环境&中间件:
JDK:1.8
Tomcat:9.0.52
工具:Spring Tool Suite
Cas version:5.3
数据库:Mysql 8.0.26
步骤:
1、下载工程到本地,下载地址:
https://github.com/apereo/cas-overlay-template/tree/5.3
2、添加maven依赖:
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-jdbc</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-jdbc-drivers</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.13</version>
</dependency>
3、工程目录如下图,直接工程右键:Run as->Maven install,安装完成之后target目录下会出现一个cas.war和一个cas文件夹,接下来主要针对cas文件夹修改。
4、库表,不多说了,直接上表结构吧,顺便附上三个数据,对应三个使用场景:
CREATE TABLE `system_user` (
`id` varchar(32) NOT NULL,
`username` varchar(30) DEFAULT NULL,
`password` varchar(256) DEFAULT NULL,
`salt` varchar(128) DEFAULT NULL,
`status` varchar(1) DEFAULT NULL,
PRIMARY KEY (`id`)
);
insert into `system_user`(`id`,`username`,`password`,`salt`,`status`) values ('1','admin','0eedb29cb69303aa51bb44a20b9a0837b46ada69d4bc06d74bdf0d597703dab0','0547d5a1683cdfcb8c0ee39de8c095f7','0'),
('2','test','123456','123456','0'),
('3','test01','e10adc3949ba59abbe56e057f20f883e',' ','0');
5、修改/cas-overlay-template/target/cas/WEB-INF/classes/services/HTTPSandIMAPS-10000001.json,增加http协议:
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https|http|imaps)://.*",
"name" : "HTTPS and IMAPS",
"id" : 10000001,
"description" : "This service definition authorizes all application urls that support HTTPS and IMAPS protocols.",
"evaluationOrder" : 10000
}
6、第一个使用场景,密码明文存储,对应用户test,密码123456,修改/cas-overlay-template/target/cas/WEB-INF/classes/application.properties文件:
#cas.authn.accept.users=casuser::Mellon
cas.tgc.secure=false
cas.serviceRegistry.initFromJson=true
#配置数据库连接
cas.authn.jdbc.query[0].url=jdbc:mysql://localhost:3306/imiao?characterEncoding=utf8&useSSL=false&serverTimezone=GMT
cas.authn.jdbc.query[0].driverClass=com.mysql.cj.jdbc.Driver
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect
cas.authn.jdbc.query[0].user=root
cas.authn.jdbc.query[0].password=123456
#添加jdbc认证
cas.authn.jdbc.query[0].sql=select * from system_user where username = ?
#那一个字段作为密码字段
cas.authn.jdbc.query[0].fieldPassword=password
7、第二个使用场景,密码密文存储,使用MD5的32位加密方式,对应用户test01,密码123456,修改/cas-overlay-template/target/cas/WEB-INF/classes/application.properties文件:
#cas.authn.accept.users=casuser::Mellon
cas.tgc.secure=false
cas.serviceRegistry.initFromJson=true
#配置数据库连接
cas.authn.jdbc.query[0].url=jdbc:mysql://localhost:3306/imiao?characterEncoding=utf8&useSSL=false&serverTimezone=GMT
cas.authn.jdbc.query[0].driverClass=com.mysql.cj.jdbc.Driver
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect
cas.authn.jdbc.query[0].user=root
cas.authn.jdbc.query[0].password=123456
#添加jdbc认证
cas.authn.jdbc.query[0].sql=select * from system_user where username = ?
#那一个字段作为密码字段
cas.authn.jdbc.query[0].fieldPassword=password
#数据库密码字段默认加密
cas.authn.jdbc.query[0].passwordEncoder.type=DEFAULT
cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=MD5
8、第三个场景,使用盐值加密,加密方式SHA-256,对应用户admin,密码123456,修改/cas-overlay-template/target/cas/WEB-INF/classes/application.properties文件:
#cas.authn.accept.users=casuser::Mellon
cas.tgc.secure=false
cas.serviceRegistry.initFromJson=true
#数据库密码字段盐值加密
#配置数据库连接
cas.authn.jdbc.encode[0].url=jdbc:mysql://localhost:3306/imiao?characterEncoding=utf8&useSSL=false&serverTimezone=GMT
cas.authn.jdbc.encode[0].driverClass=com.mysql.cj.jdbc.Driver
cas.authn.jdbc.encode[0].dialect=org.hibernate.dialect.MySQLDialect
cas.authn.jdbc.encode[0].user=root
cas.authn.jdbc.encode[0].password=123456
#加密迭代次数
cas.authn.jdbc.encode[0].numberOfIterations=1024
#或从库表字段获取
#cas.authn.jdbc.encode[0].numberOfIterationsFieldName=
#盐值列
cas.authn.jdbc.encode[0].saltFieldName=salt
#或者可以使用静态盐值
#cas.authn.jdbc.encode[0].staticSalt=
#添加jdbc认证
cas.authn.jdbc.encode[0].sql=select * from system_user where username = ?
#加密算法
cas.authn.jdbc.encode[0].algorithmName=SHA-256
#密码字段
cas.authn.jdbc.encode[0].passwordFieldName=password
#以下两个状态字段未测试过
#cas.authn.jdbc.encode[0].expiredFieldName=expired
#cas.authn.jdbc.encode[0].disabledFieldName=disabled
9、在sts中新建tomcat服务器之后,在server.xml的Host中增加标签:
<Context path="/cas" docBase="D:\Program Files\gitee\cas-overlay-template-5.3\cas-overlay-template\target\cas" reloadable="true">
<WatchedResource>WEB-INF/web.xml</WatchedResource>
</Context>
10、启动,访问地址http://localhost:8080/cas/login,顺便提一下,一开始用tomcat10怎么起都不行,还是用tomcat9吧。下一遍准备研究一下登录页面的改造,密码传输使用国密加密,自定义验证方式,密码落库也用国密加密。最后附上加密的代码,和加密需要的依赖:
import org.apache.shiro.crypto.RandomNumberGenerator;
import org.apache.shiro.crypto.SecureRandomNumberGenerator;
import org.apache.shiro.crypto.hash.DefaultHashService;
import org.apache.shiro.crypto.hash.HashRequest;
import org.junit.Test;
public class App {
public static void main(String[] args) {
System.out.println("Hello World!");
}
@Test
public void tet(){
String passWord = "123456";
DefaultHashService hashService = new DefaultHashService();
hashService.setHashAlgorithmName("SHA-256");
Long numOfIterations = 1024L;
hashService.setHashIterations(numOfIterations.intValue());
RandomNumberGenerator randomNumberGenerator = new SecureRandomNumberGenerator();
String salt = randomNumberGenerator.nextBytes().toHex();
HashRequest hq = new HashRequest.Builder().setSalt(salt).setSource(passWord).build();
String digestedPassWord = hashService.computeHash(hq).toHex();
System.out.println("加密后的密码:" + digestedPassWord);
System.out.println("加密的盐:" + salt);
}
}
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.11</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.56</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-all</artifactId>
<version>1.8.0</version>
</dependency>