Modify CAS source code Yes DB-based authentication mode configuration more flexible

Recently in the CAS configuration, encountered the data source does not provide password and other data, how to implement password input authentication?

Step one: Create a new Java project and generate a CAS encryption tool based on the mask algorithm

For the sake of confidentiality, you do not provide a custom encryption tool, and in your actual project you can use CAS default encryption such as MD5.

Step Two: Modify CAS source code

Locate the CAS-SERVER-SUPPORT-JDBC sub-module to find the package path cas-server-support-jdbc\src\main\java\org\jasig\cas\adaptors\jdbc\, Copying a copy of the Querydatabaseauthenticationhandler.java and renaming it Tyquerydatabaseauthenticationhandler.java (remember to modify and make sure the class name matches the file name)

Modify the code to the following

1  PackageOrg.jasig.cas.adaptors.jdbc;2 3 Importjava.security.GeneralSecurityException;4 5 ImportOrg.jasig.cas.authentication.HandlerResult;6 Importorg.jasig.cas.authentication.PreventedException;7 Importorg.jasig.cas.authentication.UsernamePasswordCredential;8 ImportOrg.jasig.cas.authentication.principal.SimplePrincipal;9 Importorg.springframework.dao.DataAccessException;Ten Importorg.springframework.dao.IncorrectResultSizeDataAccessException; One  A Importjavax.security.auth.login.AccountNotFoundException; - Importjavax.security.auth.login.FailedLoginException; - ImportJavax.validation.constraints.NotNull; the  - /** - * Class that if provided a query that returns a password (parameter of query - * must be username) would compare that password to a translated version of the + * Password provided by the user. If They match, then authentication succeeds. - * Default password Translator is plaintext translator. +  * A  * @authorScott Battaglia at  * @authorDmitriy Kopylenko -  * @authorMarvin S. Addison -  * -  * @since3.0 -  */ -  Public class Tyquerydatabaseauthenticationhandler extendsAbstractjdbcusernamepasswordauthenticationhandler { in  - @NotNull to     PrivateString SQL; +  -     private Boolean Usedefaultpassword; the  *     private String DefaultPassword; $ Panax Notoginseng     /** {@inheritDoc} */ - @Override the     protected FinalHandlerresult authenticateusernamepasswordinternal (Finalusernamepasswordcredential credential) +             throwsgeneralsecurityexception, preventedexception { A  the         FinalString username =credential.getusername (); +         final String password = usedefaultpassword? DefaultPassword:credential.getPassword (); -         FinalString Encryptedpassword = This. Getpasswordencoder (). Encode (password); $         Try { $             FinalString Dbpassword = Getjdbctemplate (). queryForObject ( This. sql, String.class, username); -             if(!dbpassword.equals (Encryptedpassword)) { -                 Throw NewFailedloginexception ("Password does not match value on record.")); the             } -}Catch(Finalincorrectresultsizedataaccessexception e) {Wuyi             if(e.getactualsize () = = 0) { the                 Throw NewAccountnotfoundexception (username + "not found with SQL query"); -}Else { Wu                 Throw NewFailedloginexception ("Multiple records found for" +username); -             } About}Catch(FinalDataAccessException E) { $             Throw NewPreventedexception ("SQL exception while executing query for" +username, e); -         } -         returnCreatehandlerresult (Credential,NewSimpleprincipal (username),NULL); -     } A  +     /** the      * @paramSQL the SQL to set. -      */ $      Public voidSetSQL (FinalString SQL) { the          This. sql =SQL; the     } the  the      /** -      * @paramIsusedefaultpassword the Usedefaultpassword to set. in      */ the      Public voidSetusedefaultpassword (Final BooleanIsusedefaultpassword) { the          This. Usedefaultpassword =Isusedefaultpassword; About     } the  the      /** the      * @paramDefaultPassword the DefaultPassword to set. +      */ -      Public voidSetDefaultPassword (FinalString DefaultPassword) { the          This. DefaultPassword =DefaultPassword;Bayi     } the  the}

Step three: Modify your CAS deployment package code

Unzip your deployment package and locate the file Deployerconfigcontext.xml

If your code modifies the code as follows:

1<bean id= "Dbauthenticationhandler"2     class= "Org.jasig.cas.adaptors.jdbc."Tyquerydatabaseauthenticationhandler">3<property name= "DataSource" ref= "DataSource" ></property>4<property name= "SQL" value= "select Emppass as password from Ssoaccount where empcode=?" "></property>5<property name= "Passwordencoder" ref= "Passwordencoder" ></property>6       <property name= "Usedefaultpassword" value= "true" ></property>7       <property name= "DefaultPassword" value= "111111" ></property>8</bean>

The Id=dbauthenticationhandle bean represents the login account and the authentication mode of the password to handle the configuration, which is referenced by the Id=authenticationmanager bean configuration

The Tyquerydatabaseauthenticationhandler in configuration code Dbauthenticationhandler is the code for the custom implementation above, with 2 properties added,userdefaultpassword= True indicates that when the server authenticates the password submitted by the login page, the password submitted by T is not the actual password source, but rather the value from the attribute DefaultPassword, and vice versa userdefaultpassword=false Represents the password submitted by the login page as the source of the password for the server-side authentication password. Here the 11111 simulation is the password entered by the login password, so it is clear text, in fact, the user can not see the password, and the database is not stored in 111111 but 111111 encrypted ciphertext, It is necessary to encrypt the 111111 at the time of internal 111111 validation. The specific encryption process is based on your configuration to achieve, the department in the second step mentioned in the above reference, in fact, the encryption of this piece you can customize.

Datassoure configuration This article is not listed

Fourth step: Compiling CAS-SERVER-SUPPORT-JDBC

Since the version used in this article is based on MVN development, the actual version number is 4.0.0, so it needs to be compiled by mvn password, the actual operation is as follows:

Open the Cas-server-support-jdbc source folder, shortcut combination ctrl+shift+ right mouse button (if you left and right key is reversed, please switch to the mouse button) Open the console, enter the command mvn clean compile enter to compile

After opening the cas-server-support-jdbc\target\classes\org\jasig\cas\adaptors\jdbc\ directory, Here you will find the Tyquerydatabaseauthenticationhandler.class binary file

Fifth Step: Package the jar file

Open cas-server-support-jdbc\target\classes\, shortcut combination ctrl+shift+ the right mouse button to open the console, enter the password JAR-CVF Cas-server-support-jdbc-4.0.0.jar org Enter to generate the jar package file

Package file name Explanation: "CAS-SERVER-SUPPORT-JDBC" means MVN project from module name " -4.0.0" represents the version number of your MVN master project, the version number of the MVN submodule should be consistent with the MVN master project version number

　　

Sixth step: Deploy

Copy the above compiled Cas-server-support-jdbc-4.0.0.jar file to the following Lib directory under your CAs deployment package, and then modify the configuration file as described in the third step above. OK at this point, modify the package and deploy complete. At this point restart Tomact visit your website fly up can see the effect.

Modify CAS source code Yes DB-based authentication mode configuration more flexible