多版本CAS登录后获取更多信息
cas-server-3.5.2
cas-server-4.0.0
两个版本的配置文件差别还是很大的,本文仅做个笔记用。无详细描述。
修改
deployerConfigContext.xml
//**********************3.5.2所需要修改的配置文件******************
注释掉下面代码,该段代码是cas默认登录检查
<!--
<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
-->- 1
- 2
- 3
添加数据库验证bean(在authenticationHandlers 的bean下 list内)
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="dataSource" />
<property name="sql" value="select passwd from CONTACTS_PERSON where id = ?" />
<!-- <property name="passwordEncoder" ref="myPasswordEncoder" /> -->
</bean> - 1
- 2
- 3
- 4
- 5
在beans下添加 datasource (示例数据库oracle, 连接池c3p0)
<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource"
p:driverClass="oracle.jdbc.driver.OracleDriver"
p:jdbcUrl="jdbc:oracle:thin:@10.3.34.48:1521:river3d"
p:user="zhxxzy"
p:password="zhxxzy"
p:maxPoolSize="10"
p:minPoolSize="1"
p:initialPoolSize="2"
p:maxIdleTime="600"
p:acquireIncrement="3"
p:idleConnectionTestPeriod="60"/>- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
添加attributeRepository 的bean 可理解为登录成功后数据查询并赋值给map放入session
<bean class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao" id="attributeRepository">
<constructor-arg index="0" ref="dataSource"/>
<constructor-arg index="1" value="select * from CONTACTS_PERSON where {0}"/>
<property name="queryAttributeMapping">
<map>
<!--这里的key需写username和登录页面一致,value对应数据库用户名字段-->
<entry key="username" value="id"/>
</map>
</property>
<property name="resultAttributeMapping">
<map>
<!--key为对应的数据库字段名称,value为提供给客户端获取的属性名字,系统会自动填充值-->
<entry key="id" value="id"/>
<entry key="mobile" value="mobile"/>
<entry key="email" value="email"/>
<entry key="tel" value="tel"/>
</map>
</property>
<!-- <property name="queryType">
<value>OR</value>
</property> -->
</bean> - 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
在3.5.2版本下还需要修改 serviceRegistryDao内的list
<bean
id="serviceRegistryDao"
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
<property name="registeredServices">
<list>
<bean class="org.jasig.cas.services.RegexRegisteredService">
<property name="id" value="0" />
<property name="name" value="HTTP and IMAP" />
<property name="description" value="Allows HTTP(S) and IMAP(S) protocols" />
<property name="serviceId" value="^(https?|imaps?)://.*" />
<property name="evaluationOrder" value="10000001" />
<!-- <property name="ignoreAttributes" value="false" /> -->
<property name="allowedAttributes">
<!-- 客户端需要使用的对象的属性名称 -->
<list>
<value>email</value>
<value>id</value>
<value>mobile</value>
<value>tel</value>
</list>
</property>
</bean>
</list>
</property>
</bean>- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
看org.jasig.cas.services.RegexRegisteredService的源码,其中的 allowedAttributes是关键
【提示】网上说此bean中的ignoreAttributes属性默认是不添加用户信息,查看了 CAS 3.5.2版本的 AbstractRegisteredService 源码后,发现其默认值就是 false,即:添加属性后,客户端就可见了
来源:https://my.oschina.net/xiaokaceng/blog/182547?p=1
4.0.0无需修改,只修改默认的attributeRepository即可
//**********************cas-server-4.0.0所需要修改的配置文件******************
修改数据库处理映射authenticationManager 的 bean下,注释掉的是原有的
<!--<entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" />-->
<!-- 修改数据库处理映射 -->
<entry key-ref="dbAuthHandler" value-ref="primaryPrincipalResolver" />- 1
- 2
- 3
然后注释下面代码
<!-- 注释调默认的登录方式
<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
<property name="users">
<map>
<entry key="casuser" value="Mellon"/>
</map>
</property>
</bean>
-->- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
添加datasource ,和上面3.5.2一样
定义dbAuthHandler
<bean id="dbAuthHandler" class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
p:dataSource-ref="dataSource"
p:sql="select passwd from CONTACTS_PERSON where id=?" />- 1
- 2
- 3
- 4
- 5
定义attributeRepository 这里和3.5.2也是一样的
注释掉原有的attributeRepository
<!--注释掉原有的, 可理解为登录成功后 向session中注入数据(attributeRepository) -->
<!--
<bean id="attributeRepository" class="org.jasig.services.persondir.support.StubPersonAttributeDao"
p:backingMap-ref="attrRepoBackingMap" />
-->- 1
- 2
- 3
- 4
- 5
//**********************3.5.2和4.0.0都需要修改的******************
修改WEB-INF\view\jsp\protocol\2.0\casServiceValidationSuccess.jsp
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>${fn:escapeXml(assertion.primaryAuthentication.principal.id)}</cas:user>
<c:if test="${not empty pgtIou}">
<cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket>
</c:if>
<c:if test="${fn:length(assertion.chainedAuthentications) > 1}">
<cas:proxies>
<c:forEach var="proxy" items="${assertion.chainedAuthentications}" varStatus="loopStatus" begin="0" end="${fn:length(assertion.chainedAuthentications)-2}" step="1">
<cas:proxy>${fn:escapeXml(proxy.principal.id)}</cas:proxy>
</c:forEach>
</cas:proxies>
</c:if>
<!--新加代码-->
<c:if test="${fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes) > 0}">
<cas:attributes>
<c:forEach var="attr" items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}">
<cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>
</c:forEach>
</cas:attributes>
</c:if>
<!--新加代码结束-->
</cas:authenticationSuccess>
</cas:serviceResponse>- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
还有头修改为
page session=”false” contentType=”application/xml; charset=gb2312”
charset设置为gb2312,否则中文乱码, 别问我为什么不改为UTF-8
//**********************client获取方式******************
AttributePrincipal principal = (AttributePrincipal)request.getUserPrincipal();
Map attributes = principal.getAttributes();
String email=attributes.get("email").toString();