首页  :: 新随笔  :: 管理

cas重新实现登陆认证逻辑

Posted on 2010-06-09 00:12  季枫  阅读(1795)  评论(0编辑  收藏  举报
package com.ucit.cas;

import java.security.NoSuchAlgorithmException;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.List;

import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder;
import org.jasig.cas.adaptors.jdbc.AbstractJdbcUsernamePasswordAuthenticationHandler;
import org.jasig.cas.authentication.handler.AuthenticationException;
import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;
import org.springframework.jdbc.core.simple.ParameterizedRowMapper;

public final class UCITCASAuthHandler extends
		AbstractJdbcUsernamePasswordAuthenticationHandler {
	protected boolean authenticateUsernamePasswordInternal(
			UsernamePasswordCredentials credentials)
			throws AuthenticationException {
		String username = credentials.getUsername();
		String password = credentials.getPassword();
		try {
			MessageDigestCredentialPasswordEncoder encoder = new MessageDigestCredentialPasswordEncoder();
			/*List<String> list = getJdbcTemplate().query(
					"SELECT column_value FROM security_principal p,"
							+ "security_credential c where p.full_path=? and "
							+ "c.principal_id=p.principal_id",
					new ParameterizedRowMapper<String>() {
						public String mapRow(ResultSet rs, int index)
								throws SQLException {
							return rs.getString(1);
						}
					}, "/user/" + username);*/
			List<String> list = getJdbcTemplate().query(
					"select column_value from porta_user pu where pu.full_path=? ",
					new ParameterizedRowMapper<String>() {
						public String mapRow(ResultSet rs, int index)
								throws SQLException {
							return rs.getString(1);
						}
					}, "/user/" + username);
			return list.isEmpty() ? aliasCheck(username, password,credentials) : list.get(0)
					.equals(encoder.encode(username, password));
		} catch (Exception e) {
			e.printStackTrace();
			return false;
		}
	}
	private boolean aliasCheck(String username, String password,UsernamePasswordCredentials credentials) {
		try {
			MessageDigestCredentialPasswordEncoder encoder = new MessageDigestCredentialPasswordEncoder();
		
		List<String[]> list = getJdbcTemplate().query(
				"select column_value,full_path from porta_user  where alias=?",
				new ParameterizedRowMapper<String[]>() {
					public String[] mapRow(ResultSet rs, int index)
							throws SQLException {
						return new String[]{rs.getString(1),rs.getString(2)};
					}
				}, username);
		if (list.isEmpty())
			return verify(username, password);
		else{
			String _username=list.get(0)[1].replaceAll("/user/", "");
			credentials.setUsername(_username);
			return list.get(0)[0].equals(encoder.encode(_username, password));
		}
//		return list.isEmpty() ? verify(username, password) : list.get(0)
//				.equals(encoder.encode(username, password));
		} catch (Exception e) {
			// TODO Auto-generated catch block
			e.printStackTrace(); 
			return false;  
		}

	}
	private boolean verify(String username, String password) {
		List<String> list = getJdbcTemplate().query(
				"SELECT uid FROM user where ULoginID=? and upass=?",
				new ParameterizedRowMapper<String>() {
					public String mapRow(ResultSet rs, int index)
							throws SQLException {
						return rs.getString(1);  
					}
				}, username, password);
		return !list.isEmpty();
	}    
	
	
	public static void main(String[] args) throws NoSuchAlgorithmException, SecurityException {
		MessageDigestCredentialPasswordEncoder encoder = new MessageDigestCredentialPasswordEncoder();
		System.out.println(encoder.encode("510722197305041435", "7788119"));
	}
}

下载项目
https://9p9q8w.blu.livefilestore.com/y1p0ioo0EVb55XY-YbpBePUgmee5w3lcGPIzWOsknbo-6BvbinZZAPtsPMkOKD0kZ0vuJgaOwqrodOx6FmcbTVMWDQPYU_HGEQT/cas(2010-06-08%E9%87%8D%E5%86%99%E7%99%BB%E9%99%86%E9%AA%8C%E8%AF%81%2C%E6%94%AF%E6%8C%81%E5%88%AB%E5%90%8D%E7%99%BB%E9%99%86).zip?download&amp;psid=1

智读 | 成都会领科技有限公司官网 | 智读App下载 | 每天听本书的博客 | |