cas 配置数据源 , 解决CAS 不支持你提供的凭证

最新推荐文章于 2021-08-20 14:01:17 发布
最新推荐文章于 2021-08-20 14:01:17 发布
阅读量1w 收藏 2
点赞数 2
分类专栏: Cas 文章标签: 框架 语言 编程
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/cenguocheng/article/details/12185815
版权

(HTTP方式)

安装环境

1.打开cas\WEB-INF\deployerConfigContext.xml文件
(1) 注销系统默认登录方式:  <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
  (2) 在 list 内添加 :
<bean  
                    class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">  
                    <property name="dataSource" ref="casDataSource" />  
                    <property name="sql"  value="select password from vc_user where account = ?" />     
                    <!-- <property name="passwordEncoder" ref="myPasswordEncoder" />   -->
                </bean> 
  (3) 在 beans 标签内添加 :
<bean id="casDataSource"  class="org.springframework.jdbc.datasource.DriverManagerDataSource">  
        <property name="driverClassName">  
            <value>com.mysql.jdbc.Driver</value>  
        </property>  
        <property name="url">  
            <value>jdbc:mysql://localhost:3306/test</value>  
        </property>  
        <property name="username">  
            <value></value>  
        </property>  
        <property name="password">  
            <value></value>  
        </property>  
    </bean>  


完整代码如下: 

<?xml version="1.0" encoding="UTF-8"?>
<!--

    Licensed to Jasig under one or more contributor license
    agreements. See the NOTICE file distributed with this work
    for additional information regarding copyright ownership.
    Jasig licenses this file to you under the Apache License,
    Version 2.0 (the "License"); you may not use this file
    except in compliance with the License.  You may obtain a
    copy of the License at the following location:

      http://www.apache.org/licenses/LICENSE-2.0

    Unless required by applicable law or agreed to in writing,
    software distributed under the License is distributed on an
    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    KIND, either express or implied.  See the License for the
    specific language governing permissions and limitations
    under the License.

-->
<!--
	| deployerConfigContext.xml centralizes into one file some of the declarative configuration that
	| all CAS deployers will need to modify.
	|
	| This file declares some of the Spring-managed JavaBeans that make up a CAS deployment.  
	| The beans declared in this file are instantiated at context initialization time by the Spring 
	| ContextLoaderListener declared in web.xml.  It finds this file because this
	| file is among those declared in the context parameter "contextConfigLocation".
	|
	| By far the most common change you will need to make in this file is to change the last bean
	| declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler with
	| one implementing your approach for authenticating usernames and passwords.
	+-->

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:tx="http://www.springframework.org/schema/tx"
       xmlns:sec="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
       http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
	<!--
		| This bean declares our AuthenticationManager.  The CentralAuthenticationService service bean
		| declared in applicationContext.xml picks up this AuthenticationManager by reference to its id, 
		| "authenticationManager".  Most deployers will be able to use the default AuthenticationManager
		| implementation and so do not need to change the class of this bean.  We include the whole
		| AuthenticationManager here in the userConfigContext.xml so that you can see the things you will
		| need to change in context.
		+-->
	<bean id="authenticationManager"
		class="org.jasig.cas.authentication.AuthenticationManagerImpl">
		
		<!-- Uncomment the metadata populator to allow clearpass to capture and cache the password
		     This switch effectively will turn on clearpass.
		<property name="authenticationMetaDataPopulators">
		   <list>
		      <bean class="org.jasig.cas.extension.clearpass.CacheCredentialsMetaDataPopulator">
		         <constructor-arg index="0" ref="credentialsCache" />
		      </bean>
		   </list>
		</property>
		 -->
		
		<!--
			| This is the List of CredentialToPrincipalResolvers that identify what Principal is trying to authenticate.
			| The AuthenticationManagerImpl considers them in order, finding a CredentialToPrincipalResolver which 
			| supports the presented credentials.
			|
			| AuthenticationManagerImpl uses these resolvers for two purposes.  First, it uses them to identify the Principal
			| attempting to authenticate to CAS /login .  In the default configuration, it is the DefaultCredentialsToPrincipalResolver
			| that fills this role.  If you are using some other kind of credentials than UsernamePasswordCredentials, you will need to replace
			| DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that supports the credentials you are
			| using.
			|
			| Second, AuthenticationManagerImpl uses these resolvers to identify a service requesting a proxy granting ticket. 
			| In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose. 
			| You will need to change this list if you are identifying services by something more or other than their callback URL.
			+-->
		<property name="credentialsToPrincipalResolvers">
			<list>
				<!--
					| UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login 
					| by default and produces SimplePrincipal instances conveying the username from the credentials.
					| 
					| If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also
					| need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the
					| Credentials you are using.
					+-->
				<bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" >
					<property name="attributeRepository" ref="attributeRepository" />
				</bean>
				<!--
					| HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials.  It supports the CAS 2.0 approach of
					| authenticating services by SSL callback, extracting the callback URL from the Credentials and representing it as a
					| SimpleService identified by that callback URL.
					|
					| If you are representing services by something more or other than an HTTPS URL whereat they are able to
					| receive a proxy callback, you will need to change this bean declaration (or add additional declarations).
					+-->
				<bean
					class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
			</list>
		</property>

		<!--
			| Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate, 
			| AuthenticationHandlers actually authenticate credentials.  Here we declare the AuthenticationHandlers that
			| authenticate the Principals that the CredentialsToPrincipalResolvers identified.  CAS will try these handlers in turn
			| until it finds one that both supports the Credentials presented and succeeds in authenticating.
			+-->
		<property name="authenticationHandlers">
			<list>
				<!--
					| This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
					| a server side SSL certificate.
					+-->
				<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
					p:httpClient-ref="httpClient" />
				<!--
					| This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS 
					| into production.  The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
					| where the username equals the password.  You will need to replace this with an AuthenticationHandler that implements your
					| local authentication strategy.  You might accomplish this by coding a new such handler and declaring
					| edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
					+-->
				<!-- <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> -->
				
				
				<!-- 配置自己的SQL -->
				<bean  
                    class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">  
                    <property name="dataSource" ref="casDataSource" />  
                    <property name="sql"  value="select password from vc_user where account = ?" />     
                    <!-- <property name="passwordEncoder" ref="myPasswordEncoder" />   -->
                </bean>  
				
			</list>
		</property>
	</bean>


	<!--
	This bean defines the security roles for the Services Management application.  Simple deployments can use the in-memory version.
	More robust deployments will want to use another option, such as the Jdbc version.
	
	The name of this should remain "userDetailsService" in order for Spring Security to find it.
	 -->
    <!-- <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />-->

    <sec:user-service id="userDetailsService">
        <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />
    </sec:user-service>
	
	<!-- 
	Bean that defines the attributes that a service may return.  This example uses the Stub/Mock version.  A real implementation
	may go against a database or LDAP server.  The id should remain "attributeRepository" though.
	 -->
	<bean id="attributeRepository"
		class="org.jasig.services.persondir.support.StubPersonAttributeDao">
		<property name="backingMap">
			<map>
				<entry key="uid" value="uid" />
				<entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> 
				<entry key="groupMembership" value="groupMembership" />
			</map>
		</property>
	</bean>
	
	<!-- 
	Sample, in-memory data store for the ServiceRegistry. A real implementation
	would probably want to replace this with the JPA-backed ServiceRegistry DAO
	The name of this bean should remain "serviceRegistryDao".
	 -->
	<bean
		id="serviceRegistryDao"
        class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
            <property name="registeredServices">
                <list>
                    <bean class="org.jasig.cas.services.RegexRegisteredService">
                        <property name="id" value="0" />
                        <property name="name" value="HTTP and IMAP" />
                        <property name="description" value="Allows HTTP(S) and IMAP(S) protocols" />
                        <property name="serviceId" value="^(https?|imaps?)://.*" />
                        <property name="evaluationOrder" value="10000001" />
                    </bean>
                    <!--
                    Use the following definition instead of the above to further restrict access
                    to services within your domain (including subdomains).
                    Note that example.com must be replaced with the domain you wish to permit.
                    -->
                    <!--
                    <bean class="org.jasig.cas.services.RegexRegisteredService">
                        <property name="id" value="1" />
                        <property name="name" value="HTTP and IMAP on example.com" />
                        <property name="description" value="Allows HTTP(S) and IMAP(S) protocols on example.com" />
                        <property name="serviceId" value="^(https?|imaps?)://([A-Za-z0-9_-]+\.)*example\.com/.*" />
                        <property name="evaluationOrder" value="0" />
                    </bean>
                    -->
                </list>
            </property>
        </bean>

  <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
  
  <bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor">
    <property name="monitors">
      <list>
        <bean class="org.jasig.cas.monitor.MemoryMonitor"
            p:freeMemoryWarnThreshold="10" />
        <!--
          NOTE
          The following ticket registries support SessionMonitor:
            * DefaultTicketRegistry
            * JpaTicketRegistry
          Remove this monitor if you use an unsupported registry.
        -->
        <bean class="org.jasig.cas.monitor.SessionMonitor"
            p:ticketRegistry-ref="ticketRegistry"
            p:serviceTicketCountWarnThreshold="5000"
            p:sessionCountWarnThreshold="100000" />
      </list>
    </property>
  </bean>
  
 
  <!-- ==============================数据源配置开始================================ -->
  <bean id="casDataSource"  
        class="org.springframework.jdbc.datasource.DriverManagerDataSource">  
        <property name="driverClassName">  
            <value>com.mysql.jdbc.Driver</value>  
        </property>  
        <property name="url">  
            <value>jdbc:mysql://localhost:3306/test</value>  
        </property>  
        <property name="username">  
            <value></value>  
        </property>  
        <property name="password">  
            <value></value>  
        </property>  
    </bean>  
  
    <!--<bean id="myPasswordEncoder" class="org.jasig.cas.authentication.handler.MyPasswordEncoder" />  
    <bean id="MD5PasswordEncoder"  
        class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">  
        <constructor-arg index="0">  
            <value>MD5</value>  
        </constructor-arg>  
    </bean>  -->
 <!-- ==============================数据源配置结束================================ -->
  
  
</beans>

声明我的CAS版本是 3.5.2 ,之前一直用其他网上找的配置方式,一直提示 CAS 不支持你提供的凭证,以上配置没问题,其他配置不需要更改,如HTTPS,改了可能还会错,如果有需要你可以自行更改



cenguocheng
关注
专栏目录
cas-server 配置mysql数据源
09-29
cas-server-webapp 4.0.0添加mysql数据源
CAS单点登录学习笔记五之CAS服务器数据源
04-19
了解并正确配置数据源CAS服务器部署和维护的关键步骤,确保CAS能够顺利地与数据库通信,提供稳定、高效的SSO服务。在实际环境中,应根据系统规模、并发量等因素调整数据源配置参数,以优化性能和资源利用率。 ...
CAS单点登录(三) 服务端数据源设置
暖阳阳
06-05 1694
2.1 需求分析 我们现在让用户名密码从我们的 user 表里做验证 (1)修改 cas 服务端中 web-inf 下 deployerConfigContext.xml ,添加如下配置 &lt;bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" p:driverClass="com.mysql.j...
CAS提供凭证有误
su317的专栏
03-20 1166
CAS Server:3.5.2 版本,war包zip包的modules目录。 登录是否https没有关系,deployerConfigContext.xml配置的是SimpleTestUsernamePasswordAuthenticationHandler,这个是只要用户和密码一样就可以。 默认的用户名个密码为:casuser/Mellon 这个是4.0版本。 ...
cas单点登录时报Invalid credentials
weixin_33695082的博客
08-16 623
2019独角兽企业重金招聘Python工程师标准>>> ...
CAS服务端配置读取数据库进行身份验证
bangxuzhong6421的博客
05-30 314
1.找到tomcat/webapp/cas/WEB-INF/deployerConfigContext.xml2.在此文件中找到 <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> 3.注释掉上面那...
基于springboot,cas5.3,shiro,pac4j,rest接口获取ticket不再跳转cas server登录页
09-08
它内置了Tomcat服务器,并自动配置了许多常用组件,如数据源、缓存、安全等,极大地提高了开发效率。 CAS则是一种开放源码的单点登录(Single Sign-On, SSO)协议,它允许用户通过单一登录凭证访问多个应用,而无需...
cas-server4.2.7数据库配置相关文件以及说明
04-04
通过`spring.datasource`前缀的属性,可以方便地配置数据源,Spring Boot还会自动加载JDBC驱动并创建数据源。 7. **定制化**: CAS允许开发者根据需求进行定制,例如自定义认证处理器、用户信息存储方式等。这可能...
apereo cas6.3.2可执行war,集成mysql的jdbc认证模块
03-28
这允许 CAS 使用 MySQL 存储用户的凭证和元数据,增强了数据库后端的灵活性。JDBC 认证模块使得 CAS 能够查询数据库来验证用户凭据,从而实现了与企业级数据库系统的无缝对接。为了配置这个模块,管理员需要提供...
用户中心+CAS+SDK,用户中心+CAS+SDK
最新发布
12-30
在这个压缩包文件“usercenter”中,我们可能找到了与用户中心相关的源代码、配置文件、API文档和示例。这些内容可能包括: 1. 用户中心API的SDK:包含与用户中心交互所需的客户端库,如创建、更新和查询用户信息的...
CAS学习(二)不使用Cookie实现前后端分离情况下的CAS单点登录
文若书生的专栏
07-04 2570
上一篇已经介绍了将CAS6.2编译为服务,放在Tomcat中运行 地址:https://blog.csdn.net/u011943534/article/details/118437235 按照CAS官方的流程,需要借用Cookie实现TGC的传递,这里实验不使用Cookie实现了单点登录 第一个服务的单点登录流程如下: 第一个服务已登录,第二个服务无需输入用户名、密码单点登录流程: 1、将上一章的CAS服务添加配置 已经配置好的在百度云盘中: 链接: https://pan.baidu.com/s
cas4.0 服务端添加自定义认证器,单点登录认证数据库用户和LDAP用户
weixin_39262933的博客
12-07 418
这段时间做CAS4.0的单点登录,整合LDAP的时候查了网上资料,最后还是怎么整都有问题,就换了这种方式,自己写个认证器去认证数据库的用户和LDAP的用户。 总结一下给自己看,共3步。 1、添加自定义认证器,主要是认证的逻辑。 2、添加解析器,用于自定义返回参数。 3、配置deployerConfigContext.xml。 1 添加自定义认证器 package com.msxf.sso.auth...
SSAS异常字符导致找不到属性键错误[转]
weixin_30273931的博客
01-16 234
异常字符导致的"attribute key not found"处理异常 由于服务器默认安装时Sql Server使用了Chinese_PRC_CI_AS这个collation,导致对一些unicode字符并不能很好的处理,加上SqlServer 和SSAS对字符串比较处理 上的不一致,导致了处理的异常。我们来看一下问题的分析。 问题描述 我们先来构建实验的数据 -- 员工...
CAS统一登录认证(3): CAS 客户端接入实践
oyc的博客
03-11 3531
CAS 客户端接入实践 一、接入准备 为了实现Cas单点登录的接入与验证,我这里准备部署三个系统,一个是之前我们搭建的服务端,这个服务端完全是Cas提供的,还有两个是我们自己编写的并且引入的Cas 客户端的接入应用,具体情况如下表所示: 应用 域名 端口 系统描述 来源 url C...
CAS 5.3使用MySQL数据库登录
非法小恋
08-20 899
一、本例环境说明 JDK 1.8 CAS 5.3 apache-maven-3.6.0 mysql-5.6.32 二、CAS 5.3基础环境搭建与验证 需要按照《CAS 5.3服务器搭建》搭建好环境,并使用系统默认用户名密码验证通过。 三、MySQL相关准备 3.1 创建MySQL数据库 (创建过程略) 3.2 新建user表,并增加2条记录 SET NAMES utf8mb4; SET FOREIGN_KEY_CHECKS = 0; -- ---------------------------- -
CAS单点登录开源框架解读(五)--CAS单点登录服务端认证之用户认证
joeljx的专栏
03-29 2601
如何进行用户身份认证 在第四章节中已经分析了如何输入请求地址跳转到登录页面的流程,下面就要进行登录页面输入用户信息进行用户认证的具体流程。 行为状态realSubmit *login-webflow.xml:* <action-state id="realSubmit"> <evaluate expression="authenticati...
CAS 服务端部署 部分配置
qq_21166213的博客
11-03 2614
使用的版本是 CAS-4.1.0 一、修改登录页面 1、默认的登陆页面是WEB-INF/view/jsp/default里面的ui/casLoginView.jsp为登陆页面,首先copy一份default命名为szcourt。原来的default用于备份。 2、默认的properties文件是cas-theme-default.properties,同样copy一份命名为c
CAS5.3自定义密码(数据库)认证(二)
qq_21359467的博客
03-12 1288
这里需要注意的是在pom.xml中增加新的jar时需将jdk中的证书切换至初始化的证书文件。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值