背景:对于接入同一个Cas服务的子系统,我们需要让保存的Session内容一致。
1.CAS-Server服务中自定义AuthenticationHandler继承自AbstractUsernamePasswordAuthenticationHandler覆盖authenticateUsernamePasswordInternal方法-用户认证方法
@Override
protected HandlerResult authenticateUsernamePasswordInternal(UsernamePasswordCredential transformedCredential,
String originalPassword) throws GeneralSecurityException, PreventedException {
String username = transformedCredential.getUsername();
//TODO 根据用户名查到用户更多信息并放入map中
Map<String,Object> result = new HashMap<>();
return createHandlerResult(transformedCredential, principalFactory.createPrincipal(username,result), null);
}
2.cas-client-core客户端,自定义CustomCas30ProxyReceivingTicketValidationFilter继承Cas30ProxyReceivingTicketValidationFilter实现onSuccessfulValidation
@Override
protected void onSuccessfulValidation(HttpServletRequest request, HttpServletResponse response, Assertion assertion) {
String dcpLoginInfo = (String) assertion.getPrincipal().getAttributes().get(DCP_LOGIN_INFO);
request.getSession().setAttribute(DCP_LOGIN_INFO,dcpLoginInfo);
}