【SSO单点系列】:CAS4.0 CAS整合SpringMVC+MyBatis实现数据库校验(04)

一、准备所需jar包

cas\WEB-INF\lib中加入 c3p0-0.9.1.2.jar包、mysql-connector-java-5.1.21.jar包和cas-server-support-jdbc-4.0.0.jar包。 

c3p0的jar包和mysql驱动的jar包可以在maven上拉下来,

cas-server-support-jdbc-4.0.0.jar 这个jar包可以在cas-server-4.0.0\modules目录下找到

二、Cas-Server(服务端)自定义验证规则

1、打开deployerConfigContext.xml

找到 primaryAuthenticationHandler ,因为实际开发中我们需要跟数据库做校验所以这段代码就需要注掉然后改为我们的验证规则

<!--        
       
    <bean id="primaryAuthenticationHandler"
          class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
        <property name="users">
            <map>
                <entry key="casuser" value="Mellon"/>
            </map>
        </property>
    </bean>

 -->

2、在deployerConfigContext.xml中给Cas配置数据源

 <!-- 配置数据源 -->
 <bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource"
        p:driverClass="com.mysql.jdbc.Driver"
        p:jdbcUrl="jdbc:mysql://localhost:3306/test3?useUnicode=true&amp;characterEncoding=UTF-8&amp;zeroDateTimeBehavior=convertToNull"
        p:user="xxx" p:password="xxx" />

3、在deployerConfigContext.xml中给定义加密方式

<!-- 加密方式 -->        
 <bean id="passwordEncoder"
      class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
      c:encodingAlgorithm="MD5"
      p:characterEncoding="UTF-8" />

4、在deployerConfigContext.xml中配置查询语句,这里的p:passwordEncoder对应着加密方式 p:dataSource 这个指向的就是之前配置的数据源

<!-- 查询Sql -->            
 <bean id="dbAuthHandler"
      class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
      p:dataSource-ref="dataSource"
      p:sql="select password from cas_user where username=? and data_status='1'"
      p:passwordEncoder-ref="passwordEncoder"  />

5、在deployerConfigContext.xml中配置新的验证规则,找到这段代码将这段代码注掉,细心的朋友或许已经发现primaryAuthenticationHandler

这个key指向的就是Cas 提供的默认账号密码配置,也就是我们一上来就注掉的呢段

<!--  <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" /> -->

<constructor-arg>
            <map>
                <!--
                   | IMPORTANT
                   | Every handler requires a unique name.
                   | If more than one instance of the same handler class is configured, you must explicitly
                   | set its name to something other than its default name (typically the simple class name).
                   -->
                <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
                <!-- <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" /> -->
                <entry key-ref="dbAuthHandler" value-ref="primaryPrincipalResolver"/>
            </map>
        </constructor-arg>

三、CAS-Client(客户端)配置

1.打开 pom.xml文件引入client(客户端)jar包

 

        
        <!-- 整合Cas所需jar包 -->
        <dependency>
            <groupId>org.jasig.cas.client</groupId>
            <artifactId>cas-client-core</artifactId>
            <version>3.2.1</version>
        </dependency>

2、打开 web.xml配置加入cas配置

    <!-- 该过滤器用于实现单点登出功能,可选配置。 -->
    <filter>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
    </filter>

    <!-- 该过滤器负责用户的认证工作,必须启用它 -->
    <filter>
        <filter-name>CAS Authentication Filter</filter-name>
        <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
        <init-param>
            <param-name>casServerLoginUrl</param-name>
            <param-value>http://localhost:8080/cas/login</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://localhost:8080</param-value>
        </init-param>
    </filter>

    <!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
    <filter>
        <filter-name>CAS Validation Filter</filter-name>
        <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>http://localhost:8080/cas</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://localhost:8080</param-value>
        </init-param>
        <init-param>
            <param-name>redirectAfterValidation</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>

    <!-- 该过滤器负责实现HttpServletRequest请求的包裹, 比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。 -->
    <filter>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
    </filter>

    <!-- 该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。 比如AssertionHolder.getAssertion().getPrincipal().getName()。 -->
    <filter>
        <filter-name>CAS Assertion Thread Local Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CAS Authentication Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CAS Validation Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter-mapping>
        <filter-name>CAS Assertion Thread Local Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <listener>
        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
    </listener>
    <!-- ======================== 单点登录/登出结束 ======================== -->

四、运行测试

CAS自动拦截(PS:没有登录当然要拦截了)

随便输入点信息看看验证成功没有~~

输入正确的账号密码登录系统成功

 

posted on 2016-09-05 17:28  淡淡丶奶油味  阅读(1979)  评论(0编辑  收藏  举报