cas single sign-on Learning (II) database authenticates
Description cas official website
pom file
Add the necessary authentication database package
I am using mysql, mysql so add driver package
<dependencies>
<!-- cas database 认证支持-->
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-jdbc</artifactId>
<version>${cas.version}</version>
</dependency>
<!--mysql driver-->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.25</version>
</dependency>
</dependencies>
yaml
#SSL配置 证书
server:
ssl:
enabled: true
key-store: classpath:thekeystore
key-store-password: changeit
key-password: changeit
cas:
authn:
jdbc:
query:
#数据库连接
- url: jdbc:mysql://127.0.0.1:3306/blog_cas?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&useSSL
=false
# 用户名
user: blog-cas
# 密码
password: blog-cas
# 方言
dialect: org.hibernate.dialect.MySQLDialect
# 数据库驱动
driverClass: com.mysql.jdbc.Driver
# idleTimeout: 5000
#查询账号密码SQL,必须包含密码字段
sql: select username,password from user where username=?
# 指定密码字段
fieldPassword: password
Create a table in the database user
repackaged after launch, you can use the user a / 1 logged in
md5 encryption
md5 can be calculated as a fixed plaintext password length (32) of the string, the irreversible
cas:
authn:
jdbc:
query:
- passwordEncoder:
type: DEFAULT
encodingAlgorithm: MD5
mysql query md5 value of 1, the copy in the user table
select md5(‘1’)
MD5 encryption salt
cas official website explained Encode Database Authentication
md5 value md5 encryption is not particularly safe, two identical plaintext passwords are the same, salt encryption solution to this problem, even with the same plaintext password, you can have different password value, you can achieve a person a password .
After addition salts encrypted password to the private and public salts salts md5 calculated value, so that a person to achieve a password
YML
# 盐加密
cas:
authn:
jdbc:
encode:
# jdbc
- url: jdbc:mysql://127.0.0.1:3306/blog_cas?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&useSSL=false
# 驱动
driverClass: com.mysql.jdbc.Driver
# 方言
dialect: org.hibernate.dialect.MySQL5Dialect
# 数据库用户名
user: blog-cas
# 数据库密码
password: blog-cas
# 加密方式
algorithmName: MD5
# 加密迭代次数
numberOfIterations: 2
# 密码字段
passwordFieldName: password
# 动态盐值
saltFieldName: username
# 静态盐值
staticSalt: 123
sql: SELECT username,password FROM user WHERE username =?
Generating the salt value
package required
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.4.0</version>
<!-- <scope>test</scope>-->
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
package jsong;
import org.apache.shiro.crypto.hash.ConfigurableHashService;
import org.apache.shiro.crypto.hash.DefaultHashService;
import org.apache.shiro.crypto.hash.HashRequest;
import org.apache.shiro.util.ByteSource;
import org.junit.Test;
public class CreateSaltPassword {
// 静态盐值
private String staticSalt = "123";
// 加密算法
private String algorithmName = "MD5";
// 密码
private String encodedPassword = "1";
// 用户名 动态盐值
private String dynaSalt = "test";
// 加密迭代次数
private int numberOfIterations = 2;
@Test
public void test() throws Exception {
ConfigurableHashService hashService = new DefaultHashService();
hashService.setPrivateSalt(ByteSource.Util.bytes(this.staticSalt));
hashService.setHashAlgorithmName(this.algorithmName);
hashService.setHashIterations(this.numberOfIterations);
HashRequest request = new HashRequest.Builder()
.setSalt(dynaSalt)
.setSource(encodedPassword)
.build();
String res = hashService.computeHash(request).toHex();
System.out.println(res);
}
}
The existence of the database and the user name test generated salt value, because the user name, the password even if the same, different users will have different values salts
using test / 1 user can log
