概述
cas-server默认的可用信息只有用户名, 如果我还想知道他的角色类型等其它属性,这时候就需要做一些配置了。其它代码编写代码方式这里不做介绍,只做简单配置的方式介绍。
配置操作
1、cas-server项目自行根据CAS学习笔记(二)来搭建
具体目录结构如下:
2、application.properties 配置多属性,这里配置多一个数据表角色字段
##
# CAS Server Context Configuration
#
server.context-path=/cas
server.port=8443
#server.ssl.key-store=file:/etc/cas/thekeystore
#server.ssl.key-store-password=changeit
#server.ssl.key-password=changeit
# server.ssl.ciphers=
# server.ssl.client-auth=
# server.ssl.enabled=
# server.ssl.key-alias=
# server.ssl.key-store-provider=
# server.ssl.key-store-type=
# server.ssl.protocol=
# server.ssl.trust-store=
# server.ssl.trust-store-password=
# server.ssl.trust-store-provider=
# server.ssl.trust-store-type=
server.max-http-header-size=2097152
server.use-forward-headers=true
server.connection-timeout=20000
server.error.include-stacktrace=ALWAYS
server.compression.enabled=true
server.compression.mime-types=application/javascript,application/json,application/xml,text/html,text/xml,text/plain
server.tomcat.max-http-post-size=2097152
server.tomcat.basedir=build/tomcat
server.tomcat.accesslog.enabled=true
server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms)
server.tomcat.accesslog.suffix=.log
server.tomcat.max-threads=10
server.tomcat.port-header=X-Forwarded-Port
server.tomcat.protocol-header=X-Forwarded-Proto
server.tomcat.protocol-header-https-value=https
server.tomcat.remote-ip-header=X-FORWARDED-FOR
server.tomcat.uri-encoding=UTF-8
spring.http.encoding.charset=UTF-8
spring.http.encoding.enabled=true
spring.http.encoding.force=true
##
# CAS Cloud Bus Configuration
#
spring.cloud.bus.enabled=false
# spring.cloud.bus.refresh.enabled=true
# spring.cloud.bus.env.enabled=true
# spring.cloud.bus.destination=CasCloudBus
# spring.cloud.bus.ack.enabled=true
endpoints.enabled=false
endpoints.sensitive=true
endpoints.restart.enabled=false
endpoints.shutdown.enabled=false
management.security.enabled=true
management.security.roles=ACTUATOR,ADMIN
management.security.sessions=if_required
management.context-path=/status
management.add-application-context-header=false
security.basic.authorize-mode=role
security.basic.enabled=false
security.basic.path=/cas/status/**
##
# CAS Web Application Session Configuration
#
server.session.timeout=300
server.session.cookie.http-only=true
server.session.tracking-modes=COOKIE
##
# CAS Thymeleaf View Configuration
#
spring.thymeleaf.encoding=UTF-8
spring.thymeleaf.cache=true
spring.thymeleaf.mode=HTML
##
# CAS Log4j Configuration
#
# logging.config=file:/etc/cas/log4j2.xml
server.context-parameters.isLog4jAutoInitializationDisabled=true
##
# CAS AspectJ Configuration
#
spring.aop.auto=true
spring.aop.proxy-target-class=true
##
# CAS Authentication Credentials
#
#cas.authn.accept.users=user::123
cas.tgc.secure=false
#使用json配置
cas.serviceRegistry.initFromJson=true
#允许退出之后重定向页面
cas.logout.followServiceRedirects=true
#Query Database Authentication 数据库查询校验用户名开始
#查询账号密码sql,必须包含密码字段
cas.authn.jdbc.query[0].sql=select * from t_sso_user where status=1 and username=?
#指定上面的sql查询字段名(必须)
cas.authn.jdbc.query[0].fieldPassword=password
#指定过期字段,1为过期,若过期不可用
#cas.authn.jdbc.query[0].fieldExpired=expired
#为不可用字段段,1为不可用,需要修改密码
#cas.authn.jdbc.query[0].fieldDisabled=disabled
#数据库方言hibernate的
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect
#数据库驱动
cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver
#数据库连接
cas.authn.jdbc.query[0].url=jdbc:mysql://192.168.0.166:3306/gf_sso?useUnicode=true&characterEncoding=UTF-8
#数据库用户名
cas.authn.jdbc.query[0].user=root
#数据库密码
cas.authn.jdbc.query[0].password=hfocean123
#默认加密策略,通过encodingAlgorithm来指定算法,默认NONE不加密
cas.authn.jdbc.query[0].passwordEncoder.type=DEFAULT
cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=UTF-8
cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=MD5
#Query Database Authentication 数据库查询校验用户名结束
#多属性
#配置多属性返回
#----------------------单列值情况----------------------------
#定义一个属性的单列
cas.authn.attributeRepository.jdbc[0].attributes.role=role
#设置数据为单行的情况
cas.authn.attributeRepository.jdbc[0].singleRow=true
cas.authn.attributeRepository.jdbc[0].order=0
cas.authn.attributeRepository.jdbc[0].url=${cas.authn.jdbc.query[0].url}
#这个相当于查询的sql,设定查询的字段
cas.authn.attributeRepository.jdbc[0].username=username
#多个属性的情况
cas.authn.attributeRepository.jdbc[0].user=${cas.authn.jdbc.query[0].user}
cas.authn.attributeRepository.jdbc[0].password=${cas.authn.jdbc.query[0].password}
#这个地方的{0} 就是 cas.authn.attributeRepository.jdbc[0].username 对于的查询条件
cas.authn.attributeRepository.jdbc[0].sql=select * from t_sso_user where {0}
cas.authn.attributeRepository.jdbc[0].dialect=${cas.authn.jdbc.query[0].dialect}
cas.authn.attributeRepository.jdbc[0].ddlAuto=none
cas.authn.attributeRepository.jdbc[0].driverClass=${cas.authn.jdbc.query[0].driverClass}
cas.authn.attributeRepository.jdbc[0].leakThreshold=10
cas.authn.attributeRepository.jdbc[0].propagationBehaviorName=PROPAGATION_REQUIRED
cas.authn.attributeRepository.jdbc[0].batchSize=1
cas.authn.attributeRepository.jdbc[0].failFast=true
#----------------------单列值情况----------------------------
# 默认主题配置
#cas.theme.defaultThemeName=anumbrella
主要是这一段配置role多属性返回,如下:
#多属性
#配置多属性返回
#----------------------单列值情况----------------------------
#定义一个属性的单列
cas.authn.attributeRepository.jdbc[0].attributes.role=role
#设置数据为单行的情况
cas.authn.attributeRepository.jdbc[0].singleRow=true
cas.authn.attributeRepository.jdbc[0].order=0
cas.authn.attributeRepository.jdbc[0].url=${cas.authn.jdbc.query[0].url}
#这个相当于查询的sql,设定查询的字段
cas.authn.attributeRepository.jdbc[0].username=username
#多个属性的情况
cas.authn.attributeRepository.jdbc[0].user=${cas.authn.jdbc.query[0].user}
cas.authn.attributeRepository.jdbc[0].password=${cas.authn.jdbc.query[0].password}
#这个地方的{0} 就是 cas.authn.attributeRepository.jdbc[0].username 对于的查询条件
cas.authn.attributeRepository.jdbc[0].sql=select * from t_sso_user where {0}
cas.authn.attributeRepository.jdbc[0].dialect=${cas.authn.jdbc.query[0].dialect}
cas.authn.attributeRepository.jdbc[0].ddlAuto=none
cas.authn.attributeRepository.jdbc[0].driverClass=${cas.authn.jdbc.query[0].driverClass}
cas.authn.attributeRepository.jdbc[0].leakThreshold=10
cas.authn.attributeRepository.jdbc[0].propagationBehaviorName=PROPAGATION_REQUIRED
cas.authn.attributeRepository.jdbc[0].batchSize=1
cas.authn.attributeRepository.jdbc[0].failFast=true
#----------------------单列值情况----------------------------
注意,其中cas.authn.attributeRepository.jdbc[0].attributes.role=role , role对应数据表role角色字段。
3、HTTPSandIMAPS-10000001.json 配置也对应修改下
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https|http|imaps)://.*",
"name" : "HTTPS and IMAPS",
"id" : 10000001,
"description" : "This service definition authorizes all application urls that support HTTPS and IMAPS protocols.",
"evaluationOrder" : 10000,
/*,"theme": "anumbrella"*/
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", ["role"] ]
}
}
主要是增加下面这几句
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", ["role"] ]
}
其中role对应上面的配置属性字段命名
4、客户端获取role属性方法
AttributePrincipal principal = AssertionHolder.getAssertion().getPrincipal();
final Map attributes = principal.getAttributes();
Integer role = new Integer(attributes.get("role").toString());