1.CAS部署
服务端下载地址:cas5.3
1.下载好打开后,复制target/cas/WEB-INF/classes/META-INF/spring.factories
target/cas/WEB-INF/classes/services下的Apereo-10000002.json和HTTPSandIMAPS-10000001.json
target/cas/WEB-INF/classes下的application.properties和log4j2.xml到resources中形成如下结构:
2.然后修改HTTPSandIMAPS-10000001.json文件,添加http
3.修改application.properties文件,注释掉server.ssl三行配置,修改端口号(与tomcat中的保持一致就行)。
4.再增加两行配置:
5.将项目打包生成.war文件,并命名为cas,放在tomcat的webapps目录下,启动tomcat,浏览器输入http://ip:端口号/cas/login,成功后如下图所示:
输入中的默认用户名casuser,密码Mellon,在application.properties文件的cas.authn.accept.users=casuser::Mellon配置中。
登出的url:http://ip:端口号/cas/logout
2.自定义校验——对接数据库
1.在源码的pom.xml中添加jdbc依赖包
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-jdbc</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-jdbc-drivers</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>8.0.27</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-core-authentication-api</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-generic</artifactId>
<version>${cas.version}</version>
</dependency>
也可自行下载相关包,放入tomcat\webapps\cas\WEB-INF\lib路径下
2.修改application.properties文件,添加如下配置:
cas.authn.jdbc.query[0].url=jdbc:mysql://ip:端口号/数据库名?serverTimezone=GMT
cas.authn.jdbc.query[0].user=连接数据库的用户名
cas.authn.jdbc.query[0].password=连接数据库的密码
cas.authn.jdbc.query[0].sql=select * from 用户表名 where 用户名字段名称=?
cas.authn.jdbc.query[0].fieldPassword=密码字段名称
cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver
如果数据库中密码是密文,还可添加如下配置:
cas.authn.jdbc.query[0].passwordEncoder.type=DEFAULT
cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=UTF-8
cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=MD5 //密码加密算法,内置的有MD5、SHA、HMAC
整体如下图:
3.重启tomcat,输入数据库中的用户名、密码,登陆成功。
3.自定义校验——自定义密码校验
1.自定义加密算法可通过实现PasswordEncoder接口的matches方法实现。
package com.example.cas;
import org.springframework.security.crypto.password.PasswordEncoder;
public class SHA256Encodeing implements PasswordEncoder{
@Override
public boolean matches(CharSequence charSequence, String str) {
//charSequence 为用户输入的密码
String encryptVal = String.valueOf(charSequence);
System.out.println("数据库密码" + str);
//自定义加密算法
// encryptVal为密文
if (encryptVal.equals(str)){
return true;
}
return false;
}
}
若在此处需要获取用户名,则在pom.xml添加如下依赖和代码:
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
<scope>provided</scope>
</dependency>
import org.springframework.web.context.request.ServletRequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import javax.servlet.http.HttpServletRequest;
ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
HttpServletRequest request = requestAttributes.getRequest();
String username = String.valueOf(request.getParameter("username"));
2.然后修改application.properties文件:
3.重启tomcat,输入数据库中的用户名、密码,登陆成功。
4.自定义校验——自定义用户名校验
1.需要添加如下两个java文件。
MyAuthenticationConfiguration.java:
package com.example.cas;
import com.example.cas.MyAuthenticationHandler;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.principal.DefaultPrincipalFactory;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.ServicesManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
/**
* @description: 注册验证器
*/
@Configuration("myAuthenticationConfiguration")
@EnableConfigurationProperties(CasConfigurationProperties.class)
public class MyAuthenticationConfiguration implements AuthenticationEventExecutionPlanConfigurer {
@Autowired
private CasConfigurationProperties casProperties;
@Autowired
@Qualifier("servicesManager")
private ServicesManager servicesManager;
/**
* 将自定义验证器注册为Bean
* @return
*/
@Bean
public AuthenticationHandler myAuthenticationHandler() {
MyAuthenticationHandler handler = new MyAuthenticationHandler(MyAuthenticationHandler.class.getSimpleName(), servicesManager, new DefaultPrincipalFactory(), 1);
return handler;
}
/**
* 注册验证器
* @param plan
*/
@Override
public void configureAuthenticationExecutionPlan(AuthenticationEventExecutionPlan plan) {
plan.registerAuthenticationHandler(myAuthenticationHandler());
}
}
MyAuthenticationHandler.java:在该java中添加具体用户名校验逻辑
package com.example.cas;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.authentication.UsernamePasswordCredential;
import org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import javax.security.auth.login.AccountNotFoundException;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Collections;
import org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver;
public class MyAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler{
public MyAuthenticationHandler(String name, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer order) {
super(name, servicesManager, principalFactory, order);
}
@Override
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(UsernamePasswordCredential credential, String originalPassword) throws GeneralSecurityException, PreventedException {
if("root".equals(credential.getUsername())){
System.out.println("------------------:" + credential.getUsername() + "------------------");
return createHandlerResult(credential,
this.principalFactory.createPrincipal(credential.getUsername()),
new ArrayList<>(0));
}else{
throw new AccountNotFoundException("必须是root用户");
}
}
}
2.然后修改spring.factories文件,添加配置文件
5.与客户端对接
1.在客户端的pom.xml添加如下依赖:
2.在web.xml文件中添加如下监听过滤器:
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://193.168.4.2:7200/cas</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://193.168.4.2:7200/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://127.0.0.1:1000/</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://193.168.4.2:7200/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://127.0.0.1:1000/</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>useSession</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>authn_method</param-name>
<param-value>mfa-duo</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
3.然后去掉客户端原有的登录验证逻辑。
4.实现登出需要修改application.properties文件,添加如下配置:
作用:可以在登出url后添加参数service,使之指向登出后跳转的url。
例如:http://ip:端口/cas/logout?service=跳转的url