CAS officials are already developing integrated plug-ins for CAs and OAuth, using the Scribe-up project to obtain user-authorized basic information. Planned in the cas3.5.0 version of the launch, but now available, the following will be Sina Weibo, for example, how to use Sina Weibo account to log in to CAS, to https://github.com/Jasig/cas/tree/master/ Cas-server-support-oauth Download the source code, add the Cas-server-support-oauth dependencies to your CAs project.
Define two classes First, Sinaweiboapi20.java and Sinaweiboprovider.java,sinaweiboapi20.java mainly define the authorized links of Sina Weibo, Sinaweiboprovider.java mainly to obtain user information after authorization.
Sinaweiboapi20.java
public class SinaWeiboApi20 extends DefaultApi20 {private static final String Authorize_url = "Https://api.weibo.com/oa
Uth2/authorize?client_id=%s&redirect_uri=%s&response_type=code ";
private static final String Scoped_authorize_url = Authorize_url + "&scope=%s";
@Override public Verb Getaccesstokenverb () {return verb.post;
@Override public Accesstokenextractor Getaccesstokenextractor () {return new jsontokenextractor (); @Override public String Getaccesstokenendpoint () {return "Https://api.weibo.com/oauth2/access_token?grant_ty
Pe=authorization_code "; @Override public String getauthorizationurl (oauthconfig config) {//Append scope if present if (config.h Asscope ()) {return String.Format (Scoped_authorize_url, Config.getapikey (), Oauthencoder.encode (Config.getCallba
CK ()), Oauthencoder.encode (Config.getscope ()); else {return String.Format (Authorize_url, Config.getapikey (), oautheNcoder.encode (Config.getcallback ())); }
}
}
Sinaweiboprovider.java
public class Sinaweiboprovider extends Baseoauth20provider {@Override protected void Internalinit () {if (SCOP e!= null) {service = new Servicebuilder (). Provider (Sinaweiboapi20.class). Apikey (Key). Apisecret (Secret).
Callback (Callbackurl). Scope (Scope). build (); else {service = new Servicebuilder (). Provider (Sinaweiboapi20.class). Apikey (Key). Apisecret (Secret). Call
Back (Callbackurl). build ();
} string[] names = new string[] {"UID", "username"};
for (String name:names) {mainattributes.put (name, NULL); }} @Override protected String Getprofileurl () {return "https://api.weibo.com/2/statuses/user_timeline.
JSON "; @Override protected UserProfile extractuserprofile (String body) {userprofile userprofile = new UserProfile ()
;
Jsonnode JSON = Jsonhelper.getfirstnode (body);
Arraynode statuses = (arraynode) json.get ("statuses");
Jsonnode Userjson = statuses.get (0). Get ("user"); If (JSON!= NULL)
{Userprofilehelper.addidentifier (userprofile, Userjson, "id");
For (String Attribute:mainAttributes.keySet ()) {Userprofilehelper.addattribute (userprofile, JSON, attribute,
Mainattributes.get (attribute));
} Jsonnode Subjson = Userjson.get ("id");
if (Subjson!= null) {userprofilehelper. AddAttribute (userprofile, "UID", Subjson.getintvalue ());
} Subjson = Userjson.get ("domain");
if (Subjson!= null) {Userprofilehelper.addattribute (userprofile, "username", Subjson.gettextvalue ());
return userprofile;
}
}
Add Sinaweiboprovider Bean declaration to Applicationcontext.xml
<bean id= "Sinaweibo" class= "Com.xxx.oauth.provider.SinaWeiboProvider" >
<property "key" Name= " Sinaweibo_key "/> <property name= Secret" value= "Sinaweibo_secret"/> <property name=
" Callbackurl "value=" Https://sso.xxx.com:9443/login "/>
</bean>
Where Callbackurl is your sign-in address for CAs.
Defining oauthaction Beans in Cas-servlet.xml
<bean id= "oauthaction" class= "Org.jasig.cas.support.oauth.web.flow.OAuthAction"
p: centralauthenticationservice-ref= "Centralauthenticationservice" >
<property name= "providers" >
<list>
<ref bean= "Sinaweibo"/>
</list>
</property>
</bean>
The primary function of adding oauthaction to the login-webflow.xml of CAS is to intercept information returned by the OAuth service provider.
<action-state id= "Oauthaction" >
<evaluate expression= "oauthaction"/> <transition on=
" Success "to=" Sendticketgrantingticket "/>
<transition on=" error "to=" Ticketgrantingticketexistscheck "/ >
</action-state>
Add Oauthauthenticationhandler to the authenticationhandlers in Deployerconfigcontext.xml to support OAuth validation
<property name= "Authenticationhandlers" >
<list>
<bean class= " Org.jasig.cas.support.oauth.authentication.handler.support.OAuthAuthenticationHandler ">
<property Name= "Providers" >
<list>
<ref bean= "Sinaweibo"/>
</list>
</property >
</bean>
</list>
</property>
Add Oauthcredentialstoprincipalresolver to the credentialstoprincipalresolvers in Deployerconfigcontext.xml.
<property name= "Credentialstoprincipalresolvers" >
<list>
<bean class= " Org.jasig.cas.support.oauth.authentication.principal.OAuthCredentialsToPrincipalResolver ">
</bean >
</list>
</property>
If you want to get the user information returned from OAuth, You must add Oauthauthenticationmetadatapopulator to the Deployerconfigcontext.xml authenticationmetadatapopulators.
<property name= "Authenticationmetadatapopulators" >
<list>
<bean class= " Org.jasig.cas.support.oauth.authentication.OAuthAuthenticationMetaDataPopulator "/>
</list>
</property>
The last step is to add a link to the login page with Sina Weibo account login
Done!
References: Https://wiki.jasig.org/display/CASUM/OAuth+client+support
This article address: http://blog.csdn.net/laigood12345/article/details/7567247