配置SingleRowJdbcPersonAttributeDao
基于deployerConfigContext.xml配置文件,添加SingleRowJdbcPersonAttributeDao节点,其使用jdbc连接mysql认证,并且返回更多的用户信息放到session里让客户端获取
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
<
bean
id
=
"xiaokacengAttributeRepository"
class
=
"org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao"
>
<
constructor-arg
index
=
"0"
ref
=
"dataSource"
/>
<
constructor-arg
index
=
"1"
value
=
"select email,name,username,password from cas_user where {0}"
/>
<!-- 组装sql用的查询条件属性 -->
<
property
name
=
"queryAttributeMapping"
>
<
map
>
<!-- key必须是uername而且是小写否则会导致取不到用户的其它信息,value对应数据库用户名字段,系统会自己匹配 -->
<
entry
key
=
"username"
value
=
"username"
/>
</
map
>
</
property
>
<
property
name
=
"resultAttributeMapping"
>
<
map
>
<!-- key为对应的数据库字段名称,value为提供给客户端获取的属性名字,系统会自动填充值 -->
<
entry
key
=
"username"
value
=
"username"
></
entry
>
<
entry
key
=
"email"
value
=
"email"
></
entry
>
<
entry
key
=
"name"
value
=
"name"
></
entry
>
<
entry
key
=
"password"
value
=
"password"
></
entry
>
</
map
>
</
property
>
</
bean
>
|
配置用户认证凭据转化的解析器
在deployerConfigContext.xml中,为UsernamePasswordCredentialsToPrincipalResolver注入attributeRepository
1
2
3
|
<
bean
class
=
"org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
>
<
property
name
=
"attributeRepository"
ref
=
"xiaokacengAttributeRepository"
/>
</
bean
>
|
删除serviceRegistryDao节点下的配置
如果不注释掉里面的内容,将会导致客户端无法获取用户更多的信息
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
<
bean
id
=
"serviceRegistryDao"
class
=
"org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"
>
<!--
< property name = "registeredServices" >
<list>
<bean class="org.jasig.cas.services.RegexRegisteredService">
<property name="id" value="0" />
<property name="name" value="HTTP and IMAP" />
<property name="description" value="Allows HTTP(S) and IMAP(S) protocols" />
<property name="serviceId" value="^(https?|imaps?)://.*" />
<property name="evaluationOrder" value="10000001" />
</bean>
</list>
</ property >-->
</
bean
>
|
添加用户信息返回
找到WEB-INF/view/jsp/protocol/2.0/casServiceValidationSuccess.jsp。此文件作用是在server验证成功后,这个页面负责生成与客户端交互的xml信息,在默认casServiceValidationSuccess.jsp中,只包括用户登录名,并不提供其他的属性信息,因此需要对页面进行扩展
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
<%@ page session=
"false"
%>
<%@ taglib prefix=
"c"
uri=
"http://java.sun.com/jsp/jstl/core"
%>
<%@ taglib uri=
"http://java.sun.com/jsp/jstl/functions"
prefix=
"fn"
%>
<cas:serviceResponse xmlns:cas=
'http://www.yale.edu/tp/cas'
>
<cas:authenticationSuccess>
<cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-
1
].principal.id)}</cas:user>
<c:
if
test=
"${not empty pgtIou}"
>
<cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket>
</c:
if
>
<c:
if
test=
"${fn:length(assertion.chainedAuthentications) > 1}"
>
<cas:proxies>
<c:forEach var=
"proxy"
items=
"${assertion.chainedAuthentications}"
varStatus=
"loopStatus"
begin=
"0"
end=
"${fn:length(assertion.chainedAuthentications)-2}"
step=
"1"
>
<cas:proxy>${fn:escapeXml(proxy.principal.id)}</cas:proxy>
</c:forEach>
</cas:proxies>
</c:
if
>
<!-- 在server验证成功后,这个页面负责生成与客户端交互的xml信息,在默认的casServiceValidationSuccess.jsp中,只包括用户名,并不提供其他的属性信息,因此需要对页面进行扩展 -->
<c: if
test= "${fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes) > 0}" >
<cas:attributes>
<c:forEach var= "attr"
items= "${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}" >
<cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>
</c:forEach>
</cas:attributes>
</c: if >
</cas:authenticationSuccess>
</cas:serviceResponse>
|
客户端获取
示例基于jsp页面获取
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
<%@ page
import
=
" org.jasig.cas.client.util.*"
%>
<%@ page
import
=
" org.jasig.cas.client.authentication.*"
%>
<%@ page
import
=
" org.jasig.cas.client.validation.*"
%>
<%@ page
import
=
" java.util.*"
%>
<%
AttributePrincipal principal = (AttributePrincipal) request.getUserPrincipal();
// AttributePrincipal principal = AssertionHolder.getAssertion().getPrincipal();
String loginName = principal.getName();
out.println(
"loginName:"
+ loginName);
Map<String, Object> attributes = principal.getAttributes();
out.println(
"<br>"
);
if
(attributes !=
null
)
{
out.println(
"username:"
+ attributes.get(
"username"
));
out.println(
"<br>"
);
out.println(
"password:"
+ attributes.get(
"password"
));
out.println(
"<br>"
);
out.println(
"email:"
+ attributes.get(
"email"
));
out.println(
"<br>"
);
out.println(
"name:"
+ attributes.get(
"name"
));
out.println(
"<br>"
);
}
%>
|
from:http://my.oschina.net/xiaokaceng/blog/182547?p=1