Cas (04)--Change the authentication method

Source: Internet
Author: User

There is a deployerconfigcontext.xml file in the Web-inf directory of the CAS server, which is a spring-based configuration file that is often content that the deployer needs to modify. Where authentication is also defined in this file, the authenticationhandlers of the Bean with ID AuthenticationManager defines the list of authenticationhandler that needs to be used. The default is to use two Authenticationhandler, the first is to ensure that the HTTPS protocol is currently used Httpbasedservicecredentialsauthenticationhandler, and the second one we need to change , its simple authentication user name and password are equal to the simpletestusernamepasswordauthenticationhandler. All we have to do is change the simpletestusernamepasswordauthenticationhandler here. CAS has provided us with a lot of authenticationhandler implementations, including the implementation of database-based authentication, of course, users can also implement their own authenticationhandler. The following example explains how to change the authentication method using a database for authentication.

Each of the CAS modules is developed based on MAVEN, and CAS server is no exception. So the official recommendation is that we use MAVEN's war coverage mechanism to modify the CAS server configuration file. MAVEN's war coverage mechanism refers to the introduction of a package Type War Project B as a dependency when one of the package types is a war, and the final project a packages a war pack that contains not only the contents of project A, but also the contents of Project B. and the file in Project a in the same location will overwrite item B, That is, when both project A and project B have a Web. xml file under Web-inf, the resulting war package will use the Web. xml file under Project A under Web-inf, and when project A does not have the Web. xml file under Web-inf and Project B has the Web. xml file under Web-inf The resulting war package will use the Web. xml file under Project B under Web-inf. So if we want to modify the CAS server configuration file, we can build our own MAVEN-based Web project, then introduce CAS server as a dependency and build the corresponding Deployerconfigcontext.xml file in our own project. Take a look at the detailed steps below.

1, set up a Web project based on Maven, named Mycasserver.

2. Open the Pom.xml file, delete the default dependency, and add the following content.

< Build >

< Plugins >

< plugin >

< Artifactid >maven-war-plugin</artifactid>

< Configuration >

< Warname >cas</warname>

</ Configuration >

</ plugin >

</ Plugins >

</ Build >

< Dependencies >

< Dependency >

< groupId >org.jasig.cas</groupId>

< Artifactid >cas-server-webapp</artifactid>

< version >${cas.version}</version>

< type >War</type>

< Scope >Runtime</scope>

</ Dependency >

</ Dependencies >

< Properties >

< cas.version >3.5.2</cas.version>

</ Properties >

< repositories >

< Repository >

< ID >ja-sig</ID>

< URL >http://oss.sonatype.org/content/repositories/releases/ </url>

</ Repository >

</ repositories >

3. Delete index.jsp files and src/main/webapp/under Src/main/webapp in Mycasserver project Web-inf under the Web. xml file, because in the Cas-server-webapp there are corresponding files, do not delete the package will be the result of the mycasserver in the overlay cas-server-webapp. If you use MAVEN to package this time, you will get a war package that is identical to Cas-server-webapp.

4, using the database for authentication, you also need to add the corresponding dependencies, open mycasserver pom.xml file, add the following dependencies.

< Dependency >

< groupId >org.jasig.cas</groupId>

< Artifactid >cas-server-support-jdbc</artifactid>

< version >${cas.version}</version>

< Scope >Runtime</scope>

</ Dependency >

5. Copy the Deployerconfigcontext.xml file under Cas-server-webapp/web-inf to the Src/main/webapp/web-inf directory of Mycasserver.

6, database-based Authenticationhandler There are many, here take Querydatabaseauthenticationhandler as an example. Querydatabaseauthenticationhandler needs to be configured with two parameters, DataSource and SQL. DataSource is the data source that represents which data source to query from. SQL is the corresponding query statement, it will receive username as a parameter, and then query out the corresponding password, and then Querydatabaseauthenticationhandler will query the password and the user submitted password matching. So here we open the Deployerconfigcontext.xml file copied to Mycasserver, find the Authenticationhandlers attribute definition for the bean with ID AuthenticationManager, and the last authe Nticationhandler replaced the Querydatabaseauthenticationhandler we wanted.

before replacement :

<  Property name="authenticationhandlers">

< List >

< Bean class=" Org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler "

p:httpclient-ref="httpClient" />

< Bean

class=" Org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler "/>

</ List >

</ Property >

After replacement:

<  Property name="authenticationhandlers">

< List >

< Bean class=" Org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler "

p:httpclient-ref="httpClient" />

< Bean class="Org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">

<  Property name="DataSource" ref="DataSource"/>

<  Property name="SQL" value="Select password from t_user where username =?" />

</ Bean >

</ List >

</ Property >

Like the definition of DataSource and its need to use the dependency package I will not post, more commonly used.

The authenticationhandler that are used in the war packages that are generated after packaging will be our src/main/webapp/in Mycasserver. The querydatabaseauthenticationhandler is defined in the Deployerconfigcontext.xml file in the Web-inf directory. You can modify other content in the CAS server later in this way.

(Note: This article was written based on CAS 3.5.2)

(Note: Original article, reproduced please indicate the source.) Original address: http://haohaoxuexi.iteye.com/blog/2128869)

Cas (04)--Change the authentication method

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.