本文借鑑單點登錄CAS系列第04節
首先我們要將cas導入到myeclipse中,具體方法(自己創建項目,gradle轉),我用的第一個方法,創建web項目後,將編譯後的文件拷貝到項目中,目錄一定要正確哦,
如圖:
1、CSA
的默認登錄用戶密碼配置在deployerConfigContext.xml
,所以就到deployerConfigContext.xml裏面找
可以找到<bean id="primaryAuthenticationHandler" class="org.jasig...AcceptUsersAuthenticationHandler">
我們在AcceptUsersAuthenticationHandler.java中發現CAS是把配置的用戶密碼讀取到全局Map<String, String>
中的
2、而AcceptUsersAuthenticationHandler.java是通過繼承AbstractUsernamePasswordAuthenticationHandler.java才實現的認證
所以創建com.jadyer.sso.authentication.UserAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler
再重寫authenticateUsernamePasswordInternal()方法,在裏面獲取到前臺頁面輸入的用戶密碼,再到數據庫中校驗就行了。
3、接下來創建\WEB-INF\spring-configuration\applicationContext-datasource.xml
它會在啓動時被自動加載(web.xml中設定的)
然後在裏面配置數據庫連接池,連接池的用戶名密碼等可以配置在\WEB-INF\cas.properties
同時增加<context:component-scan base-package="com.jadyer.sso"/>
,使得可以在自定義類中應用Spring註解
4、新建一個UserDaoJdbc.java類,通過它利用SpringJDBCTemplate訪問數據庫
因爲要連接數據庫,所以還要把druid jar包以及mysql-connector-java jar包加入到lib目錄中
5、最後記得deployerConfigContext.xml
裏面把這段Bean配置給註釋掉<bean id="primaryAuthenticationHandler">
並在自定義的UserAuthenticationHandler.java
中使用@Component(value="primaryAuthenticationHandler")
聲明其爲Bean
注意其名字應該是primaryAuthenticationHandler,因爲deployerConfigContext.xml的其它配置引用了primaryAuthenticationHandler
否則你還要找到引用了primaryAuthenticationHandler的位置修改爲新的Bean
下面我們來具體的執行:
1、認證類UserAuthenticationHandler.java
package authentication;
import java.security.GeneralSecurityException;
import javax.annotation.Resource;
import javax.security.auth.login.FailedLoginException;
import org.jasig.cas.authentication.HandlerResult;
import org.jasig.cas.authentication.PreventedException;
import org.jasig.cas.authentication.UsernamePasswordCredential;
import org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.jasig.cas.authentication.principal.SimplePrincipal;
import org.springframework.stereotype.Component;
/**
* 自定義的用戶登錄認證類
*/
@Component(value="primaryAuthenticationHandler")
public class UserAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {
@Resource
private UserDaoJdbc userDaoJdbc;
@Override
protected HandlerResult authenticateUsernamePasswordInternal(UsernamePasswordCredential transformedCredential) throws GeneralSecurityException, PreventedException {
//UsernamePasswordCredential參數包含了前臺頁面輸入的用戶信息
String username = transformedCredential.getUsername();
String password = transformedCredential.getPassword();
//認證用戶名和密碼是否正確
if(userDaoJdbc.verifyAccount(username, password)){
return createHandlerResult(transformedCredential, new SimplePrincipal(username), null);
}
throw new FailedLoginException();
}
}
2、密碼校驗類UserDaoJdbc.java,爲了符合jeesite中的認證方式,將jeesite的解密方法拿過來
package authentication;
import javax.annotation.Resource;
import javax.sql.DataSource;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.stereotype.Repository;
@Repository
public class UserDaoJdbc {
private static final String SQL_VERIFY_ACCOUNT = "SELECT COUNT(*) FROM sys_user WHERE login_name=? AND del_flag=0";
private static final String SQL_VERIFY_PASSWORD = "SELECT password FROM sys_user WHERE login_name=? AND del_flag=0";
private JdbcTemplate jdbcTemplate;
public static final int HASH_INTERATIONS = 1024;
@Resource
public void setDataSource(DataSource dataSource){
this.jdbcTemplate = new JdbcTemplate(dataSource);
}
public boolean verifyAccount(String username, String plainPassword){
try{
//驗證用戶名和密碼是否正確
if(1==this.jdbcTemplate.queryForObject(SQL_VERIFY_ACCOUNT, new Object[]{username}, Integer.class)){
String password =this.jdbcTemplate.queryForObject(SQL_VERIFY_PASSWORD, new Object[]{username},String.class);
String plain = Encodes.unescapeHtml(plainPassword);
byte[] salt = Encodes.decodeHex(password.substring(0,16));
byte[] hashPassword = Digests.sha1(plain.getBytes(), salt, HASH_INTERATIONS);
return password.equals(Encodes.encodeHex(salt)+Encodes.encodeHex(hashPassword));
}
return false;
}catch(EmptyResultDataAccessException e){
return false;
}
}
}
3、鏈接數據庫的配置文件spring-configuration\applicationContext-datasource.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">
<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource" init-method="init" destroy-method="close">
<property name="url" value="jdbc:mysql://"/>
<property name="username" value=""/>
<property name="password" value=""/>
<!-- 配置初始化大小、最小、最大 -->
<property name="initialSize" value="1"/>
<property name="minIdle" value="1"/>
<property name="maxActive" value="20"/>
<!-- 配置獲取連接等待超時的時間 -->
<property name="maxWait" value="60000"/>
<!-- 配置間隔多久才進行一次檢測,檢測需要關閉的空閒連接,單位是毫秒 -->
<property name="timeBetweenEvictionRunsMillis" value="60000"/>
<!-- 配置一個連接在池中最小生存的時間,單位是毫秒 -->
<property name="minEvictableIdleTimeMillis" value="300000"/>
<property name="validationQuery" value="SELECT 'x'"/>
<property name="testWhileIdle" value="true"/>
<property name="testOnBorrow" value="false"/>
<property name="testOnReturn" value="false"/>
<!-- 打開PSCache,並且指定每個連接上PSCache的大小 -->
<!-- PSCache(preparedStatement)對支持遊標的數據庫性能提升巨大,比如說Oracle/DB2/SQL Server,在mysql下建議關閉 -->
<property name="poolPreparedStatements" value="false"/>
<property name="maxPoolPreparedStatementPerConnectionSize" value="-1"/>
<!-- 配置監控統計攔截的filters -->
<property name="filters" value="wall,mergeStat"/>
</bean>
<bean id="txManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource"/>
</bean>
<tx:annotation-driven transaction-manager="txManager"/>
<context:component-scan base-package="authentication"/>
</beans>
4、修改cas的認證方法。新添信息,以前的可以註釋掉
<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
<entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" />
<!-- 下面是採用cas-server-support-jdbc-4.0.3.jar實現數據庫認證的Bean聲明 -->
<!--
<entry key-ref="mssoUsersAuthenticationHandler" value-ref="primaryPrincipalResolver" />
-->
</map>
</constructor-arg>
<property name="authenticationPolicy">
<bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
</property>
</bean>
<!-- <bean id="primaryAuthenticationHandler"
class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
<property name="users">
<map>
<entry key="casuser" value="Mellon"/>
</map>
</property>
</bean> -->
至此完畢,重啓系統,使用項目中的用戶登錄。