版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/yjaspire/article/details/83867679
下载地址
https://github.com/apereo/cas-overlay-template
下载下来代码之后,cd 到项目根目录,执行 mvn clean install,导入开发工具,运行在tomcat
注意 CAS 5.2.x 不支持低于 tomcat 8.0 的版本
使用默认用户名和密码登陆
casuser Mellon
数据库验证
此时的登陆是静态登陆,需要更改为数据库验证登陆
1.使用mysql数据库依赖添加如下
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp${app.server}</artifactId>
<version>${cas.version}</version>
<type>war</type>
<scope>runtime</scope>
</dependency>
<!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.43</version>
</dependency>
<!--jdbc认证需要添加的,这个是cas的依赖包-->
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-jdbc</artifactId>
<version>${cas.version}</version>
</dependency>2.application.properties修改
创建src/main/resources将application.properties复制于此
如下配置
# Query Database Authentication 数据库查询校验用户名开始
cas.authn.jdbc.query[0].sql=SELECT * FROM sys_user WHERE user_name=?
cas.authn.jdbc.query[0].fieldPassword=PASSWORD_ENCRYPTED
cas.authn.jdbc.query[0].fieldExpired=expired
cas.authn.jdbc.query[0].fieldDisabled=disabled
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect
cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver
cas.authn.jdbc.query[0].url=jdbc:mysql://127.0.0.1:3306/portals_dev?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&useSSL=false
cas.authn.jdbc.query[0].user=portals
cas.authn.jdbc.query[0].password=java
#默认加密策略,通过encodingAlgorithm来指定算法,默认NONE不加密
cas.authn.jdbc.query[0].passwordEncoder.type=DEFAULT
cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=UTF-8
cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=MD5此时使用明文校验
自定义加密认证
如下更改,CustomPasswordEncoder为自定义加密规则
cas.authn.jdbc.query[0].passwordEncoder.type=com.fsl.CustomPasswordEncoderpackage com.fsl;
import org.springframework.security.crypto.password.PasswordEncoder;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
/**
* 自定义加密类
* @author Dell
*
*/
public class CustomPasswordEncoder implements PasswordEncoder {
public static String salt="1234";
public String encode(CharSequence password) {
try {
//给数据进行md5加密
String sha = SHA(password+salt, "SHA-256");
System.out.println("encode方法:加密前(" + password + "),加密后(" + sha + ")");
return sha;
} catch (Exception e) {
return null;
}
}
/**
* 字符串 SHA 加密
*
* @param strSourceText
* @return
*/
private static String SHA(final String strText, final String strType)
{
// 返回值
String strResult = null;
// 是否是有效字符串
if (strText != null && strText.length() > 0)
{
try
{
// SHA 加密开始
// 创建加密对象 并傳入加密類型
MessageDigest messageDigest = MessageDigest.getInstance(strType);
// 传入要加密的字符串
messageDigest.update(strText.getBytes());
// 得到 byte 類型结果
byte byteBuffer[] = messageDigest.digest();
// 將 byte 轉換爲 string
StringBuffer strHexString = new StringBuffer();
// 遍歷 byte buffer
for (int i = 0; i < byteBuffer.length; i++)
{
String hex = Integer.toHexString(0xff & byteBuffer[i]);
if (hex.length() == 1)
{
strHexString.append('0');
}
strHexString.append(hex);
}
// 得到返回結果
strResult = strHexString.toString();
}
catch (NoSuchAlgorithmException e)
{
e.printStackTrace();
}
}
return strResult;
}
/**
* 调用这个方法来判断密码是否匹配
*/
@Override
public boolean matches(CharSequence rawPassword, String encodePassword) {
// 判断密码是否存在
if (rawPassword == null) {
return false;
}
//通过加密后的密码
String pass = this.encode(rawPassword.toString());
System.out.println("matches方法:rawPassword:" + rawPassword + ",encodePassword:" + encodePassword + ",pass:" + pass);
//比较密码是否相等的问题
return pass.equals(encodePassword);
}
}
客户端跳转服务器登陆的时候会出现未认证的服务的提醒
在 resources 文件夹下创建 services 文件夹进行服务定义,该目录中可包含多个 JSON 文件,其命名必须满足以下规则:
JSON fileName = serviceName + "-" + serviceNumericId + ".json"创建 services/Localhost-10000003.json 文件,表示允许所有以 http://localhost 开头的认证请求:
{
"@class": "org.apereo.cas.services.RegexRegisteredService",
"serviceId": "^(http)://localhost.*",
"name": "本地服务",
"id": 10000003,
"description": "这是一个本地允许的服务,通过localhost访问都允许通过",
"evaluationOrder": 1
}对其中属性的说明如下,更多详细内容见官方文档-Service-Management。
- @class:必须为org.apereo.cas.services.RegisteredService的实现类
- serviceId:对服务进行描述的表达式,可用于匹配一个或多个 URL 地址
- name: 服务名称
- id:全局唯一标志
- evaluationOrder:定义多个服务的执行顺序
最后,根据官方文档-service-registry,还需修改 application.properties 文件告知 CAS 服务端从本地加载服务定义文件:
#开启识别json文件,默认false
cas.serviceRegistry.initFromJson=true
#自动扫描服务配置,默认开启
#cas.serviceRegistry.watcherEnabled=true
#120秒扫描一遍
#cas.serviceRegistry.repeatInterval=120000
#延迟15秒开启
#cas.serviceRegistry.startDelay=15000
#资源加载路径
#cas.serviceRegistry.config.location=classpath:/services启动时打印以下日志,说明服务注册成功。
2018-03-18 23:36:08,660 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].>
2018-03-18 23:36:08,876 INFO [org.apereo.cas.config.CasServiceRegistryInitializationConfiguration] - <Attempting to initialize the service registry [InMemoryServiceRegistry] from service definition resources found at [class path resource [services]]>
2018-03-18 23:36:08,877 WARN [org.apereo.cas.services.ServiceRegistryInitializer] - <Service registry [InMemoryServiceRegistry] will be auto-initialized from JSON service definitions. This behavior is only useful for testing purposes and MAY NOT be appropriate for production. Consider turning off this behavior via the setting [cas.serviceRegistry.initFromJson=false] and explicitly register definitions in the services registry.>
2018-03-18 23:36:09,283 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [3] service(s) from [InMemoryServiceRegistry].>去除https
application.properties添加如下
cas.tgc.secure=false
cas.serviceRegistry.initFromJson=trueservices下添加HTTPSandIMAPS-10000001.json并添加http支持
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https|imaps|http)://.*",
"name" : "HTTPS and IMAPS",
"id" : 10000001,
"description" : "This service definition authorizes all application urls that support HTTPS and IMAPS protocols.",
"evaluationOrder" : 10000
}