Four SSO CAS framework single Sign-on, modifying how the database is validated

In response to changes in demand, when logging in to CAS, the default is based on user name and password verification, if you add a user name, password and a system ID to verify it? How to do it?

We know the CAS default login interface, enter the user name and password, and then configure the Deployerconfigcontext.xml this file in the bean Org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler this tag, write the corresponding SQL, and in <bean id= "DataSource" class= " Org.springframework.jdbc.datasource.DriverManagerDataSource "> Configure database Driver, database name, login password, etc.

What if we add another validation?

1 Based on the hints of the bean tag in the XML, the container finds this class Querydatabaseauthenticationhandler.java class, first modifies the login-webflow.xml, and modifies the code as follows:

<binder>            <binding property= "username"/>            <binding property= "password"/>   <binding property= "SystemID"/>        </binder>

where <bingding property= "SystemID"/> With the interface passed over the implied domain consistent.

2 The added JS code in casloginview.jsp is shown below, passing parameters from the URL of the login address.

<script language= "javascript"  type= "Text/javascript" > Window.onload=function ()//with the OnLoad event of window, When the form is finished loading {   //do something   var result = Location.search.match (new RegExp ("[\?\&]" + ' systemid ' + "= ([^\& ]+) "," I ");  if (result = = NULL | | Result.length < 1) {    result = "";} $ ("#systemId") [0].value=result[1];} </script>

The login page address is https://www.cdvcloud.com:8443/cas/login?systemId=vms2.0, which will carry these two parameters at the first login interface https:// Www.cdvcloud.com:8443/cas/login?service=http%3A%2F%2F172.16.3.101%3A8080%2Fvms2.0%2Fuser%2FtoMain%2F One for our custom system identity, and the second for CAs to verify that the database has been successfully transferred to the main interface.

3 Hidden is added to the login interface, which is passed to the CAs.

<input type= "hidden" name= "SystemID" id= "SystemID" >

        4  Modify the CAS source code, Usernamepasswordcredentials.java, as shown in the code below.

/* Copyright Ja-sig Collaborative. All rights reserved. See License * Distributed with the This file and available online at * http://www.ja-sig.org/products/cas/overview/license/*/ Package Org.jasig.cas.authentication.principal;import Javax.validation.constraints.notnull;import javax.validation.constraints.size;/** * Usernamepasswordcredentials respresents the username and password that a user * MA Y provide in order to prove the authenticity of who they say they is.  * * @author Scott Battaglia * @version $Revision: 1.2 $ $Date: 2007/01/22 20:35:26 $ * @since 3.0 * <p> * This is a Published and supported CAS Server 3 API.    * </p> */public class Usernamepasswordcredentials implements Credentials {/** Unique ID for serialization. * *    Private static final long serialversionuid = -8343864967200862794l; /** the username.    */@NotNull @Size (min=1,message = "Required.username") private String username; /** the password. */@NotNull @Size (Min=1, MESsage = "Required.password") private String password;/** the systemid for vms2.0 for SQL Validate Xinghaifang add 2014? ? 7?? 21st??     16:12:51. */@NotNull @Size (min=1, message = "Required.systemid") Private String Systemid;/*systemid begin*//**     * @return Returns the SystemID. */Public String Getsystemid () {return systemid;}     public void Setsystemid (String systemid) {this.systemid = SystemID;}    Public String Tostringsystemid () {return "[SystemID:" + This.systemid + "]";     }/*end *//** * @return Returns the password.    */Public final String GetPassword () {return this.password;     }/** * @param password the password to set.    */public final void SetPassword (final String password) {this.password = password;     }/** * @return Returns the userName.    */Public final String GetUserName () {return this.username;     }/** * @param userName the userName to set. */public final void SetusernAme (Final String userName) {this.username = UserName;    The public String toString () {return "[Username:" + this.username + "]";        } @Override public boolean equals (Final Object o) {if (this = = O) return true;        if (o = = NULL | | getclass ()! = O.getclass ()) return false;        Usernamepasswordcredentials that = (usernamepasswordcredentials) o;        if (password! = null?!password.equals (That.password): That.password! = null) return false;        if (username! = null?!username.equals (that.username): That.username! = null) return false;    return true;        } @Override public int hashcode () {int result = Username! = null? Username.hashcode (): 0;        result = * result + (password! = null? Password.hashcode (): 0);    return result; }}

In addition to CAS own user name and password, add your own systemid identity.

5 Modify the Querydatabaseauthenticationhandler.java class, as shown in the code below.

/* Copyright Ja-sig Collaborative. All rights reserved. See License * Distributed with the This file and available online at * http://www.ja-sig.org/products/cas/overview/license/*/ Package Org.jasig.cas.adaptors.jdbc;import Org.jasig.cas.authentication.handler.authenticationexception;import Org.jasig.cas.authentication.principal.usernamepasswordcredentials;import Org.springframework.dao.incorrectresultsizedataaccessexception;import javax.validation.constraints.notnull;/** * Class that if provided a query the returns a password (parameter of query * must be username) would compare that password To a translated version of the * password provided by the user. If They match, then authentication succeeds. * Default Password Translator is plaintext translator. * * @author Scott Battaglia * @author Dmitriy Kopylenko * @version $Revision $ $Date $ * @since 3.0 */public Final class Qu Erydatabaseauthenticationhandler extends Abstractjdbcusernamepasswordauthenticationhandler {@NotNull private String SQL; Protected Final Boolean authenticateusernamepasswordinternal (final usernamepasswordcredentials credentials) throws Authenticationexception {final String username = Getprincipalnametransformer (). Transform (Credentials.getusername ()        ); Final String password = Credentials.getpassword ();//xx add 7 16:27:58 for vms2.0 SystemID begin----------//fina        L String systemid = Credentials.getsystemid ();        String Mysystemid = Credentials.getsystemid ();        String[] Systemidgroup=mysystemid.split (",");  String systemid= systemidgroup[0];  System.out.println ("SystemID---------" +systemid+ "----------------systemid value"); Xxadd 7 16:27:58 for vms2.0 SystemID end----------Final String Encryptedpassword = This.getpassworden                Coder (). encode (password); try {final String Dbpassword = Getjdbctemplate (). queryForObject (This.sql, String.class, Userna           ME,SYSTEMID); Return Dbpassword.equals (Encryptedpassword);            } catch (Final Incorrectresultsizedataaccessexception e) {//This means the username is not found.        return false;     }}/** * @param sql the SQL to set.    */public void SetSQL (final String sql) {this.sql = SQL; }}

in the process of learning:

How to debug a deployed project: When I am unable to attach the CAS source code in my own local, do breakpoint debugging, only according to the CAS log file to see exactly where the error, CAS log file a large heap, in the end is which I need the log file, deleted the refresh see the bottom which file changes , this is all I need to learn.

in the face of the monster you think: the first contact with CAs unfamiliar, the root of the document step-by-step, there are some errors in the middle, and then constantly correcting errors, from the CAS some basic styles and functions do not meet the needs of the time, you need to change the CAS source code, always put him aloft, Always feel that you can not touch it is a wrong mentality, in fact, when you open his source code, static heart to study, will feel nothing, and his project is different? In order to do is to develop a CAS project, what is a way of thinking?

CAs Understanding: The first time to get the login interface, very excited to continue to discover the shortcomings of CAs, constantly need to change the CAS source code, constantly to replace his files, can only say that CAS is open source, there are many places we learn, But I think for the best not to use CAS or not to use, his configurable, flexible, scalable performance is not very friendly, or choose carefully.