- @since
*/
public class UsernamePasswordSysCredential extends RememberMeUsernamePasswordCredential {
@Size(min = 2, message = “require system”)
private String system;
public String getSystem() {
return system;
}
public UsernamePasswordSysCredential setSystem(String system) {
this.system = system;
return this;
}
@Override
public int hashCode() {
return new HashCodeBuilder()
.appendSuper(super.hashCode())
.append(this.system)
.toHashCode();
}
}
绑定参数
前端重写绑定参数,并且重写指定原有的“
/*
- 版权所有.©2008-2017. 卡尔科技工作室
*/
package com.carl.sso.support.auth;
import org.apereo.cas.web.flow.AbstractCasWebflowConfigurer;
import org.apereo.cas.web.flow.CasWebflowConstants;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.Flow;
import org.springframework.webflow.engine.ViewState;
import org.springframework.webflow.engine.builder.BinderConfiguration;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
/**
-
重新定义默认的web流程
-
@author Carl
-
@date 2017/10/23
-
@since 1.6.0
*/
public class CustomWebflowConfigurer extends AbstractCasWebflowConfigurer {
public CustomWebflowConfigurer(FlowBuilderServices flowBuilderServices, FlowDefinitionRegistry flowDefinitionRegistry) {
super(flowBuilderServices, flowDefinitionRegistry);
}
@Override
protected void doInitialize() throws Exception {
final Flow flow = getLoginFlow();
bindCredential(flow);
}
/**
-
绑定输入信息
-
@param flow
*/
protected void bindCredential(Flow flow) {
//重写绑定自定义credential
createFlowVariable(flow, CasWebflowConstants.VAR_ID_CREDENTIAL, UsernamePasswordSysCredential.class);
//登录页绑定新参数
final ViewState state = (ViewState) flow.getState(CasWebflowConstants.STATE_ID_VIEW_LOGIN_FORM);
final BinderConfiguration cfg = getViewStateBinderConfiguration(state);
//由于用户名以及密码已经绑定,所以只需对新加系统参数绑定即可
cfg.addBinding(new BinderConfiguration.Binding(“system”, null, false));
}
}
UsernamePasswordSystemAuthenticationHandler
当用户名为admin,并且system为sso即允许通过为了测试简单才定义简单的逻辑,开发过程中慎重考虑
/*
- 版权所有.©2008-2017. 卡尔科技工作室
*/
package com.carl.sso.support.auth.handler;
import com.carl.sso.support.auth.UsernamePasswordSysCredential;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.HandlerResult;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import javax.security.auth.login.AccountNotFoundException;
import java.security.GeneralSecurityException;
import java.util.Collections;
/**
-
用户名系统认证,只要是admin用户加上sso系统就允许通过
-
@author Carl
-
@date 2017/10/23
-
@since 1.6.0
*/
public class UsernamePasswordSystemAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler {
public UsernamePasswordSystemAuthenticationHandler(String name, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer order) {
super(name, servicesManager, principalFactory, order);
}
@Override
protected HandlerResult doAuthentication(Credential credential) throws GeneralSecurityException, PreventedException {
//当用户名为admin,并且system为sso即允许通过
UsernamePasswordSysCredential sysCredential = (UsernamePasswordSysCredential) credential;
if (“admin”.equals(sysCredential.getUsername()) && “sso”.equals(sysCredential.getSystem())) {
//这里可以自定义属性数据
return createHandlerResult(credential, this.principalFactory.createPrincipal(((UsernamePasswordSysCredential) credential).getUsername(), Collections.emptyMap()), null);
} else {
throw new AccountNotFoundException(“必须是admin用户才允许通过”);
}
}
@Override
public boolean supports(Credential credential) {
return credential instanceof UsernamePasswordSysCredential;
}
}
注册CasWebflowConfigurer
这里是spring boot的知识,需要对配置进行识别
由于需要对Credential进行重写定义,必须在该配置之前注册,否则自定义的无法重写
@AutoConfigureBefore(value = CasWebflowContextConfiguration.class)
/*
- 版权所有.©2008-2017. 卡尔科技工作室
*/
package com.carl.sso.support.auth.config;
import com.carl.sso.support.auth.CustomWebflowConfigurer;
import org.apereo.cas.config.CasWebflowContextConfiguration;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.web.flow.CasWebflowConfigurer;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
/**
-
@author Carl
-
@date 2017/10/23
-
@since 1.6.0
*/
@Configuration(“customerAuthWebflowConfiguration”)
@EnableConfigurationProperties(CasConfigurationProperties.class)
@AutoConfigureBefore(value = CasWebflowContextConfiguration.class)
public class CustomerAuthWebflowConfiguration {
@Autowired
@Qualifier(“logoutFlowRegistry”)
private FlowDefinitionRegistry logoutFlowRegistry;
@Autowired
@Qualifier(“loginFlowRegistry”)
private FlowDefinitionRegistry loginFlowRegistry;
@Autowired
@Qualifier(“builder”)
private FlowBuilderServices builder;
@Bean
public CasWebflowConfigurer customWebflowConfigurer() {
final CustomWebflowConfigurer c = new CustomWebflowConfigurer(builder, loginFlowRegistry);
c.setLogoutFlowDefinitionRegistry(logoutFlowRegistry);
return c;
}
}
注册AuthenticationHandler
/*
- 版权所有.©2008-2017. 卡尔科技工作室
*/
package com.carl.sso.support.auth.config;
import com.carl.sso.support.auth.handler.UsernamePasswordSystemAuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.ServicesManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
-
@author Carl
-
@date 2017/10/23
-
@since 1.6.0
*/
@Configuration(“customAuthenticationEventExecutionPlanConfiguration”)
@EnableConfigurationProperties(CasConfigurationProperties.class)
public class CustomAuthenticationEventExecutionPlanConfiguration implements AuthenticationEventExecutionPlanConfigurer {
@Autowired
@Qualifier(“servicesManager”)
private ServicesManager servicesManager;
@Autowired
@Qualifier(“jdbcPrincipalFactory”)
public PrincipalFactory jdbcPrincipalFactory;
/**
-
注册验证器
-
@return
*/
@Bean
public AuthenticationHandler customAuthenticationHandler() {
//优先验证
return new UsernamePasswordSystemAuthenticationHandler(“customAuthenticationHandler”,
servicesManager, jdbcPrincipalFactory, 1);
}
//注册自定义认证器
@Override
public void configureAuthenticationExecutionPlan(final AuthenticationEventExecutionPlan plan) {
plan.registerAuthenticationHandler(customAuthenticationHandler());
}
}
spring.factories
org.springframework.boot.autoconfigure.EnableAutoConfiguration=com.carl.sso.support.auth.config.CustomerAuthWebflowConfiguration,com.carl.sso.support.auth.config.CustomAuthenticationEventExecutionPlanConfiguration
casLoginView.html
新加绑定系统信息