最近碰到一个问题 ,是这样的 ,我们项目利用了CAS认证中心,APP需要与CAS整合 ,官网原先提供的DEMO 默认好像是不支持RestFul的 。后来 我用了其他公司稍微修改的
CAS,平时CAS一般 只是简单的使用。
后来通过反编译,修改了如下代码:
(1):
public class QueryDatabaseAuthenticationHandler extends AbstractJdbcUsernamePasswordAuthenticationHandler
{
@NotNull
private String sql;
protected final boolean authenticateUsernamePasswordInternal(UsernamePasswordCredentials credentials)
throws AuthenticationException
{
String username1 = getPrincipalNameTransformer().transform(credentials.getUsername());
String username = Encodes.encodeBase64(username1);
String password = credentials.getPassword();
System.out.println("Q����ǰ:" + username1 + " ���ܺ�:" + username);
String encryptedPassword = getPasswordEncoder().encode(
password);
try
{
String dbPassword = (String)getJdbcTemplate().queryForObject(this.sql, String.class, new Object[] { username });
return dbPassword.equals(encryptedPassword);
} catch (IncorrectResultSizeDataAccessException e) {
}
return false;
}
public void setSql(String sql)
{
this.sql = sql;
}
}通过反编译发现 该CAS修改了 username,把username encode了
我测试的时候,还发现了另一个问题,用户名和密码一样才可以登入
<!--
| This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS
| into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
| where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your
| local authentication strategy. You might accomplish this by coding a new such handler and declaring
| edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
+-->
<bean
class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> 通过默认的配置文件的描述,我们可以看到 ,如果 没有 把该Bean注释掉,则 用户名和密码需要一样才可以登入
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
