cas单点退出和自定义验证登录成功后返回的信息

最新推荐文章于 2023-06-19 17:56:26 发布
最新推荐文章于 2023-06-19 17:56:26 发布
阅读量2.8k 收藏 8
点赞数
分类专栏: CAS 文章标签: java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_37548740/article/details/107567588
版权
简介

项目中使用的CAS后续需要外部系统的接入,这里需要解决两个问题,1:单点登出问题,之前的文章中提到各个接入cas的应用在验证st时会获取到用户信息,然后将用户信息做缓存,下次再次访问这个子应用时就不需要再向cas去获取是否登录,那么这就存在一个问题,CAS已经退出登录,但是各个子应用仍然保存着登录状态,这就导致了用户仍然可以访问子应用。第二个问题,由于在验证st时,cas会返回用户信息,但是cas默认返回的信息有并不能满足项目需求,有些是多余的,还有一些自定义的用户信息并没有返回,这里也需要对信息做重新定制.

单点登出

根据官网文档 https://apereo.github.io/cas/5.1.x/installation/Logout-Single-Signout.html slo退出分为2种,Back Channel 和Front Channel,我这里使用的是Back Channel,其原理也很简单就是在每个service下配置一个回调地址,当触发退出时,如果这个服务验证过st,那么系统就会认为其已经保存了登录信息,那么在触发单点登出时,调用配置的退出地址。

  • 配置service

我这里没有使用静态json配置service的方法,在resource/services 下添加你要接入cas的配置文件,文件名为
localhost-10000003.json,其中这里的localhost必须和下面配置文件的name对上,相应的10000003也必须和下面配置文件中的id对上,evaluationOrder为配置优先级,当一个接入的url同事满足多个配置文件时,值越小,优先级越高,还有一个配置单点登出的重要参数logoutUrl,这个就是触发登出时系统要去调用的子应用的回调地址,但实践当中我们的回调地址往往都需要带上一些凭证信息如用户id,所以用户id是动态生成的,CAS默认提供的逻辑只是静态的去调用配置的回调接口,我们要的是自定义登出逻辑,在配置的回调地址中加上参数,这里是加上用户id

{
 "@class" : "org.apereo.cas.services.RegexRegisteredService",
 "serviceId" : "http://127.0.0.1.*",
 "name" : "localhost",
 "id" : 10000003,
 "description" : "localhost",
 "evaluationOrder" : 1,
 "theme":"theme_default",
 "logoutUrl":"http://127.0.0.1:11202/logout"

}
  • 定制单点登出回调逻辑

官网并没有对如何实现单点登出给出更多的文档,因为cas是通过webflow来实现的,通过跟踪具体的webflow配置信息就可以看出他的逻辑

  • DefaultLogoutWebflowConfigurer
    这个类是单点退出的webflow配置入口,在这个类中,可以找到以下代码,其中terminateSessionAction就是处理单点退出所在的类
ActionState actionState = this.createActionState(flow, "terminateSession", "terminateSessionAction");

我们进入TerminateSessionAction 这个类 在terminate方法下有一行,根据方法名我们可以知道这里执行的是销毁TGT凭证的地方

 List<LogoutRequest> logoutRequests = this.centralAuthenticationService.destroyTicketGrantingTicket(tgtId);

我们找到CentralAuthenticationService 这个接口,发现其默认只有一个实现类DefaultCentralAuthenticationService,在其的destroyTicketGrantingTicket方法中我们可以看到,如下代码,通过查看源码,发现this.logoutManager.performLogout(ticket)中执行的就是单点退出的逻辑。

public List<LogoutRequest> destroyTicketGrantingTicket(String ticketGrantingTicketId) {
       try {
           LOGGER.debug("Removing ticket [{}] from registry...", ticketGrantingTicketId);
           TicketGrantingTicket ticket = (TicketGrantingTicket)this.getTicket(ticketGrantingTicketId, TicketGrantingTicket.class);
           LOGGER.debug("Ticket found. Processing logout requests and then deleting the ticket...");
           AuthenticationCredentialsThreadLocalBinder.bindCurrent(ticket.getAuthentication());
           List<LogoutRequest> logoutRequests = this.logoutManager.performLogout(ticket);
           this.deleteTicket(ticketGrantingTicketId);
           this.doPublishEvent(new CasTicketGrantingTicketDestroyedEvent(this, ticket));
           return logoutRequests;
       } catch (InvalidTicketException var4) {
           LOGGER.debug("TicketGrantingTicket [{}] cannot be found in the ticket registry.", ticketGrantingTicketId);
           return new ArrayList(0);
       }
   }

我们进入其唯一实现类DefaultLogoutManager,找到 performLogout方法,下面我做注释,注释的地方就是执行单点登出的地方

public List<LogoutRequest> performLogout(TicketGrantingTicket ticket) {
        LOGGER.info("Performing logout operations for [{}]", ticket.getId());
        if (this.singleLogoutCallbacksDisabled) {
            LOGGER.info("Single logout callbacks are disabled");
            return new ArrayList(0);
        } else {
            //执行单点退出逻辑
            List<LogoutRequest> logoutRequests = this.performLogoutForTicket(ticket);
            this.logoutExecutionPlan.getLogoutHandlers().forEach((h) -> {
                LOGGER.debug("Invoking logout handler [{}] to process ticket [{}]", h.getClass().getSimpleName(), ticket.getId());
                h.handle(ticket);
            });
            LOGGER.info("[{}] logout requests were processed", logoutRequests.size());
            return logoutRequests;
        }
    }

现在我们再进入performLogoutForTicket 方法,下面注释出已经标出了执行单点退出的地址

private List<LogoutRequest> performLogoutForTicket(TicketGrantingTicket ticketToBeLoggedOut) {
        Stream<Map<String, Service>> streamServices = Stream.concat(Stream.of(ticketToBeLoggedOut.getServices()), Stream.of(ticketToBeLoggedOut.getProxyGrantingTickets()));
        return (List)streamServices.map(Map::entrySet).flatMap(Collection::stream).filter((entry) -> {
            return entry.getValue() instanceof WebApplicationService;
        }).map((entry) -> {
            WebApplicationService service = (WebApplicationService)entry.getValue();
            LOGGER.debug("Handling single logout callback for [{}]", service);
            //具体执行单点退出的地方
            return this.singleLogoutServiceMessageHandler.handle(service, (String)entry.getKey());
        }).flatMap(Collection::stream).filter(Objects::nonNull).collect(Collectors.toList());
    }

现在我们思路就很明确了,实现自己的SingleLogoutServiceMessageHandler,并注入到DefaultLogoutManager中

单点登出实践
  • 重写SingleLogoutServiceMessageHandler
public class LogoutHandler  implements SingleLogoutServiceMessageHandler {

    private HttpClient httpClient;

    private ServicesManager servicesManager;

    private TicketRegistry ticketRegistry;



    public LogoutHandler(HttpClient httpClient, ServicesManager servicesManager, TicketRegistry ticketRegistry) {
        this.httpClient = httpClient;
        this.servicesManager = servicesManager;
        this.ticketRegistry = ticketRegistry;

    }

    @Override
    public Collection<LogoutRequest> handle(WebApplicationService singleLogoutService, String ticketId) {
        //根据ticketId获取到ST
        ServiceTicket serviceTicket =(ServiceTicket)ticketRegistry.getTicket(ticketId);
        //根据ST获取到TGT
        TicketGrantingTicket ticketGrantingTicket=serviceTicket.getTicketGrantingTicket();
        //用TGT获取用户id
        String userId=ticketGrantingTicket.getAuthentication().getPrincipal().getId();
        Collection<LogoutRequest> logoutRequests=new ArrayList<>();
        //获取当前有多少服务使用TGT去生成ST,因为单点的统一凭证就是TGT,一次登录使用的都是同一个TGT,所以可以使用TGT发现有多少个自服务登录过系统
        for(Map.Entry<String, Service> entry: ticketGrantingTicket.getServices().entrySet()){
          //查询对应系统配置的信息
            RegisteredService registeredService = servicesManager.findServiceBy(entry.getValue());
            //获取到前面配置的service的回调地址并且加上userId作为参数
            String url=registeredService.getLogoutUrl()+"?userId="+userId;
            try {
              //发送消息
                HttpMessage message =httpClient.sendMessageToEndPoint(new URL(url));
                DefaultLogoutRequest defaultLogoutRequest=new DefaultLogoutRequest(ticketId,singleLogoutService,new URL(url));
                logoutRequests.add(defaultLogoutRequest);
            } catch (MalformedURLException e) {
                e.printStackTrace();
            }
        }

        return logoutRequests;
    }
}
  • 在Srping的LogoutManager中注入的LogoutHandler
  @Autowired
   private LogoutMessageCreator logoutBuilder;

  @Autowired
  @Qualifier("noRedirectHttpClient")
  private HttpClient httpClient;

  @Autowired
  @Qualifier("servicesManager")
  private ServicesManager servicesManager;

  @Autowired
  @Qualifier("ticketRegistry")
  private ObjectProvider<TicketRegistry> ticketRegistry;



@Autowired
   @Bean
   public LogoutManager logoutManager(@Qualifier("logoutExecutionPlan") final LogoutExecutionPlan logoutExecutionPlan) {
       return new DefaultLogoutManager(logoutBuilder, new LogoutHandler(httpClient,servicesManager,ticketRegistry.getIfAvailable()),
             false  , logoutExecutionPlan);
   }
自定义登录成功后的返回信息

在cas中用户登录信息是用过验证st时返回,但是默认返回的信息包含很多我们不需要的信息,在第三方接入时难免体验很差,所以我这边对返回的用户信息进行了改造

找到入口

之前的的文章中就已经找到验证st的接口地址是/p3/serviceValidate,我们在源码中搜索此地址找到验证st的入口 V3ServiceValidateController

@GetMapping(
        path = {"/p3/serviceValidate"}
    )
    protected ModelAndView handle(HttpServletRequest request, HttpServletResponse response) throws Exception {
        return super.handleRequestInternal(request, response);
    }

我第一步想找到的是,接口的参数是如何渲染出来的,使用idea一步步进入方法,发现其生成参数的地方是在其父类 AbstractServiceValidateController的 getModelAndView方法下,我们可以看到根据传参的不同可以生成json格式的view和xml模式的view,而successView是通过构造方法注入到这个类的,那我们只需要在源码去全局搜索AbstractServiceValidateController的注入的successView到底是什么

private ModelAndView getModelAndView(HttpServletRequest request, boolean isSuccess, WebApplicationService service) {
        ValidationResponseType type = service != null ? service.getFormat() : ValidationResponseType.XML;
        String format = request.getParameter("format");
        if (!StringUtils.isEmpty(format)) {
            try {
                type = ValidationResponseType.valueOf(format.toUpperCase());
            } catch (Exception var7) {
                LOGGER.warn(var7.getMessage(), var7);
            }
        }

        return type == ValidationResponseType.JSON ? new ModelAndView(this.jsonView) : new ModelAndView(isSuccess ? this.successView : this.failureView);
    }

在源码中我发现其配置类在CasValidationConfiguration下

@Bean
   @ConditionalOnMissingBean(name = "v3ServiceValidateController")
   public V3ServiceValidateController v3ServiceValidateController() {
       return new V3ServiceValidateController(
           cas20WithoutProxyProtocolValidationSpecification,
           authenticationSystemSupport.getIfAvailable(),
           servicesManager,
           centralAuthenticationService,
           proxy20Handler.getIfAvailable(),
           argumentExtractor.getIfAvailable(),
           multifactorTriggerSelectionStrategy,
           authenticationContextValidator,
           cas3ServiceJsonView(),
           cas3ServiceSuccessView(),
           cas3ServiceFailureView,
           casProperties.getAuthn().getMfa().getAuthenticationContextAttribute(),
           serviceValidationAuthorizers,
           casProperties.getSso().isRenewAuthnEnabled()
       );
   }

我们进一步查看cas3ServiceSuccessView()这个方法,又发现其是Cas30ResponseView,其中我们关注下面这个参数cas3SuccessView

@Bean
   @ConditionalOnMissingBean(name = "cas3ServiceSuccessView")
   public View cas3ServiceSuccessView() {
       final String authenticationContextAttribute = casProperties.getAuthn().getMfa().getAuthenticationContextAttribute();
       final boolean isReleaseProtocolAttributes = casProperties.getAuthn().isReleaseProtocolAttributes();
       return new Cas30ResponseView(true,
           protocolAttributeEncoder,
           servicesManager,
           authenticationContextAttribute,
           cas3SuccessView,
           isReleaseProtocolAttributes,
           authenticationAttributeReleasePolicy,
           authenticationServiceSelectionPlan.getIfAvailable(),
           cas3ProtocolAttributesRenderer());
   }

我们找到了 cas3SuccessView这个类

        @Bean
        @Scope(value = ConfigurableBeanFactory.SCOPE_PROTOTYPE)
        public CasProtocolView cas3SuccessView() {
            return new CasProtocolView(casProperties.getView().getCas3().getSuccess(),
                applicationContext, springTemplateEngine, thymeleafProperties);
        }

Cas30ViewProperties 我们一步步进去查看发现重要信息protocol/3.0/casServiceValidationSuccess

public class Cas30ViewProperties implements Serializable {
    private static final long serialVersionUID = 2345062034300650858L;
    private String success = "protocol/3.0/casServiceValidationSuccess";
    private String failure = "protocol/3.0/casServiceValidationFailure";
    ...
  }

我们进入源码目录下找到此目录下的文件,我们发现其实cas是使用thymeleaf将xml渲染出来而已

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
    <cas:authenticationSuccess>
        <cas:user th:text="${principal.id}"/>
        <cas:proxyGrantingTicket th:if="${pgtIou}" th:text="${pgtIou}"/>
        <cas:proxies th:if="${not #lists.isEmpty(chainedAuthentications)}">
            <cas:proxy th:each="proxy : ${chainedAuthentications}" th:text="${proxy.principal.id}"/>
        </cas:proxies>
        <cas:attributes th:if="${not #lists.isEmpty(formattedAttributes)}">
            <div th:each="attr : ${formattedAttributes}" th:remove="tag">
                <div th:utext="${attr}" th:remove="tag"/>
            </div>
        </cas:attributes>
    </cas:authenticationSuccess>
</cas:serviceResponse>
定制参数

现在我们知道了参数是如何渲染出来的下面我们就要开支定制参数了
同样在AbstractServiceValidateController类中发现generateSuccessView方法,使用过SpringMVC的一定都能看懂以下代码,那么我们现在寻找绑定modal的Assertion 参数是如何生成的

private ModelAndView generateSuccessView(Assertion assertion, String proxyIou, WebApplicationService service, HttpServletRequest request, Optional<MultifactorAuthenticationProvider> contextProvider, TicketGrantingTicket proxyGrantingTicket) {
        ModelAndView modelAndView = this.getModelAndView(request, true, service);
        //将数据绑定到modal中
        modelAndView.addObject("assertion", assertion);
        modelAndView.addObject("service", service);
        if (StringUtils.hasText(proxyIou)) {
            modelAndView.addObject("pgtIou", proxyIou);
        }

        if (proxyGrantingTicket != null) {
            modelAndView.addObject("proxyGrantingTicket", proxyGrantingTicket.getId());
        }

        contextProvider.ifPresent((provider) -> {
            modelAndView.addObject(this.authnContextAttribute, provider.getId());
        });
        Map<String, ?> augmentedModelObjects = this.augmentSuccessViewModelObjects(assertion);
        if (augmentedModelObjects != null) {
            modelAndView.addAllObjects(augmentedModelObjects);
        }

        return modelAndView;
    }

我们在generateSuccessView的调用者handleTicketValidation发现了以下方法,这里生成了Assertion

Assertion assertion = this.validateServiceTicket(service, serviceTicketId);

我们再进入validateServiceTicket方法,发现我们的类其实是由CentralAuthenticationService生成的

protected Assertion validateServiceTicket(WebApplicationService service, String serviceTicketId) {
        return this.centralAuthenticationService.validateServiceTicket(serviceTicketId, service);
    }

我们再进入其默认实现类DefaultCentralAuthenticationService的validateServiceTicket方法,这里我们看到主要逻辑是这边的代码会获取原来的Principal,然后将其的attributes重新生成了一次,这里就是为什么我之前在自定义认证时生成的Principal中的attributes丢失的原因,那么我们这里解决办法也很明了了,重新CentralAuthenticationService的方法将我们需要的参数放到新的Principal的attributes中即可

public Assertion validateServiceTicket(String serviceTicketId, Service service) throws AbstractTicketException {
        if (!this.isTicketAuthenticityVerified(serviceTicketId)) {
            LOGGER.info("Service ticket [{}] is not a valid ticket issued by CAS.", serviceTicketId);
            throw new InvalidTicketException(serviceTicketId);
        } else {
            ServiceTicket serviceTicket = (ServiceTicket)this.ticketRegistry.getTicket(serviceTicketId, ServiceTicket.class);
            if (serviceTicket == null) {
                LOGGER.warn("Service ticket [{}] does not exist.", serviceTicketId);
                throw new InvalidTicketException(serviceTicketId);
            } else {
                Assertion var18;
                try {
                    synchronized(serviceTicket) {
                        if (serviceTicket.isExpired()) {
                            LOGGER.info("ServiceTicket [{}] has expired.", serviceTicketId);
                            throw new InvalidTicketException(serviceTicketId);
                        }

                        if (!serviceTicket.isValidFor(service)) {
                            LOGGER.error("Service ticket [{}] with service [{}] does not match supplied service [{}]", new Object[]{serviceTicketId, serviceTicket.getService().getId(), service});
                            throw new UnrecognizableServiceForServiceTicketValidationException(serviceTicket.getService());
                        }
                    }

                    Service selectedService = this.resolveServiceFromAuthenticationRequest(serviceTicket.getService());
                    LOGGER.debug("Resolved service [{}] from the authentication request", selectedService);
                    RegisteredService registeredService = this.servicesManager.findServiceBy(selectedService);
                    LOGGER.debug("Located registered service definition [{}] from [{}] to handle validation request", registeredService, selectedService);
                    RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(selectedService, registeredService);
                    TicketGrantingTicket root = serviceTicket.getTicketGrantingTicket().getRoot();
                    Authentication authentication = this.getAuthenticationSatisfiedByPolicy(root.getAuthentication(), new ServiceContext(selectedService, registeredService));
                    //获取旧的Principal
                    Principal principal = authentication.getPrincipal();
                    RegisteredServiceAttributeReleasePolicy attributePolicy = registeredService.getAttributeReleasePolicy();
                    LOGGER.debug("Attribute policy [{}] is associated with service [{}]", attributePolicy, registeredService);
                    //生成新的attributesToRelease
                    Map<String, Object> attributesToRelease = attributePolicy != null ? attributePolicy.getAttributes(principal, selectedService, registeredService) : new HashMap();
                    LOGGER.debug("Calculated attributes for release per the release policy are [{}]", ((Map)attributesToRelease).keySet());
                    String principalId = registeredService.getUsernameAttributeProvider().resolveUsername(principal, selectedService, registeredService);
                    //生成新的Principal类
                    Principal modifiedPrincipal = this.principalFactory.createPrincipal(principalId, (Map)attributesToRelease);
                    AuthenticationBuilder builder = DefaultAuthenticationBuilder.newInstance(authentication);
                    builder.setPrincipal(modifiedPrincipal);
                    LOGGER.debug("Principal determined for release to [{}] is [{}]", registeredService.getServiceId(), principalId);
                    Authentication finalAuthentication = builder.build();
                    AuditableContext audit = AuditableContext.builder().service(selectedService).authentication(finalAuthentication).registeredService(registeredService).retrievePrincipalAttributesFromReleasePolicy(Boolean.FALSE).build();
                    AuditableExecutionResult accessResult = this.registeredServiceAccessStrategyEnforcer.execute(audit);
                    accessResult.throwExceptionIfNeeded();
                    AuthenticationCredentialsThreadLocalBinder.bindCurrent(finalAuthentication);
                    Assertion assertion = (new DefaultAssertionBuilder(finalAuthentication)).with(selectedService).with(serviceTicket.getTicketGrantingTicket().getChainedAuthentications()).with(serviceTicket.isFromNewLogin()).build();
                    this.doPublishEvent(new CasServiceTicketValidatedEvent(this, serviceTicket, assertion));
                    var18 = assertion;
                } finally {
                    if (serviceTicket.isExpired()) {
                        this.deleteTicket(serviceTicketId);
                    } else {
                        this.ticketRegistry.updateTicket(serviceTicket);
                    }

                }

                return var18;
            }
        }
    }
具体实践
public class RestCentralAuthenticationService extends DefaultCentralAuthenticationService{
    public RestCentralAuthenticationService(ApplicationEventPublisher applicationEventPublisher, TicketRegistry ticketRegistry, ServicesManager servicesManager, LogoutManager logoutManager, TicketFactory ticketFactory, AuthenticationServiceSelectionPlan authenticationRequestServiceSelectionStrategies, ContextualAuthenticationPolicyFactory<ServiceContext> serviceContextAuthenticationPolicyFactory, PrincipalFactory principalFactory, CipherExecutor<String, String> cipherExecutor, AuditableExecution registeredServiceAccessStrategyEnforcer) {
        super(applicationEventPublisher, ticketRegistry, servicesManager, logoutManager, ticketFactory, authenticationRequestServiceSelectionStrategies, serviceContextAuthenticationPolicyFactory, principalFactory, cipherExecutor, registeredServiceAccessStrategyEnforcer);
    }


    public Assertion validateServiceTicket(String serviceTicketId, Service service) throws AbstractTicketException {

        if (!this.isTicketAuthenticityVerified(serviceTicketId)) {
            throw new InvalidTicketException(serviceTicketId);
        } else {
            ServiceTicket serviceTicket = (ServiceTicket)this.ticketRegistry.getTicket(serviceTicketId, ServiceTicket.class);
            if (serviceTicket == null) {
                throw new InvalidTicketException(serviceTicketId);
            } else {
                Assertion var18;
                try {
                    synchronized(serviceTicket) {
                        if (serviceTicket.isExpired()) {
                            throw new InvalidTicketException(serviceTicketId);
                        }

                        if (!serviceTicket.isValidFor(service)) {
                            throw new UnrecognizableServiceForServiceTicketValidationException(serviceTicket.getService());
                        }
                    }

                    Service selectedService = this.resolveServiceFromAuthenticationRequest(serviceTicket.getService());
                    RegisteredService registeredService = this.servicesManager.findServiceBy(selectedService);
                    TicketGrantingTicket root = serviceTicket.getTicketGrantingTicket().getRoot();
                    Authentication authentication = this.getAuthenticationSatisfiedByPolicy(root.getAuthentication(), new ServiceContext(selectedService, registeredService));
                    Principal principal = authentication.getPrincipal();
                    RegisteredServiceAttributeReleasePolicy attributePolicy = registeredService.getAttributeReleasePolicy();
                    Map<String, Object> attributesToRelease = attributePolicy != null ? attributePolicy.getAttributes(principal, selectedService, registeredService) : new HashMap();
                    //将我们需要回传给用户的信息放入新的attributes中
                    attributesToRelease.putAll(principal.getAttributes());
                    attributesToRelease.put("tgt",root.getId());
                    String principalId = registeredService.getUsernameAttributeProvider().resolveUsername(principal, selectedService, registeredService);
                    Principal modifiedPrincipal = this.principalFactory.createPrincipal(principalId, (Map)attributesToRelease);
                    AuthenticationBuilder builder = DefaultAuthenticationBuilder.newInstance(authentication);
                    builder.setPrincipal(modifiedPrincipal);
                    Authentication finalAuthentication = builder.build();
                    AuditableContext audit = AuditableContext.builder().service(selectedService).authentication(finalAuthentication).registeredService(registeredService).retrievePrincipalAttributesFromReleasePolicy(Boolean.FALSE).build();
                    AuditableExecutionResult accessResult = this.registeredServiceAccessStrategyEnforcer.execute(audit);
                    accessResult.throwExceptionIfNeeded();
                    AuthenticationCredentialsThreadLocalBinder.bindCurrent(finalAuthentication);
                    Assertion assertion = (new DefaultAssertionBuilder(finalAuthentication)).with(selectedService).with(serviceTicket.getTicketGrantingTicket().getChainedAuthentications()).with(serviceTicket.isFromNewLogin()).build();
                    this.doPublishEvent(new CasServiceTicketValidatedEvent(this, serviceTicket, assertion));
                    var18 = assertion;
                } finally {
                    if (serviceTicket.isExpired()) {
                        this.deleteTicket(serviceTicketId);
                    } else {
                        this.ticketRegistry.updateTicket(serviceTicket);
                    }

                }

                return var18;
            }
        }
    }





}

同样将我们重新的CentralAuthenticationService类注入Spring取代默认的CentralAuthenticationService

@Autowired
   @Qualifier("ticketRegistry")
   private ObjectProvider<TicketRegistry> ticketRegistry;

   @Autowired
    @Qualifier("servicesManager")
    private ObjectProvider<ServicesManager> servicesManagers;

    @Autowired
    @Qualifier("logoutManager")
    private ObjectProvider<LogoutManager> logoutManager;

    @Autowired
    @Qualifier("defaultTicketFactory")
    private ObjectProvider<TicketFactory> ticketFactory;

    @Autowired
   private ContextualAuthenticationPolicyFactory<ServiceContext> authenticationPolicyFactory;

   @Autowired
    @Qualifier("principalFactory")
    private ObjectProvider<PrincipalFactory> principalFactory;

    @Autowired
    @Qualifier("protocolTicketCipherExecutor")
    private ObjectProvider<CipherExecutor> cipherExecutor;


    @Autowired
       @Qualifier("registeredServiceAccessStrategyEnforcer")
       private AuditableExecution registeredServiceAccessStrategyEnforcer;

@Bean
   @Autowired
   public CentralAuthenticationService centralAuthenticationService(
           @Qualifier("authenticationServiceSelectionPlan") final AuthenticationServiceSelectionPlan authenticationServiceSelectionPlan) {
       return new RestCentralAuthenticationService(applicationEventPublisher,
               ticketRegistry.getIfAvailable(),
               servicesManagers.getIfAvailable(),
               logoutManager.getIfAvailable(),
               ticketFactory.getIfAvailable(),
               authenticationServiceSelectionPlan,
               authenticationPolicyFactory,
               principalFactory.getIfAvailable(),
               cipherExecutor.getIfAvailable(),
               registeredServiceAccessStrategyEnforcer);
   }

现在我们修改protocol/3.0/casServiceValidationSuccess文件,将我们的attributes作为模板放入xml即可

<response>

        <id th:text="${principal.id}"/>
        <name th:text="${principal.attributes.name}"/>
        <type th:text="${principal.attributes.type}"/>
        <tgt th:text="${principal.attributes.tgt}"/>
        <token th:if="${principal.attributes.token!=null}" th:text="${principal.attributes.token}"/>
        <idCard th:if="${principal.attributes.idCard!=null}"  th:text="${principal.attributes.idCard}"/>
        <jbrName th:if="${principal.attributes.jbrName!=null}" th:text="${principal.attributes.jbrName}"/>
        <jbrIdCard th:if="${principal.attributes.jbrIdCard!=null}" th:text="${principal.attributes.jbrIdCard}"/>
        <legalpersonCompanyMan  th:if="${principal.attributes.legalpersonCompanyMan!=null}"  th:text="${principal.attributes.legalpersonCompanyMan}"/>
        <legalpersonName th:if="${principal.attributes.legalpersonName!=null}" th:text="${principal.attributes.legalpersonName}"/>
        <legalpersonIdCard th:if="${principal.attributes.legalpersonIdCard!=null}" th:text="${principal.attributes.legalpersonIdCard}"/>
        <jbrMobile th:if="${principal.attributes.jbrMobile!=null}" th:text="${principal.attributes.jbrMobile}"/>
        <code>200</code>

</response>
weixin_37548740
关注
  • 0
    点赞
  • 8
    收藏
    觉得还不错? 一键收藏
  • 2
    评论
专栏目录
cas 4.2.5 登录成功后,如何返回用户更多信息?(测试完成 )
weixin_34375251的博客
10-21 788
2019独角兽企业重金招聘Python工程师标准>>> ...
CAS流程简析 服务端校验Ticket
我家有猫已长成的博客
01-30 4504
CAS流程简析 服务端校验Ticket 简介。
SpringBoot 集成CAS简单学习
最新发布
Gefangenes的博客
06-19 1760
这两个方法,另外以上几个方法创建的对象类都在 cas-client-core.jar ,也就是说可以只引这一个包,然后自行配置。,跳转到指定方法/system/logoutSuccess,返回:test2成功退出!,未跳到指定方法/system/logoutSuccess,跳转至。,未跳到指定方法/system/logoutSuccess,跳转至。,返回 sso-test2,当前登录账户casuser。,返回 sso-test2,当前登录账户casuser。,用于监听登出事件,清理内存中单点登录会话缓存。
修改CAS登陆后返回给客户端的数据,增加密码字段
不想当司机的厨子
05-31 2619
适用版本:cas-client-java-2.1.1 cas-client-core-3.1.10.jar  cas-server-core-3.1.1.jar  CAS返回给客户端的数据默认是不包含密码的,需要对服务端和客户端做以下修改:服务端:1. 登陆后将用户密码保存到起来    修改org.jasig.cas.authentication.principal.AbstractPersonDirectoryCredentialsToPrincipalResolver的方法resolvePrincipa
登录对比:cas单点登录);oauth2(授权);单一登录的区别
xyz啊哈
11-27 3002
浏览器访问是无状态的,判断是否登陆需服务器自定义实现,可保存在session中,或者保存在缓存中每个浏览器会话都有一个唯一的sessionid,用于区别不同的会话 cas单点登录)现象:多个系统只需登录一次,无需重复登录原理:授权服务器,被授权客户端1、授权服务器(一个)保存了全局的一份session,客户端(多个)各自保存自己的session2、客户端登录时判断自己的session是否...
cas5.3.2单点登录-自定义错误信息提示(十八)
这个名字想了很久
09-05 1万+
原文地址,转载请注明出处:&amp;amp;nbsp;http://blog.csdn.net/qq_34021712/article/details/79746413&amp;amp;nbsp;&amp;amp;nbsp; &amp;amp;nbsp;&amp;amp;nbsp;©王赛超&amp;amp;nbsp; 上一篇,我们在登录页面添加了验证码,但是在测试的时候发现,无论是验证码错误,还是密码错误,都是提示的 认证信息无效。我们需要更改错误信息提示来
CAS单点登录Demo
11-08
在本文中,我们将深入探讨CAS单点登录的基本原理、工作流程以及如何通过提供的Demo进行实践操作。 **CAS基本原理** CAS的核心思想是用户只需在一个应用系统中验证身份,之后访问其他所有支持CAS的应用系统时都不再...
spring + shiro + cas 实现sso单点登录的示例代码
08-29
Spring + Shiro + CAS 实现 SSO 单点登录示例代码 本篇文章主要介绍了 Spring + Shiro + CAS 实现 SSO 单点登录的示例代码,具有一定的参考价值。下面将详细介绍标题、描述、标签和部分内容中所涉及到的知识点。 ...
CAS单点登录(SSO)服务端自定义认证+CAS客户端配置+CAS完整使用文档+CAS4.2.7 cas-serv服务端源码 cas-client客户端源码
06-27
CAS(Central Authentication Service)是Java开发的一个开源的单点登录(Single Sign-On,简称SSO)框架,主要用于解决网络应用中的身份验证问题。本压缩包提供了CAS服务端自定义认证的实现,以及CAS客户端的配置...
CAS单点登录 for Tomcat
01-16
CAS(Central Authentication Service...总的来说,这些文档提供了全面的指导,帮助开发者在Linux上的Tomcat环境中实现CAS单点登录,涵盖了从基础理论到具体实践的各个层面,对于理解SSO机制和实际操作具有很大的价值。
cas实现单点登录,登出(java和php客户端)
05-29
总之,CAS单点登录系统为多应用环境提供了一种高效的身份验证解决方案。通过Java和PHP客户端的集成,可以在多种技术栈的项目中实现一致的用户体验,同时也简化了用户管理和权限控制。在实际应用中,应根据项目需求...
Spring Security 集成 Authing CAS 认证(三)
Authing的博客
09-07 334
在上一篇文章《》(以下简称《认证(二)》)中,我们讲述了如何在 Authing 平台配置项目集成中需要的 CAS 的配置,以及在后期开发过程中如何获取配置。同时,也提前让大家预习和熟悉了一些项目搭建和编码过程中需要的知识点。接下来这一小节,就让我们一起来顺利完成项目搭建和编码过程吧!
cas服务端动态servers
夏天
06-13 548
引入pom <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-jpa-service-registry</artifactId> <version>${cas.version}</version> </dependency> <dependency> <gro
CAS单点登录(十)——通过Restful协议请求认证和退出
热门推荐
Anumbrella
03-30 2万+
前面我们讲解了一些列的CAS文章,对CAS有了很多了解。今天我们讲解一个现在服务常用的REST协议来完成CAS登录、认证,不需要我们手动登录跳转到CAS登录页面就可以完成CAS的一些列操作。 我们知道CAS认证支持包括多种协议去认证,包括CAS、OAuth、SAML1、SAML2、REST Protocol等协议,这里我们采用REST协议去获取TGT,然后获取到TGT后获取到ST,最后拿到ST...
并发系列(四)-----CAS
Alemand的博客
07-30 252
一 简介 保证Java中的原子操做方式有两种方式 1 加锁(可以理解悲观锁机制) 2 CAS(可以理解为乐观锁机制) CAS全称是Compare and Swap 即比较并替换。在JDK中许多地方都可以看到它的身影,比如AQS同步组件,Atomic原子类操作等等都是以CAS实现的。其中java.util.concurrent 中的许多概念源自 Doug Lea 的 util.con...
casservice管理
子涵先生
04-30 1952
casservice管理总结服务管理表服务加载授权服务检查 总结 CAS对提供单点登录的服务采用双向控制。第一,cas client端需要指定提供服务的casServer;第二,casClient提供服务service,需要在casServer中进行注册。 服务管理表 REGISTEREDSERVICEIMPL expression_type: cas服务匹配支持2种通配规则:正则(“rege...
CAS Server部署,基于版本6.6.4
suiyuanduri的博客
02-19 3034
CAS Server部署,基于版本6.6.4
CAS单点登录执行流程登录、注销
大连高德
05-17 3676
CAs 登录和正常请求执行流程 在未登录情况下  一、浏览器访问客户端客户端拦截器:CAS Authentication Filter --》org.jasig.cas.client.authentication.AuthenticationFilter验证登录---->未登录 二、client1程序带着浏览器请求的地址访问casServer,casServer验证如果通过生成tic
CAS5.3自定义登录返回信息(做个记录)
xcnaabb的博客
04-13 265
CAS5.3自定义登录返回信息

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值