CAS 获取更多的用户信息。

最新推荐文章于 2019-03-23 16:54:22 发布
最新推荐文章于 2019-03-23 16:54:22 发布
阅读量1.6k 收藏
点赞数
分类专栏: cas 文章标签: credentials bean callback authentication class attributes

1. CAS版本

    CAS server3.4.1   http://downloads.jasig.org/cas/ 
    CAS client3.1.12  http://downloads.jasig.org/cas-clients/



2. 修改server端  deployerConfigContext.xml  配置文件。

<?xml version="1.0" encoding="UTF-8"?>
<!--
| deployerConfigContext.xml centralizes into one file some of the declarative configuration that
| all CAS deployers will need to modify.
|
| This file declares some of the Spring-managed JavaBeans that make up a CAS deployment. 
| The beans declared in this file are instantiated at context initialization time by the Spring
| ContextLoaderListener declared in web.xml.  It finds this file because this
| file is among those declared in the context parameter "contextConfigLocation".
|
| By far the most common change you will need to make in this file is to change the last bean
| declaration to replace the default SimpleTestUsernamePasswordAuthenticationHandler with
| one implementing your approach for authenticating usernames and passwords.
+-->
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:sec="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<!--
| This bean declares our AuthenticationManager.  The CentralAuthenticationService service bean
| declared in applicationContext.xml picks up this AuthenticationManager by reference to its id,
| "authenticationManager".  Most deployers will be able to use the default AuthenticationManager
| implementation and so do not need to change the class of this bean.  We include the whole
| AuthenticationManager here in the userConfigContext.xml so that you can see the things you will
| need to change in context.
+-->
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<!--
| This is the List of CredentialToPrincipalResolvers that identify what Principal is trying to authenticate.
| The AuthenticationManagerImpl considers them in order, finding a CredentialToPrincipalResolver which
| supports the presented credentials.
|
| AuthenticationManagerImpl uses these resolvers for two purposes.  First, it uses them to identify the Principal
| attempting to authenticate to CAS /login .  In the default configuration, it is the DefaultCredentialsToPrincipalResolver
| that fills this role.  If you are using some other kind of credentials than UsernamePasswordCredentials, you will need to replace
| DefaultCredentialsToPrincipalResolver with a CredentialsToPrincipalResolver that supports the credentials you are
| using.
|
| Second, AuthenticationManagerImpl uses these resolvers to identify a service requesting a proxy granting ticket.
| In the default configuration, it is the HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose.
| You will need to change this list if you are identifying services by something more or other than their callback URL.
+-->
<property name="credentialsToPrincipalResolvers">
<list>
<!--
| UsernamePasswordCredentialsToPrincipalResolver supports the UsernamePasswordCredentials that we use for /login
| by default and produces SimplePrincipal instances conveying the username from the credentials.
|
| If you've changed your LoginFormAction to use credentials other than UsernamePasswordCredentials then you will also
| need to change this bean declaration (or add additional declarations) to declare a CredentialsToPrincipalResolver that supports the
| Credentials you are using.
+-->
<bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" >
<property name="attributeRepository" >
<ref local="attributeRepository"/>
</property>
</bean>
<!--
| HttpBasedServiceCredentialsToPrincipalResolver supports HttpBasedCredentials.  It supports the CAS 2.0 approach of
| authenticating services by SSL callback, extracting the callback URL from the Credentials and representing it as a
| SimpleService identified by that callback URL.
|
| If you are representing services by something more or other than an HTTPS URL whereat they are able to
| receive a proxy callback, you will need to change this bean declaration (or add additional declarations).
+-->
<bean
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
</list>
</property>

<!--
| Whereas CredentialsToPrincipalResolvers identify who it is some Credentials might authenticate,
| AuthenticationHandlers actually authenticate credentials.  Here we declare the AuthenticationHandlers that
| authenticate the Principals that the CredentialsToPrincipalResolvers identified.  CAS will try these handlers in turn
| until it finds one that both supports the Credentials presented and succeeds in authenticating.
+-->
<property name="authenticationHandlers">
<list>
<!--
| This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
| a server side SSL certificate.
+-->
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" p:requireSecure="false"/>
<!--
| This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS
| into production.  The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials
| where the username equals the password.  You will need to replace this with an AuthenticationHandler that implements your
| local authentication strategy.  You might accomplish this by coding a new such handler and declaring
| edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules.
+-->
<!-- 配置用户验证,验证方式可以配置多个。 只要有一个验证成功就会退出-->
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="sql" value="select account_password from utv_account where account_username=?" />
<property name="dataSource" ref="dataSource" />
<property name="passwordEncoder" ref="passwordEncoder" />
                </bean>

</list>
</property>
</bean>

<!-- 数据源配置 -->
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" >
   <property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property>
   <property name="url"><value>jdbc:mysql://192.168.1.88:3306/utvvideo?useUnicode=true&amp;characterEncoding=UTF-8</value></property>
   <property name="username"><value>utvchina</value></property>
   <property name="password"><value>utvchina</value></property>
</bean>
<!-- 定义自己的加密机制 -->
<bean id="passwordEncoder" class="org.jasig.cas.authentication.handler.EncryptPasswordEncoder"
autowire="byName">
<constructor-arg value="MD5" />
</bean> 

<!--
This bean defines the security roles for the Services Management application.  Simple deployments can use the in-memory version.
More robust deployments will want to use another option, such as the Jdbc version.

The name of this should remain "userDetailsService" in order for Spring Security to find it.
-->
    <!-- <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />-->

    <sec:user-service id="userDetailsService">
        <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />
    </sec:user-service>

<!-- 在这里配置获取更多的信息 -->
<bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
<constructor-arg index="0" ref="dataSource" />
<constructor-arg index="1" value="select U_id as UId,U_type as UType,U_email as UEmail from t_user where U_username=?" />
<property name="queryAttributeMapping">
<map>
<entry key="username" value="uid"/><!-- 这里必须这么写,系统会自己匹配。 -->
</map>
</property>
<!-- 要获取的属性在这里配置 -->
<property name="resultAttributeMapping">
<map>
<entry key="UId" value="U_id" />
<entry key="UType" value="U_type" />
<entry key="UEmail" value="U_email" />
</map>
</property>
</bean>

<!--
Sample, in-memory data store for the ServiceRegistry. A real implementation
would probably want to replace this with the JPA-backed ServiceRegistry DAO
The name of this bean should remain "serviceRegistryDao".
-->
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
</bean>
</beans>


3. 修改WEB-INF\view\jsp\protocol\2.0\casServiceValidationSuccess.jsp文件,如下:

 

<%@ page session="false"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%>
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
 <cas:authenticationSuccess>
  <cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.id)}</cas:user>
  <c:if test="${not empty pgtIou}">
   <cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket>
  </c:if>
  <c:if test="${fn:length(assertion.chainedAuthentications) > 1}">
   <cas:proxies>
    <c:forEach var="proxy" items="${assertion.chainedAuthentications}"
     varStatus="loopStatus" begin="0"
     end="${fn:length(assertion.chainedAuthentications)-2}" step="1">
     <cas:proxy>${fn:escapeXml(proxy.principal.id)}</cas:proxy>
    </c:forEach>
   </cas:proxies>
  </c:if>

  <c:if
   test="${fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes) > 0}">
   <cas:attributes>
    <c:forEach var="attr"
     items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}"
     varStatus="loopStatus" begin="0"
     end="${fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes)-1}"
     step="1">
     <cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>
    </c:forEach>
   </cas:attributes>
  </c:if>

 </cas:authenticationSuccess>
</cas:serviceResponse>

 

 

 4. 在客户端获取信息

     AttributePrincipal principal = (AttributePrincipal) request.getUserPrincipal();

     String loginName = principal.getName();//获取用户名

     Map<String, Object> attributes = principal.getAttributes();

     if(attributes != null) {

         System.out.println(attributes.get("U_id"));

         System.out.println(attributes.get("U_type"));

         System.out.println(attributes.get("U_email"));

     }

本文摘自:http://yuzhwe.javaeye.com/blog/830143
ly5156
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
专栏目录
单点登录系统CAS搭建及取得用户信息的实现
梦断酒醒无归处
03-25 1万+
一、            单点登录简介 单点登录(Single sign-on,简称为 SSO),是目前比较流行的企业业务整合的解决方案之一。其简单定义是在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统。类似的,用户只需要执行一次退出操作就可以终止对所有相关应用系统的访问。 本文主旨在介绍如何使用CAS实现单点登录时取得多的用户信息,单点登录的原理将不作阐述。 二、
cas sso 单点登陆 登陆及client获取用户信息(三)
nmsbq的博客
06-20 9836
1.导入项目 cas-server-webapp源码导入到idea或eclipse,pom.xml 加入依赖的jar org.jasig.cas cas-server-support-jdbc 3.5.1 runtime mysql mysql-connector-java 5.1.22 2.CAS服务器深入配置 上面的初体验仅仅是简单
CAS客户端获取用户保存至sessionUser
08-18
CAS客户端获取用户保存至sessionUser
Cas共享用户信息方案
qq_36956015的博客
03-23 372
Cas-3.5.2共享用户信息方案
cas服务端自定义加密方法继承的PasswordEncoder类 但是加密方法需要用户名 怎么才能获取到呢 求牛人告知
Crazywjw的博客
05-31 2026
package org.jasig.cas.authentication.handler;public final class PasswordJiami implements PasswordEncoder{      /**      * 进行加密编码      * @param s 要加密的字符串      * @return 加密后的字符串      */ public String en...
CAS登录后获取多信息
zhangjunli的博客
07-10 630
多版本CAS登录后获取多信息cas-server-3.5.2 cas-server-4.0.0两个版本的配置文件差别还是很大的,本文仅做个笔记用。无详细描述。修改 deployerConfigContext.xml//**********************3.5.2所需要修改的配置文件******************注释掉下面代码,该段代码是cas默认登录检查&lt;!-- &lt;b...
基于springboot,cas5.3,shiro,pac4j,rest接口获取ticket不再跳转cas server登录页
09-08
在这个过程中,我们使用Pac4J的CasClient来处理请求,获取并验证ticket,然后将用户信息返回给客户端,完成认证过程。 5. 用户认证流程优化:通过上述配置,用户在访问受保护的REST接口时,不会被重定向到CAS服务器...
cas server 5.3.9 整合数据库验证用户信息,使用security密码验证方式
06-18
CAS Server 5.3.9是CAS的一个特定版本,它引入了多的功能和改进,以提供稳定和安全的认证服务。 在CAS Server 5.3.9中整合数据库验证用户信息是常见的应用场景,这意味着CAS会与一个或多个数据库进行交互,以...
CAS3.1配置PersonDirectory以获取除UserName外多的属性
03-05
总结,配置CAS 3.1的PersonDirectory以获取多用户属性涉及到理解CAS架构,熟悉PersonDirectory的工作原理,以及对Spring XML配置的理解。通过正确配置`deployerConfigContext.xml`,我们可以实现从多个数据源获取...
CAS—登录后返回用户信息
杜海的博客
04-02 1010
cas server登录成功后,默认只能从casclient得到用户名。但程序中也可能遇到需要得到多如姓名,手机号,email等用户信息的情况。 cas client拿到用户名后再到数据库中查询,的确可以得到关于该用户的多信息。 但是如果用户登录成功后,直接从cas server返回给casclient用户的详细信息,这也是一个不错的做法。这个好处,尤其是在分布式中得以彰显,cas
CAS3.5.2 Server登录后返回用户信息详细解决方案
weixin_30587025的博客
02-01 341
单点登录(Single Sign-On, 简称SSO)是目前比较流行的服务于企业业务整合的解决方案之一,SSO使得在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统。大家在使用时CAS Server验证成功后会立即跳转到客户端,CAS Server默认只返回账号uid给客户端,如何定义CAS server返回信息到CAS Client客户端(CAS server返...
CAS获取用户多信息
七夜之家
06-16 3621
配置SingleRowJdbcPersonAttributeDao 基于deployerConfigContext.xml配置文件,添加SingleRowJdbcPersonAttributeDao节点,其使用jdbc连接mysql认证,并且返回多的用户信息放到session里让客户端获取 ? 1 2 3 4 5 6 7 8 9 10 11
CAS服务端返回多的用户登录信息
05-22 3253
cas server登录成功后,默认只能从cas server得到用户名。但程序中也可能遇到需要得到多如姓名,手机号,email等用户信息的情况。cas client拿到用户名后再到数据库中查询,的确可以得到关于该用户的多信息。但是如果用户登录成功后,直接从cas server返回给cas client用户的详细信息,这也是一个不错的做法。这个好处,尤其是在分布式中得以彰显,ca
3.CAS从数据库获取用户信息
编码语言Codelang
11-19 5373
CAS从数据库获取用户信息 1.1特别说明       由于考虑到后面的博文,所以在这里我们直接将工程弄到eclipse下去进行定制修改可能会方便一些。我这是在项目中直接使用,可能基本上说的都是一些实战过程, 对原理方面介绍的少,毕竟大家大多数人想要的是拿着就上手的,不好之处还请大家谅解,多多指正一起交流。 1.2 准备工作       (1)创建maven工程转成WE
H3C CAS云计算管理平台安装:分区信息写入磁盘关键步骤
本文主要讨论的是在H3C CAS云计算管理平台的安装过程中,如何将分区信息写入磁盘的关键步骤,这对于正确安装和配置H3C CAS至关重要,特别是对于进行量化交易的Python进阶学习者,理解这一环节能好地实现高效、稳定...
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值