适用版本:cas-client-java-2.1.1 cas-client-core-3.1.10.jar cas-server-core-3.1.1.jar
CAS返回给客户端的数据默认是不包含密码的,需要对服务端和客户端做以下修改:
服务端:
1. 登陆后将用户密码保存到起来
修改org.jasig.cas.authentication.principal.AbstractPersonDirectoryCredentialsToPrincipalResolver的方法resolvePrincipal,在方法返回前增加下面的代码:
Map attributes = this.attributeRepository.getUserAttributes(principalId);
if(UsernamePasswordCredentials.class.isAssignableFrom(credentials
.getClass())){
UsernamePasswordCredentials usernamePasswordCredentials = (UsernamePasswordCredentials) credentials;
if(attributes == null){
attributes = new HashMap<String, String>();
}
attributes.put("password", usernamePasswordCredentials.getPassword());
}
2. 验证客户端ticket时,读出保存的密码
org.jasig.cas.CentralAuthenticationServiceImpl.validateServiceTicket()方法333行增加这句话:
attributes.put("password", principal.getAttributes().get("password"));
3. 修改验证成功后返回给客户端的数据模板文件
casServiceValidationSuccess.jsp在<cas:user>后增加:
<cas:password>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes.password)}</cas:password>
客户端:
1. CASReceipt类增加password字段,并提供get,set方法
2. 修改edu.yale.its.tp.cas.client.ServiceTicketValidator
首先同样增加password字段:
private String casValidateUrl, proxyCallbackUrl, st, service, pgtIou,
user, password, errorCode, errorMessage, entireResponse;
public String getPasswor(){
return this.password;
}
修改内部类class Handler,代码如下:
protected class Handler extends DefaultHandler {
//**********************************************
// Constants
protected static final String AUTHENTICATION_SUCCESS =
"cas:authenticationSuccess";
protected static final String AUTHENTICATION_FAILURE =
"cas:authenticationFailure";
protected static final String PROXY_GRANTING_TICKET =
"cas:proxyGrantingTicket";
protected static final String USER = "cas:user";
protected static final String PASSWORD = "cas:password";
//**********************************************
// Parsing state
protected StringBuffer currentText = new StringBuffer();
protected boolean authenticationSuccess = false;
protected boolean authenticationFailure = false;
protected String netid, pgtIou, errorCode, errorMessage;
//**********************************************
// Parsing logic
public void startElement(String ns, String ln, String qn, Attributes a) {
// clear the buffer
currentText = new StringBuffer();
// check outer elements
if (qn.equals(AUTHENTICATION_SUCCESS)) {
authenticationSuccess = true;
} else if (qn.equals(AUTHENTICATION_FAILURE)) {
authenticationFailure = true;
errorCode = a.getValue("code");
if (errorCode != null)
errorCode = errorCode.trim();
}
}
public void characters(char[] ch, int start, int length) {
// store the body, in stages if necessary
currentText.append(ch, start, length);
}
public void endElement(String ns, String ln, String qn)
throws SAXException {
if (authenticationSuccess) {
if (qn.equals(USER))
user = currentText.toString().trim();
if (qn.equals(PASSWORD))
password = currentText.toString().trim();
if (qn.equals(PROXY_GRANTING_TICKET))
pgtIou = currentText.toString().trim();
} else if (authenticationFailure) {
if (qn.equals(AUTHENTICATION_FAILURE))
errorMessage = currentText.toString().trim();
}
}
public void endDocument() throws SAXException {
// save values as appropriate
if (authenticationSuccess) {
ServiceTicketValidator.this.user = user;
ServiceTicketValidator.this.password = password;
ServiceTicketValidator.this.pgtIou = pgtIou;
ServiceTicketValidator.this.successfulAuthentication = true;
} else if (authenticationFailure) {
ServiceTicketValidator.this.errorMessage = errorMessage;
ServiceTicketValidator.this.errorCode = errorCode;
ServiceTicketValidator.this.successfulAuthentication = false;
} else
throw new SAXException("no indication of success or failure from CAS");
}
}
扫一扫
3092
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
