package com.gwtjs.sso.server;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.jasig.cas.authentication.principal.Credentials;
import org.jasig.cas.authentication.principal.CredentialsToPrincipalResolver;
import org.jasig.cas.authentication.principal.Principal;
import org.jasig.cas.authentication.principal.SimplePrincipal;
import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;
import org.springframework.jdbc.core.JdbcTemplate;
/**
*
* 传送更多用户信息
*
* 如果是默认配置,只能传输用户名到客户端,现希望可以传送更多的信息给客户端,例如,用户拥有的权限信息,可以传给客户
*
*
* 参考: *
* @author gwtjs.com
*
*/
public class BaseCredentialsToPrincipalResolver implements
CredentialsToPrincipalResolver {
//private static final Logger logger = Log4jLoggerFactory.getLogger(BaseCredentialsToPrincipalResolver.class);
private JdbcTemplate jdbcTemplate;
public void setJdbcTemplate(JdbcTemplate jdbcTemplate) {
this.jdbcTemplate = jdbcTemplate;
}
public Principal resolvePrincipal(Credentials credentials) {
UsernamePasswordCredentials up = (UsernamePasswordCredentials) credentials;
// 获取登录帐户
//logger.debug("登录用户:" + up.getUsername());
// System.out.println(up.getPassword());
final Map attr = new HashMap();
// ,USER_NAME,ENABLED,ISSYS
String sql = "SELECT USER_ACCOUNT username from SYS_USERS where ENABLED = 1 and USER_ACCOUNT ='"
+ up.getUsername() + "'";
List list = jdbcTemplate.queryForList(sql, String.class);
attr.put(up.getUsername(), list);
Principal p = new SimplePrincipal(up.getUsername(), attr);
return p;
}
public boolean supports(Credentials credentials) {
return credentials != null
&& UsernamePasswordCredentials.class
.isAssignableFrom(credentials.getClass());
}
}
package com.gwtjs.sso.server;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Set;
import java.util.HashSet;
import org.jasig.cas.authentication.handler.AuthenticationException;
import org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.security.authentication.dao.SaltSource;
import org.springframework.security.authentication.encoding.PasswordEncoder;
import org.springframework.security.core.GrantedAuthority;
import com.gwtjs.sso.server.model.BaseUser;
import com.gwtjs.sso.server.model.BaseUserDetail;
/**
* 登陆时使用的工具
*/
public class UsernamePasswordJDBCAuthenticationHandler extends
AbstractUsernamePasswordAuthenticationHandler {
private JdbcTemplate jdbcTemplate;
private PasswordEncoder passEncoder;
private SaltSource saltSource;
/**
* 登陆时使用的方法
*/
protected boolean authenticateUsernamePasswordInternal(
UsernamePasswordCredentials credentials)
throws AuthenticationException {
final String username = credentials.getUsername();
final String password = credentials.getPassword();
System.out.println("username:" + username + " --> password:"
+ password);
String sql = "select USER_ID,USER_ACCOUNT,USER_NAME,USER_PASSWORD from SYS_USERS where ENABLED = 1 and USER_ACCOUNT ='"
+ username + "'";
BaseUser baseUser = jdbcTemplate.queryForObject(sql, null,
new RowMapper() {
@Override
public BaseUser mapRow(ResultSet rs, int rowNum)
throws SQLException {
BaseUser baseuser = new BaseUser();
baseuser.setCode(rs.getString("USER_ID"));
baseuser.setUserAccount(rs.getString("USER_ACCOUNT"));
baseuser.setUserPassword(rs.getString("USER_PASSWORD"));
baseuser.setUserName(rs.getString("USER_NAME"));
return baseuser;
}
});
Set auth = new HashSet();
GrantedAuthority ga = (GrantedAuthority) new SimpleGrantedAuthority("admin");
auth.add(ga);
/*
BaseUserDetail(String userAccount, String username, String userPassword, String code, boolean enabled, boolean issys, boolean accountNonExpired, boolean accountNonLocked, Set auth)
*/
BaseUserDetail user = new BaseUserDetail(username,
baseUser.getUserName(), baseUser.getUserPassword(),
baseUser.getCode(), true, true, true, true, auth);
System.out.println(user);
if (user != null) {
//System.out.println("saltSource.getSalt(user) ... "+ saltSource.getSalt(user));
// 验证密码
/*String encodePassword = this.passEncoder.encodePassword(password,
this.saltSource.getSalt(user));*/
String encodePassword = this.passEncoder.encodePassword(password, user.getUserAccount());
System.out.println("password ... " + password);
System.out.println("UserAccount ... " + user.getUserAccount());
System.out.println("username ... " + username);
System.out.println("encodePassword ... " + encodePassword);
System.out.println("user.getPassword ... " + user.getPassword());
if (encodePassword.equals(user.getPassword())) {
return true;
}
}
return false;
}
public void setJdbcTemplate(JdbcTemplate jdbcTemplate) {
this.jdbcTemplate = jdbcTemplate;
}
public void setPassEncoder(PasswordEncoder passEncoder) {
this.passEncoder = passEncoder;
}
public void setSaltSource(SaltSource saltSource) {
this.saltSource = saltSource;
}
}
MD%加密算法有问题:
String encodePassword = this.passEncoder.encodePassword(user.getUserAccount(), password);
username:dzg --> password:dzg1
encodePassword ... 042c1c7be2a9a18f96be3b2169d663a6
username:dzg --> password:dzg1
encodePassword ... 042c1c7be2a9a18f96be3b2169d663a6
String encodePassword = this.passEncoder.encodePassword( password,user.getUserAccount());
username:dzg --> password:dzg1
encodePassword ... c2ae6fdc2054ae785d5482d1270904b4
数据库结果:
encodePassword ... C857A25F749F1FE0A28427AFE853C4F8
username:dzg --> password:dzg1
BaseUserDetail [
userId=dzg4, userAccount=dzg, username=董正光,
userPassword=C857A25F749F1FE0A28427AFE853C4F8, userDesc=null, enabled=true,
issys=true,
userDept=null, userDuty=null, password=null, authorities=[admin],
accountNonExpired=true, accountNonLocked=true, credentialsNonExpired=false]
password ... dzg1
UserAccount ... dzg
username ... dzg
encodePassword ... c2ae6fdc2054ae785d5482d1270904b4
user.getPassword ... null
cas/web/WEB-INF/deployerConfigContext.xml
完整的配置文件,security使用完全的数据验证,cas使用数据验证;
client applicationContext-security.xml
web.xml
org.jasig.cas.client.session.SingleSignOutHttpSessionListener
CAS Single Sign Out Filter
org.jasig.cas.client.session.SingleSignOutFilter
CAS Single Sign Out Filter
/*
CASFilter
org.jasig.cas.client.authentication.AuthenticationFilter
casServerLoginUrl
https://sso.gwtjs.com:8443/cas/login
serverName
http://localhost:10000
CASFilter
/*
CAS Validation Filter
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
casServerUrlPrefix
https://sso.gwtjs.com:8443/cas
serverName
http://localhost:10000
CAS Validation Filter
/*
CAS HttpServletRequest Wrapper Filter
org.jasig.cas.client.util.HttpServletRequestWrapperFilter
CAS HttpServletRequest Wrapper Filter
/*
CAS Assertion Thread Local Filter
org.jasig.cas.client.util.AssertionThreadLocalFilter
CAS Assertion Thread Local Filter
/*
AutoSetUserAdapterFilter
AutoSetUserAdapterFilter
com.gwtjs.demo.filter.AutoSetUserAdapterFilter
AutoSetUserAdapterFilter
/*