CAS Server 如何连接WebService验密?
一般常用的有连接AD 域控的LDAP或DB去做用户和密码的验证,网上也有很多介绍。
CAS Server的source code初始化时,使用的是casuser/Mellon,以方便大家初次使用。
最简的方式就是从这里入手,大家可以在deployerConfigContext.xml里找CASUSER或Mellon.
下面是我修改后的配置文件,用最简单的SOAP去连接,利用原始功能从配置文件里读取URL和SOAP信息。
直接修改这个方法的中问部分即可,如果验证不成功直接抛出异常即可。接下的事情就交给CAS 去生成TOKEN......
protected final HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential)
throws GeneralSecurityException, PreventedException {
final String username = credential.getUsername();
final String password = credential.getPassword();
final String cacheurl = this.users.get("url");
final String cachesoap = this.users.get("soap");
String result = "false";
try {
//服务的地址
URL wsUrl;
wsUrl = new URL(cacheurl);
HttpURLConnection conn;
conn = (HttpURLConnection) wsUrl.openConnection();
conn.setDoInput(true);
conn.setDoOutput(true);
conn.setRequestMethod("POST");
conn.setRequestProperty("Content-Type", "text/xml;charset=UTF-8");
OutputStream os = conn.getOutputStream();
//请求体
String soap = cachesoap;
soap = soap.replace("username-param", username).replace("password-param",password);//替换用户名和密码
os.write(soap.getBytes());
InputStream is = conn.getInputStream();
Document doc;
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder db = dbf.newDocumentBuilder();
doc = db.parse(is);
NodeList nl = doc.getElementsByTagName("LoginResult");
StringBuffer sb = new StringBuffer();
Node n = nl.item(0);
result = n.getFirstChild().getNodeValue();
is.close();
os.close();
conn.disconnect();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
System.out.println("------User ["+username+"]Login result: "+result);
if(!result.equals("Success")){
logger.debug("{} :wrong username or password.", username);
throw new AccountNotFoundException(username + " wrong username or password.");
}
final String encodedPassword = this.getPasswordEncoder().encode(credential.getPassword());
return createHandlerResult(credential, new SimplePrincipal(username), null);
}