Spring Security定制开发 单点登录CAS定制开发 集成 配置文件

package com.gwtjs.sso.server;

import java.util.HashMap;
import java.util.List;
import java.util.Map;

import org.jasig.cas.authentication.principal.Credentials;
import org.jasig.cas.authentication.principal.CredentialsToPrincipalResolver;
import org.jasig.cas.authentication.principal.Principal;
import org.jasig.cas.authentication.principal.SimplePrincipal;
import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;
import org.springframework.jdbc.core.JdbcTemplate;
/**
 * 
 * 

传送更多用户信息

*

* 如果是默认配置,只能传输用户名到客户端,现希望可以传送更多的信息给客户端,例如,用户拥有的权限信息,可以传给客户 *

*
 * 参考: * 
* @author gwtjs.com * */ public class BaseCredentialsToPrincipalResolver implements CredentialsToPrincipalResolver { //private static final Logger logger = Log4jLoggerFactory.getLogger(BaseCredentialsToPrincipalResolver.class); private JdbcTemplate jdbcTemplate; public void setJdbcTemplate(JdbcTemplate jdbcTemplate) { this.jdbcTemplate = jdbcTemplate; } public Principal resolvePrincipal(Credentials credentials) { UsernamePasswordCredentials up = (UsernamePasswordCredentials) credentials; // 获取登录帐户 //logger.debug("登录用户:" + up.getUsername()); // System.out.println(up.getPassword()); final Map attr = new HashMap(); // ,USER_NAME,ENABLED,ISSYS String sql = "SELECT USER_ACCOUNT username from SYS_USERS where ENABLED = 1 and USER_ACCOUNT ='" + up.getUsername() + "'"; List list = jdbcTemplate.queryForList(sql, String.class); attr.put(up.getUsername(), list); Principal p = new SimplePrincipal(up.getUsername(), attr); return p; } public boolean supports(Credentials credentials) { return credentials != null && UsernamePasswordCredentials.class .isAssignableFrom(credentials.getClass()); } }


 

package com.gwtjs.sso.server;

import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Set;
import java.util.HashSet;

import org.jasig.cas.authentication.handler.AuthenticationException;
import org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.security.authentication.dao.SaltSource;
import org.springframework.security.authentication.encoding.PasswordEncoder;
import org.springframework.security.core.GrantedAuthority;

import com.gwtjs.sso.server.model.BaseUser;
import com.gwtjs.sso.server.model.BaseUserDetail;

/**
 * 登陆时使用的工具
 */
public class UsernamePasswordJDBCAuthenticationHandler extends
		AbstractUsernamePasswordAuthenticationHandler {

	private JdbcTemplate jdbcTemplate;

	private PasswordEncoder passEncoder;

	private SaltSource saltSource;

	/**
	 * 登陆时使用的方法
	 */
	protected boolean authenticateUsernamePasswordInternal(
			UsernamePasswordCredentials credentials)
			throws AuthenticationException {
		final String username = credentials.getUsername();
		final String password = credentials.getPassword();
		System.out.println("username:" + username + "  --> password:"
				+ password);
		String sql = "select USER_ID,USER_ACCOUNT,USER_NAME,USER_PASSWORD from SYS_USERS where ENABLED = 1 and USER_ACCOUNT ='"
				+ username + "'";
		BaseUser baseUser = jdbcTemplate.queryForObject(sql, null,
				new RowMapper() {
					@Override
					public BaseUser mapRow(ResultSet rs, int rowNum)
							throws SQLException {
						BaseUser baseuser = new BaseUser();
						baseuser.setCode(rs.getString("USER_ID"));
						baseuser.setUserAccount(rs.getString("USER_ACCOUNT"));
						baseuser.setUserPassword(rs.getString("USER_PASSWORD"));
						baseuser.setUserName(rs.getString("USER_NAME"));
						return baseuser;
					}

				});

		Set auth = new HashSet();
		GrantedAuthority ga = (GrantedAuthority) new SimpleGrantedAuthority("admin");
		auth.add(ga);
		
		/*
		 BaseUserDetail(String userAccount, String username, String userPassword, String code, boolean enabled, boolean issys, boolean accountNonExpired, boolean accountNonLocked, Set auth)
		 */
		BaseUserDetail user = new BaseUserDetail(username,
				baseUser.getUserName(), baseUser.getUserPassword(),
				baseUser.getCode(), true, true, true, true, auth);
		System.out.println(user);
		if (user != null) {
			//System.out.println("saltSource.getSalt(user) ...  "+ saltSource.getSalt(user));
			// 验证密码
			/*String encodePassword = this.passEncoder.encodePassword(password,
					this.saltSource.getSalt(user));*/
			String encodePassword = this.passEncoder.encodePassword(password, user.getUserAccount());
			System.out.println("password ...  " + password);
			System.out.println("UserAccount ...  " + user.getUserAccount());
			System.out.println("username ...  " + username);
			System.out.println("encodePassword ...  " + encodePassword);
			System.out.println("user.getPassword ...  " + user.getPassword());
			if (encodePassword.equals(user.getPassword())) {
				return true;
			}
		}
		return false;
	}

	public void setJdbcTemplate(JdbcTemplate jdbcTemplate) {
		this.jdbcTemplate = jdbcTemplate;
	}

	public void setPassEncoder(PasswordEncoder passEncoder) {
		this.passEncoder = passEncoder;
	}

	public void setSaltSource(SaltSource saltSource) {
		this.saltSource = saltSource;
	}

}




 MD%加密算法有问题:

String encodePassword = this.passEncoder.encodePassword(user.getUserAccount(), password);

username:dzg  --> password:dzg1
encodePassword ...  042c1c7be2a9a18f96be3b2169d663a6

username:dzg  --> password:dzg1
encodePassword ...  042c1c7be2a9a18f96be3b2169d663a6

String encodePassword = this.passEncoder.encodePassword( password,user.getUserAccount());
username:dzg  --> password:dzg1
encodePassword ...  c2ae6fdc2054ae785d5482d1270904b4
数据库结果:
encodePassword ...  C857A25F749F1FE0A28427AFE853C4F8

username:dzg  --> password:dzg1
BaseUserDetail [
userId=dzg4, userAccount=dzg, username=董正光,
userPassword=C857A25F749F1FE0A28427AFE853C4F8, userDesc=null, enabled=true,
issys=true,
userDept=null, userDuty=null, password=null, authorities=[admin],
accountNonExpired=true, accountNonLocked=true, credentialsNonExpired=false]
password ...  dzg1
UserAccount ...  dzg
username ...  dzg
encodePassword ...  c2ae6fdc2054ae785d5482d1270904b4
user.getPassword ...  null

 

 

cas/web/WEB-INF/deployerConfigContext.xml

完整的配置文件,security使用完全的数据验证,cas使用数据验证;






	

		
			
				
				
					
				
				
			
		
		
			

				
					
				

				
				
					
				

			
		
	
	
		
		
		
		
	

	
		
			
		
	

	
	
		
	
	
		
	
	
		
		
		
		
			
				
			
		
		
		
			
				
				
				
				
				
			
		
	
	
	
	
	









client applicationContext-security.xml






    
    
        
        
        
        
        
        
        

        
        

        

        
        
        

        

        
        
        
            
            
        

        
        

        
        

        
        
        
        

        
        
        
        
        

    
    
        
        
        
    

    
    

    
    
        
    
    
    

    
    
    

    
    
    
        
        
    
    
        
        
        
        
    

    

    
    
        
        
    
    
        
    

    
        
            
                
            
        
        
        
            
                
            
        
        
    
    
        
    

    
        
        
            
        
        
    

    




web.xml



org.jasig.cas.client.session.SingleSignOutHttpSessionListener

 


    CAS Single Sign Out Filter
    org.jasig.cas.client.session.SingleSignOutFilter


    CAS Single Sign Out Filter
    /*

 


    CASFilter
    org.jasig.cas.client.authentication.AuthenticationFilter
    
        casServerLoginUrl
        https://sso.gwtjs.com:8443/cas/login
    
    
        
        serverName
        http://localhost:10000
    


    CASFilter
    /*

 


    CAS Validation Filter
    
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
    
        casServerUrlPrefix
        https://sso.gwtjs.com:8443/cas
    
    
        serverName
        http://localhost:10000
    


    CAS Validation Filter
    /*

 


    CAS HttpServletRequest Wrapper Filter
    
org.jasig.cas.client.util.HttpServletRequestWrapperFilter


    CAS HttpServletRequest Wrapper Filter
    /*

 


    CAS Assertion Thread Local Filter
    org.jasig.cas.client.util.AssertionThreadLocalFilter


    CAS Assertion Thread Local Filter
    /*

 


    AutoSetUserAdapterFilter
    AutoSetUserAdapterFilter
    com.gwtjs.demo.filter.AutoSetUserAdapterFilter


    AutoSetUserAdapterFilter
    /*







你可能感兴趣的:(Spring,spring,security,项目集成,java,ee)