through XML configuration method to achieve database query authentication, is indeed simple but not flexible. However, if the login verification logic is slightly more complex, it may not be able to meet the requirements through this configuration, such as: When the user log in, you need to determine whether the user is bound to the mailbox, if not bound, refused to log in and give a prompt message.
If you encounter a similar situation, you need to use a custom login to complete it, and the information given will need to be customized.
Custom Login verification (
default implementation
Querydatabaseauthenticationhandler
)
CAS built in a few Authenticationhandler The implementation class, as shown in the Cas-server-support-jdbc The package provides a JDBC the user authentication class.
If you need to implement a custom login, you only have to implement Org.jasig.cas.authentication.handler.AuthenticationHandler interface can, of course, take advantage of existing implementations, such as creating an inherited Org.jasig.cas.adaptors.jdbc.AbstractJdbcUsernamePasswordAuthenticationHandler class, the implementation method can refer to Org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler class:
Modify authenticateusernamepasswordinternal The code in the method is your own authentication logic.
Operation Steps:
1 , Eclipse The Cas-server-webapp project was introduced in the Lib Add two Jar Package
2 to customize a class, the contents of this class can be copied Querydatabaseauthenticationhandler
@Override protected Final Boolean authenticateusernamepasswordinternal (final usernamepasswordcredentials credentials ) throws Authenticationexception {//Get the value passed by the foreground, user name and password final String username = Getprincipalnametransformer (). Tra Nsform (Credentials.getusername ()); Final String password = Credentials.getpassword (); Final String Encryptedpassword = This.getpasswordencoder (). encode (password); try {/** * below code for the CAS database authentication default implementation, if you want to write their own implementation, you can delete the code to implement their own login authentication *///sql configured in the configuration file SQL Sentence final String Dbpassword = Getjdbctemplate (). queryForObject (This.sql, String.class, username); Return Dbpassword.equals (Encryptedpassword); } catch (Final Incorrectresultsizedataaccessexception e) {//This means the username is not found. return false; } }
3, write your own custom login method according to your business requirements, and modify the following code to
Final String Dbpassword = Getjdbctemplate (). queryForObject (This.sql, String.class, username); return dbpassword.equals (Encryptedpassword);
Of course you can also access the
Http://localhost:8080/cas-server-webapp/login Debugging.
4
<!--comment out the default configuration, use the custom class to configure--><!--<bean class= " Org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler "><property name=" DataSource "ref=" DataSource "></property><property name=" SQL "value=" select password from t_user where login_name=? "> </property><property name= "Passwordencoder" ref= "Md5passwordencoder" ></property></bean>- -><bean class= "Com.tgb.handler.CustomQueryDBHandler" ><property name= "DataSource" ref= "DataSource" > </property><property name= "SQL" value= "select password from t_user where login_name=?" ></property> <!--<property name= "Passwordencoder" ref= "Md5passwordencoder" ></property>--></bean>
Complete the above steps, custom login can be achieved!
custom error message (Default implementation incorrectresultsizedataaccessexception inherits from RuntimeException)
CAS authenticationexception structure such as, CAS Some exceptions have been built in, such as user name password error, unknown username error, etc.
Prompt "Password error" When user name is entered correctly and password is incorrect
you only need to customize the Authenticationhandler in the validation method of the class, an exception is thrown where validation fails.
Exception class for password error:
note The Code private property in the codes that defines a key in a localized resource file that gets the text for the corresponding language in the localized resource, which only implements the Chinese error message hint, modifies the Web-inf/classes/messages_zh_ Cn.properties file, add code-defined key-value pairs, such as the following example:
Error.authentication.credentials.bad.usernameorpassword.password=\u5bc6\u7801\u9519\u8bef
The following text is the NATIVE2ASCII encoding tool that comes with the JDK: Native2ascii converted to utf-8 format.
The next step is to simply throw an exception in the validation method of the custom Authenticationhandler class where the validation failed.
The sample code for the custom Authenticationhandler is as follows:
@Override Protected Final Boolean authenticateusernamepasswordinternal (final usernamepasswordcredentials Credentials) throws Authenticationexception { //Get the value passed by the foreground, username and password final String username = Getprincipalnametransformer (). Transform (Credentials.getusername ()); Final String password = Credentials.getpassword (); Final String Encryptedpassword = This.getpasswordencoder (). Encode ( password); try { final String Dbpassword = null; if (Dbpassword = = NULL | | dbpassword = = "") {throw new Badpasswordauthenticationexception ();} Return Dbpassword.equals (Encryptedpassword); } catch (Final incorrectresultsizedataaccessexception e) { //This means the username is not found. return false; }
Configure the custom error prompt to take effect Ditto (Configure custom login authentication)!
Effect:
Summary:
through the above study, we know CAS provides us with a lot of convenient extension features, which is what we have to consider and constantly strengthen when designing software.
CAS implements single Sign-on (SSO) database query authentication mechanism-Custom encoding method (iv)