通过查询数据库,对用户名和密码进行相关的认证配置,deployerConfigContext.xml中配置了一个dbAuthHandler、dataSource还有一个passwordEncoder。
create table test_user(username varchar(30), password varchar(40) , primary key (username));
insert into test_user(username,password) values ('admin','admin');
insert into test_user(username,password) values('user','password');
2 复制所需的类库到web应用下,如下三个jar包。
commons-collections-3.2.jar
cas-server-support-jdbc-4.0.0.jar
下载:mysql-connector-java-5.1.7-bin.jar
3 配置cas/WEB-INF/目录下的deployerConfigContext.xml 文件。
3.1增加数据源
<property name="driverClassName" value="com.mysql.jdbc.Driver"></property>
<property name="url" value="jdbc:mysql://localhost:3306/deamo"></property>
<property name="username" value="root"></property>
<property name="password" value="123456"></property>
</bean>
3.2 改变认证方式
<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
<property name="users">
<map>
<entry key="casuser" value="Mellon"/>
</map>
</property>
</bean>
变为数据库认证方式:
<bean id="dbAuthHandler"
class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
p:dataSource-ref="dataSource"
p:sql="select password from app_user where username=?" />
3.修改
<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<!--
| IMPORTANT
| Every handler requires a unique name.
| If more than one instance of the same handler class is configured, you must explicitly
| set its name to something other than its default name (typically the simple class name).
-->
<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
<entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" />
</map>
</constructor-arg>
变为:
<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<!-- <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> -->
<entry key-ref="dbAuthHandler" value-ref="primaryPrincipalResolver" />
</map>
</constructor-arg>
<property name="authenticationPolicy">
<bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
</property>
</bean>
4 启动tomcat,输入http://localhost:8080/servlets-examples
在转发的CAS登陆页面中,输入用户和密码。转发成功后就通过SSO单点登陆认证了。
数据库密码不是加密的方式则不使用passwordEncoder 加密验证
参考文献:
http://blog.sina.com.cn/s/blog_3fc815b30100ihtr.html
http://www.oschina.net/question/1987045_162150?fromerr=nm8p269o