Single Sign-On (SSO) based on CAS: configure the database query authentication mechanism on the CAS server.

[1]. Overview following the previous demonstration of single-point Logon (SSO) instance based on CAS, the server authentication mechanism adopts the default configuration of the test environment, this article will focus on how to query the database and configure authentication for the user name and password.
[2] The Basic Environment of the demo environment is the same: Demonstration of Single Sign-On (SSO) instances based on CAS
Mysql: 5.1.51
[3] demonstration Step 1. create user data for demonstration
Create a Database in the mysql Database, take test as an example, and then create a user table: sso_t_user. The detailed SQL is as follows:
CREATETABLE 'sso _ t_user '(
'Id' int (11) NOT NULLAUTO_INCREMENT,
'Login _ name' varchar (50) DEFAULTNULL,
'Password'varchar (255) DEFAULTNULL,
Primary key ('id ')
) ENGINE = MyISAM default charset = utf8;
Insert the following data into the table sso_t_user:
INSERTINTO 'sso _ t_user' VALUES (1, 'admin', '96e79218965eb72c92a549dd5a330112 ');
Insert into 'sso _ t_user' VALUES (2, 'user', '96e79218965eb72c92a549dd5a330112 ');
Tips:
The password is encrypted with MD5 and stored in the database as an example.
"111111" MD5 value: "96e79218965eb72c92a549dd5a330112"

2. Modify the cas Server Configuration

Find the following information in % tomcat_cas %/webapps/cas/WEB_INF/deployerConfigContext. xml:

<beanclass="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler"/>

To:

 

<beanclass="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">        <propertyname="dataSource" ref="dataSource"></property>        <propertyname="sql" value="select password from sso_t_user wherelogin_name=?"></property>        <propertyname="passwordEncoder" ref="MD5PasswordEncoder"></property></bean> 

Add the datasource and encryption processing bean definitions at the same time:

<beanid="dataSource"        class="org.springframework.jdbc.datasource.DriverManagerDataSource">        <property name="driverClassName"value="com.mysql.jdbc.Driver"/>        <propertyname="url" value="jdbc:mysql://localhost/test"/>        <propertyname="username" value="root"/>        <propertyname="password" value=""/></bean><bean id="MD5PasswordEncoder"        class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">        <constructor-argindex="0" value="MD5" /></bean> 

 

Note:

During the configuration process, I encountered an exception: No bean named 'datasource 'isdefined, because dataSource is configured in the Bean of authenticationManager.

 

QueryDatabaseAuthenticationHandler is the query interface provided by cas-server-support-jdbc. One of them is identified by configuring an SQL statement.

Password, which matches the given password;

 

The SQL statement is used to query which table. In this example, the password is queried Based on the login_name FIELD IN THE sso_t_user table. CAS matches the password entered by the user;

PasswordEncoder: It processes password encryption. If you want the database in your application to save encrypted data, for example, in this example, the MD5PasswordEncoder Handler is configured, cas has the built-in MD5 function, so you only need to configure it. If the actual application uses the company's own encryption algorithm, you need to write a Handler to process the password, the implementation method is also relatively simple. Create a class to inherit from org. jasig. cas. authentication. handler. passwordEncoder encrypts the password entered by the user in the encode method and then returns it.

3. Add related jar packages

You need to add two packages under the lib of the web Project: cas-server-support-jdbc-x.x.x.jar and mysql-connector-java-x.x.x-bin.jar (the specific version number depends on the situation)

4. Test the authentication process

Start three configured tomcat respectively: tomcat-cas, tomcat-app1, tomcat-app2.

In this case, enter admin/111111 In the cas-server Authentication interface. You must verify the password in the database before logging on to the system.