[SSO single-point series] (7): CAS4.0 SERVER authenticates users through databases, ssocas4.0

[SSO single-point series] (7): CAS4.0 SERVER authenticates users through databases, ssocas4.0

In the previous articles, I briefly introduced the authentication method of the server. By default, it is directly configured in a bean called primaryAuthenticationHandler IN THE deployerConfigContext. xml file. However, this only supports one account and is fixed, which has great limitations and cannot be used in real systems.

Currently, the application system generally reads the database to verify whether the user name and password are correct, and then performs authentication. Therefore, this article will introduce how to transform the server's default authentication method into a database verification method to meet the basic requirements of the system.

 

1. Add data source configuration

The configuration of the data source is similar to that we usually Configure. CAS can be configured in Spring mode to separate it from the original configuration file, I created a configuration called applicationContext-datasource.xml to store the relevant configuration of the data source (placed under cas-server-webapp \ src \ main \ webapp \ WEB-INF \ spring-configuration) as follows:

<? Xml version = "1.0" encoding = "UTF-8"?> <Beans xmlns = "http://www.springframework.org/schema/beans" xmlns: xsi = "http://www.w3.org/2001/XMLSchema-instance" xmlns: p = "http://www.springframework.org/schema/p" xmlns: aop = "http://www.springframework.org/schema/aop" xmlns: tx = "http://www.springframework.org/schema/tx" xsi: schemaLocation = "http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd http: // ww W.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd "> <description> datasource </description> <bean id =" casDataSource "class =" com. alibaba. druid. pool. druidDataSource "init-method =" init "destroy-method =" close "> <property name =" url "value =" $ {url} "/> <prope Rty name = "username" value = "$ {username}"/> <property name = "password" value = "$ {password}"/> <property name = "driverClassName" value = "$ {driverClassName}"/> <property name = "maxActive" value = "$ {maxActive}"/> <property name = "initialSize" value = "$ {initialSize} "/> <property name =" maxWait "value =" $ {maxWait} "/> <property name =" minIdle "value =" $ {minIdle} "/> <property name = "timeBetweenEvictionRunsMillis "Value =" $ {region} "/> <property name =" minEvictableIdleTimeMillis "value =" $ {minEvictableIdleTimeMillis} "/> <property name =" validationQuery "value =" $ {validationQuery} "/> <property name =" testWhileIdle "value =" $ {testWhileIdle} "/> <property name =" testOnBorrow "value =" $ {testOnBorrow} "/> <property name = "testOnReturn" value = "$ {testOnReturn}"/> <property name = "maxOpenPreparedSt Atements "value =" $ {maxOpenPreparedStatements} "/> <property name =" removeAbandoned "value =" $ {removeAbandoned} "/> <! -- Enable the removeAbandoned function --> <property name = "removeAbandonedTimeout" value = "$ {removeAbandonedTimeout}"/> <! -- 1800 seconds, that is, 30 minutes --> <property name = "logAbandoned" value = "$ {logAbandoned}"/> <! -- Output error log when closing the abanded connection --> </bean> <bean id = "jdbcTemplate" class = "org. springframework. jdbc. core. jdbcTemplate "p: dataSource-ref =" casDataSource "/> <bean id =" transactionManager "class =" org. springframework. jdbc. datasource. dataSourceTransactionManager "p: dataSource-ref =" casDataSource "/> <! -- Provides transaction enhancement through AOP configuration, so that all methods of all beans under AccountService have transactions --> <aop: config> <aop: pointcut id = "serviceMethod" expression = "execution (* com. blog. cas. account. service. impl .. *(..)) "/> <aop: advisor pointcut-ref =" serviceMethod "advice-ref =" txAdvice "/> </aop: config> <tx: advice id = "txAdvice" transaction-manager = "transactionManager"> <tx: attributes> <tx: method name = "get *" propagation = "REQUIRED" read-only = "true"/> <tx: method name = "update *" propagation = "REQUIRED"/> </tx: attributes> </tx: advice> <bean id = "accountService" class = "com. blog. cas. account. service. impl. accountServiceImpl "p: accountDao-ref =" accountDao "/> <bean id =" accountDao "class =" com. blog. cas. account. dao. impl. accountDaoImpl "p: jdbcTemplate-ref =" jdbcTemplate "/> </beans>

Note: a Service and Dao are defined here to interact with the database. You can simply write the methods you need. Spring provided hereJdbcTemplate. These two classes will not be posted, and everyone can implement them freely.

 

Then the relevant information of the data source, I directly put the file cas. properties (cas-server-webapp \ src \ main \ webapp \ WEB-INF \ cas. properties), at last Add the following content:

### Jdbcurl=jdbc:oracle:thin:@192.168.1.101:1521:odsorclusername=blogpassword=blogdriverClassName=oracle.jdbc.driver.OracleDrivervalidationQuery=SELECT 1 from dual filters=stat  maxActive=20  initialSize=1  maxWait=60000  minIdle=10  timeBetweenEvictionRunsMillis=60000  minEvictableIdleTimeMillis=300000  testWhileIdle=true  testOnBorrow=false  testOnReturn=false  maxOpenPreparedStatements=20  removeAbandoned=true  removeAbandonedTimeout=1800  logAbandoned=true

 

The oracle database is used.

 

2. custom authentication Handler class

Cas uses org. jasig. cas. authentication. AcceptUsersAuthenticationHandler by default. Let's look at its source code and find that authentication is performed in a method called authenticateUsernamePasswordInternal. In fact, you can guess what this method is. Then the parent class of this class is AbstractUsernamePasswordAuthenticationHandler, so we also inherit this class to implement the authenticateUsernamePasswordInternal method.

Note that the parameter in the authenticateUsernamePasswordInternal method is a parameter of the UsernamePasswordCredential type, which actually contains the user information we enter on the page, that is, the user name and password. Now you know the method.

Public class extends {private AccountServiceImpl accountService; @ Override protected HandlerResult failed (UsernamePasswordCredential credential) throws GeneralSecurityException, PreventedException {String username = credential. getUsername (); String password = credential. getPassword (); boole An flag = accountService. checkAccount (username, password); if (! Flag) {throw new FailedLoginException ();} return createHandlerResult (credential, new SimplePrincipal (username), null);} // omit the get/set Method}

 

This is just a simple verification logic. In fact, it may be complicated, such as determining the user's status and whether to disable it.

Then modify the relevant configuration, open the file cas-server-webapp \ src \ main \ webapp \ WEB-INF \ deployerConfigContext. xml find the bean whose id is primaryPrincipalResolver, modify this to our new class

 <!-- <bean id="primaryAuthenticationHandler"          class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">        <property name="users">            <map>                <entry key="admin" value="admin"/>            </map>        </property>    </bean> -->     <bean id="primaryAuthenticationHandler"          class="org.jasig.cas.authentication.BlogUsersAuthenticationHandler">          <property name="accountService" ref="accountService" />    </bean>

 

Now we have modified it to the database authentication method. You can try it.

3. authentication process

After reading the above, you may feel a little incomprehension. Why is authentication completed when only one class is added and the methods are covered? In this section, we will introduce a general authentication process, and the process of returning the final information to the client.

Some of the content has been introduced in the fourth article. It is best to first understand the content related to the user information returned after the fourth logon,Portal

 

The above process is only the main process of authentication, excluding the process of ST generation and verification.

 

4. Summary

The database authentication is basically completed, but the above is just a simple demonstration, you need to modify according to your own situation.

If the above content is incorrect, you are welcome to point it out. You are also welcomed to leave a message. Everyone makes common progress.

By the way, I wish you allHappy Valentine's Day,Happy New Year.

Close the work...