CAS is flexible in terms of authentication. In the configuration file deployerConfigContext. xml of the CAS server, you can define any authentication methods you want, such as JDBC authentication and LDAP authentication. In addition, multiple authentication methods can be enabled at the same time to form an authentication flow. When the first authentication fails, the second authentication is enabled. If the first authentication passes, the second authentication will not be enabled. And so on.
The following is a simple example to end the process of adding a new authentication method.
1. Integrate the abstract class AbstractUsernamePasswordAuthenticationHandler to implement your own logic. The password must start with the user name:
package com.feiquan16.cas.authentication.handler;import org.apache.log4j.Logger;import org.jasig.cas.authentication.handler.AuthenticationException;import org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;public class PasswordStartWithUsernameAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler{ protected static final Logger LOG = Logger.getLogger(PasswordStartWithUsernameAuthenticationHandler.class); @Override protected boolean authenticateUsernamePasswordInternal(UsernamePasswordCredentials credential) throws AuthenticationException { String username = credential.getUsername(); String password = credential.getPassword(); if (password.startsWith(username)) { return true; } return false; }}
2. Export the jar package and put it under cas/WEB-INF/lib.
3. add your own authentication method in deployerConfigContext. xml:
<property name="authenticationHandlers"> <list> <!-- | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating | a server side SSL certificate. +--> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" /> <!-- | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS | into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials | where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your | local authentication strategy. You might accomplish this by coding a new such handler and declaring | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules. +--> <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> <bean class="com.feiquan16.cas.authentication.handler.PasswordStartWithUsernameAuthenticationHandler" /> </list> </property>
4. Restart tomcat
This article from "Graph learning" blog, please be sure to keep this source http://feiquan16.blog.51cto.com/336861/1302957