果驗證不成功直接拋出異常即可。接下的事情就交給CAS 去生成TOKEN......
protected final HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential)
throws GeneralSecurityException, PreventedException {
final String username = credential.getUsername();
final String password = credential.getPassword();
final String cacheurl = this.users.get("url");
final String cachesoap = this.users.get("soap");
String result = "false";
try {
//服務的地址
URL wsUrl;
wsUrl = new URL(cacheurl);
HttpURLConnection conn;
conn = (HttpURLConnection) wsUrl.openConnection();
conn.setDoInput(true);
conn.setDoOutput(true);
conn.setRequestMethod("POST");
conn.setRequestProperty("Content-Type", "text/xml;charset=UTF-8");
OutputStream os = conn.getOutputStream();
//請求體
String soap = cachesoap;
soap = soap.replace("username-param", username).replace("password-param",password);//替換用戶名和密碼
os.write(soap.getBytes());
InputStream is = conn.getInputStream();
Document doc;
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder db = dbf.newDocumentBuilder();
doc = db.parse(is);
NodeList nl = doc.getElementsByTagName("LoginResult");
StringBuffer sb = new StringBuffer();
Node n = nl.item(0);
result = n.getFirstChild().getNodeValue();
is.close();
os.close();
conn.disconnect();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
System.out.println("------User ["+username+"]Login result: "+result);
if(!result.equals("Success")){
logger.debug("{} :wrong username or password.", username);
throw new AccountNotFoundException(username + " wrong username or password.");
}
final String encodedPassword = this.getPasswordEncoder().encode(credential.getPassword());
return createHandlerResult(credential, new SimplePrincipal(username), null);
}