(四)SSO之CAS框架单点登录,自定义验证登录方式
应需求的变化,在登录cas的时候,默认根据用户名和密码进行验证,如果加上用户名,密码和一个系统标识进行验证呢?该如何做呢?
我们知道cas默认的登录界面中,输入的用户名和密码,再配置一下deployerConfigContext.xml 这个文件中的bean org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler 的这个标签,写上对应的sql,以及在<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">中配置数据库驱动,数据库名称,以及登陆密码等。
如果再加上一个其他的验证该怎么做呢?
1 根据xml中bean标签的提示,很容器找到这个类QueryDatabaseAuthenticationHandler.java类,首先先修改login-webflow.xml,修改代码如下所示:
<binder> <binding property="username" /> <binding property="password" /> <binding property="systemId" /> </binder>
其中<bingding property="systemId" />与界面中传递过来的隐含域一致。
2 casLoginView.jsp中增加的js代码如下所示,从登陆地址的url传递参数。
<script language="javascript" type="text/javascript"> window.onload=function()//用window的onload事件,窗体加载完毕的时候 { //do something var result = location.search.match(new RegExp("[\?\&]" + 'systemId'+ "=([^\&]+)","i")); if(result == null || result.length < 1){ result =""; } $("#systemId")[0].value=result[1]; } </script>
参登陆页面地址为https://www.cdvcloud.com:8443/cas/login?systemId=vms2.0 ,在第一次登陆界面的时候会携带这两个参数https://www.cdvcloud.com:8443/cas/login?service=http%3A%2F%2F172.16.3.101%3A8080%2Fvms2.0%2Fuser%2FtoMain%2F 其中的一个为我们的自定义的系统标识,第二个为cas验证数据库成功后转到的主界面。
3 在登录界面中加上了hidden,以此来传递给CAS。
<input type="hidden" name="systemId" id="systemId">
4 修改CAS源代码,UsernamePasswordCredentials.java,代码如下所示。
/* * Copyright 2007 The JA-SIG Collaborative. All rights reserved. See license * distributed with this file and available online at * http://www.ja-sig.org/products/cas/overview/license/ */ package org.jasig.cas.authentication.principal; import javax.validation.constraints.NotNull; import javax.validation.constraints.Size; /** * UsernamePasswordCredentials respresents the username and password that a user * may provide in order to prove the authenticity of who they say they are. * * @author Scott Battaglia * @version $Revision: 1.2 $ $Date: 2007/01/22 20:35:26 $ * @since 3.0 * <p> * This is a published and supported CAS Server 3 API. * </p> */ public class UsernamePasswordCredentials implements Credentials { /** Unique ID for serialization. */ private static final long serialVersionUID = -8343864967200862794L; /** The username. */ @NotNull @Size(min=1,message = "required.username") private String username; /** The password. */ @NotNull @Size(min=1, message = "required.password") private String password; /** The systemId for vms2.0 for sql validate xx add 2014��7��21��16:12:51. */ @NotNull @Size(min=1, message = "required.systemId") private String systemId; /*systemId begin*/ /** * @return Returns the systemId. */ public String getSystemId() { return systemId; } public void setSystemId(String systemId) { this.systemId = systemId; } public String toStringSystemId() { return "[systemId: " + this.systemId + "]"; } /*end */ /** * @return Returns the password. */ public final String getPassword() { return this.password; } /** * @param password The password to set. */ public final void setPassword(final String password) { this.password = password; } /** * @return Returns the userName. */ public final String getUsername() { return this.username; } /** * @param userName The userName to set. */ public final void setUsername(final String userName) { this.username = userName; } public String toString() { return "[username: " + this.username + "]"; } @Override public boolean equals(final Object o) { if (this == o) return true; if (o == null || getClass() != o.getClass()) return false; UsernamePasswordCredentials that = (UsernamePasswordCredentials) o; if (password != null ? !password.equals(that.password) : that.password != null) return false; if (username != null ? !username.equals(that.username) : that.username != null) return false; return true; } @Override public int hashCode() { int result = username != null ? username.hashCode() : 0; result = 31 * result + (password != null ? password.hashCode() : 0); return result; } }
除了cas自己的用户名和密码,添加自己的systemId标识。
5 修改QueryDatabaseAuthenticationHandler.java类 , 代码如下所示。
/* * Copyright 2007 The JA-SIG Collaborative. All rights reserved. See license * distributed with this file and available online at * http://www.ja-sig.org/products/cas/overview/license/ */ package org.jasig.cas.adaptors.jdbc; import org.jasig.cas.authentication.handler.AuthenticationException; import org.jasig.cas.authentication.principal.UsernamePasswordCredentials; import org.springframework.dao.IncorrectResultSizeDataAccessException; import javax.validation.constraints.NotNull; /** * Class that if provided a query that returns a password (parameter of query * must be username) will compare that password to a translated version of the * password provided by the user. If they match, then authentication succeeds. * Default password translator is plaintext translator. * * @author Scott Battaglia * @author Dmitriy Kopylenko * @version $Revision$ $Date$ * @since 3.0 */ public final class QueryDatabaseAuthenticationHandler extends AbstractJdbcUsernamePasswordAuthenticationHandler { @NotNull private String sql; protected final boolean authenticateUsernamePasswordInternal(final UsernamePasswordCredentials credentials) throws AuthenticationException { final String username = getPrincipalNameTransformer().transform(credentials.getUsername()); final String password = credentials.getPassword(); //xx add 2014 7 21 16:27:58 for vms2.0 systemid begin---------- //final String systemId = credentials.getSystemId(); String mySystemId = credentials.getSystemId(); String[] systemIdGroup=mySystemId.split(","); String systemId= systemIdGroup[0]; System.out.println("systemId---------"+systemId+"----------------systemid value"); //xxadd 2014 7 21 16:27:58 for vms2.0 systemid end---------- final String encryptedPassword = this.getPasswordEncoder().encode( password); try { final String dbPassword = getJdbcTemplate().queryForObject( this.sql, String.class, username,systemId); return dbPassword.equals(encryptedPassword); } catch (final IncorrectResultSizeDataAccessException e) { // this means the username was not found. return false; } } /** * @param sql The sql to set. */ public void setSql(final String sql) { this.sql = sql; } }
