apereo cas單點登陸返回多個屬性

weixin_33816300發表於2018-04-15
原文網址 : https://blog.csdn.net/weixin_33816300/article/details/87154275

參考文章:
https://apereo.github.io/2017/02/22/cas51-dbauthn-tutorial/
http://www.cnblogs.com/flying607/p/7598248.html
https://www.jianshu.com/p/eefddd410aaf
ssl設定文件(可選)

cas預設jdbc認證成功後返回登陸使用者名稱,有時候我們可能需要多個使用者屬性。
就需要按照cas個文件來配置相關屬性,但是cas的官方文件有的內容描述的不夠清晰。只能靠一個個去除錯,才能弄清楚其中的用處。這裡筆者就簡單的配置了一下。
本片文章基於cas 5.2.3版本,通過參考上面的文章。一步步來實現返回多個資料的功能。

步驟

  • 1、配置database驗證
  • 2、配置database多屬性獲取
  • 3、註冊service

下面是部分程式碼

  • 資料庫指令碼

CREATE TABLE `USERS` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `uid` varchar(45) NOT NULL,
  `psw` varchar(45) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1;


CREATE TABLE `USERATTRS` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `uid` varchar(45) NOT NULL,
  `attrname` varchar(45) NOT NULL,
  `attrvalue` varchar(45) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1;

#psw為123456經過MD5加密後字元
INSERT INTO USERS (uid, psw)
VALUES ('mmoayyed', 'e10adc3949ba59abbe56e057f20f883e');

INSERT INTO USERATTRS (uid,  attrname, attrvalue)
VALUES ('mmoayyed', 'firstname', 'Misagh');

INSERT INTO USERATTRS (uid, attrname, attrvalue)
VALUES ('mmoayyed', 'lastname', 'Moayyed');

INSERT INTO USERATTRS (uid, attrname, attrvalue)
VALUES ('mmoayyed', 'phone', '+13476452319');
  • 通過maven覆蓋來修改cas服務端配置
新增jdbc認證支援
<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-jdbc</artifactId>
    <version>${cas.version}</version>
</dependency>
配置jdbc認證屬性

追加到application.properties檔案後

#配置認證資料庫
cas.authn.jdbc.query[0].sql=SELECT * FROM USERS WHERE uid=?
cas.authn.jdbc.query[0].url=jdbc:mysql://192.168.190.129:3306/demo
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQL57InnoDBDialect
cas.authn.jdbc.query[0].user=root
cas.authn.jdbc.query[0].password=xxx
cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver
cas.authn.jdbc.query[0].fieldPassword=psw
cas.authn.jdbc.query[0].passwordEncoder.type=DEFAULT
#密碼設定為md5演算法
cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=MD5
cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=UTF-8

logging.level.org.apereo=DEBUG
#去掉預設的使用者認證資料
cas.authn.accept.users=
配置jdbc多屬性獲取

追加到application.properties檔案後,多屬性解析類為MultiRowJdbcPersonAttributeDao.java。有興趣可以看看

#多屬性
cas.authn.attributeRepository.jdbc[0].singleRow=false
cas.authn.attributeRepository.jdbc[0].order=0
cas.authn.attributeRepository.jdbc[0].url=jdbc:mysql://192.168.190.129:3306/demo
cas.authn.attributeRepository.jdbc[0].user=root
cas.authn.attributeRepository.jdbc[0].password=xxx
cas.authn.attributeRepository.jdbc[0].sql=SELECT * FROM USERATTRS WHERE {0}
cas.authn.attributeRepository.jdbc[0].username=uid
#指定返回的鍵值對 column=column(列對列)
cas.authn.attributeRepository.jdbc[0].columnMappings.attrname=attrvalue
cas.authn.attributeRepository.jdbc[0].dialect=org.hibernate.dialect.MySQL57InnoDBDialect
cas.authn.attributeRepository.jdbc[0].ddlAuto=none
cas.authn.attributeRepository.jdbc[0].driverClass=com.mysql.jdbc.Driver
cas.authn.attributeRepository.jdbc[0].leakThreshold=10
cas.authn.attributeRepository.jdbc[0].propagationBehaviorName=PROPAGATION_REQUIRED
cas.authn.attributeRepository.jdbc[0].batchSize=1
cas.authn.attributeRepository.jdbc[0].healthQuery=SELECT 1
cas.authn.attributeRepository.jdbc[0].failFast=true
  • 註冊服務
新增json服務註冊支援
<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-json-service-registry</artifactId>
    <version>${cas.version}</version>
</dependency>
新增http請求支援

修改HTTPSandIMAPS-10000001.json檔案,新增http支援(可選)。把overlays下的HTTPSandIMAPS-10000001.json檔案移動到工程的resources目錄下(沒有就新建一下),新增多屬性返回策略

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^(https|imaps|http)://.*",
  "name" : "HTTPS and IMAPS",
  "id" : 10000001,
  "description" : "This service definition authorizes all application urls that support HTTPS and IMAPS protocols.",
  "evaluationOrder" : 1,
  "attributeReleasePolicy" : {
    "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
  }
}
10796143-1bb08f2e992eea5b.png
image.png
配置cas客戶端

修改web.xml內容


<!--
   <context-param>
       <param-name>renew</param-name>
       <param-value>true</param-value>
   </context-param>
-->

    <filter>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <!--cas服務登出地址-->
            <param-value>http://localhost:8080/logout</param-value>
        </init-param>
    </filter>

    <listener>
        <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
    </listener>

    <filter>
        <filter-name>CAS Authentication Filter</filter-name>
        <!--<filter-class>org.jasig.cas.client.authentication.Saml11AuthenticationFilter</filter-class>-->
        <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
        <init-param>
            <param-name>casServerLoginUrl</param-name>
            <!--cas服務登陸地址-->
            <param-value>http://localhost:8080/login</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <!--cas客戶端地址-->
            <param-value>http://localhost:8089</param-value>
        </init-param>
    </filter>

    <filter>
        <filter-name>CAS Validation Filter</filter-name>
        <!--<filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>-->
        <filter-class>org.jasig.cas.client.validation.Cas30ProxyReceivingTicketValidationFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <!--cas服務端ticket驗證地址-->
            <param-value>http://localhost:8080</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <!--cas客戶端地址-->
            <param-value>http://localhost:8089</param-value>
        </init-param>
        <init-param>
            <param-name>redirectAfterValidation</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>useSession</param-name>
            <param-value>true</param-value>
        </init-param>
        <!--
        <init-param>
            <param-name>acceptAnyProxy</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>proxyReceptorUrl</param-name>
            <param-value>/sample/proxyUrl</param-value>
        </init-param>
        <init-param>
            <param-name>proxyCallbackUrl</param-name>
            <param-value>https://mmoayyed.unicon.net:9443/sample/proxyUrl</param-value>
        </init-param>
        -->
        <init-param>
            <param-name>authn_method</param-name>
            <param-value>mfa-duo</param-value>
        </init-param>
    </filter>

    <filter>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
        <filter-name>CAS Validation Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
        <filter-name>CAS Authentication Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter-mapping>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <welcome-file-list>
        <welcome-file>
            index.jsp
        </welcome-file>
    </welcome-file-list>

最終客戶端登陸後獲得資料如下圖


10796143-3de620dd798c8db7.png
image.png

cas服務端和cas客戶端:碼雲地址
cas-overlay-template:cas服務端
cas-sample-java-webapp:cas客戶端
客戶端直接部署在tomcat中啟動就可以了。
登陸使用者名稱:mmoayyed
密碼:123456

相關文章