CasServer添加子系统登陆权限验证

一、实现步骤:

1、 将CentralAuthenticationServiceImpl.java拷贝到org.jasig.cas包下;

2、修改validateServiceTicket方法

final Authenticationauthentication = serviceTicket

               .getGrantingTicket().getChainedAuthentications().get(authenticationChainSize- 1);

 final Principal principal =authentication.getPrincipal();

后面加入如下代码:

/*************新增部分开始**************/

//取得用户名

String username = principal.getId();

Map attrs = principal.getAttributes(); //其他属性值

String user_id = (String) attrs.get("fdObjectid"); //用户id

//截取网址前半段,如http://www.a.com:8080/UserManage/xxx/bbb只截取到UserManage

String url = service.toString();

int index = url.indexOf("/", url.indexOf("/", 8)+1);

String myUrl = url.substring(0, index+1);

// 看是否有权限,根据实际情况进行修改

 String sql = "SELECT count(*) as myCountfrom sys_pro_user s "

            + "where s.pro_id in("

            + "select pro_id from sys_prowhere pro_url like '%"

+ myUrl+ "%' and is_del=0) "

+ "and s.user_id = '" + user_id + "'";

            // + "and s.user_id in("

            // + "select fd_objectid from user_infowhere user_name='"

           // + username+"' andis_del=0) ";

List xx = getJdbcTemplate().queryForList(sql);

long count = (Long)((Map) xx.get(0)).get("myCount");

if(count==0){

     throw newTicketValidationException(serviceTicket.getService());

}

3、让类继承AbstractJdbcUsernamePasswordAuthenticationHandler

4、修改方法类型为public class CentralAuthenticationServiceImpl

5、 在cas-servlet.xml加入如下代码:

<beanid="centralAuthenticationService"class="org.jasig.cas.CentralAuthenticationServiceImpl"

          p:ticketGrantingTicketExpirationPolicy-ref="grantingTicketExpirationPolicy"

          p:serviceTicketExpirationPolicy-ref="serviceTicketExpirationPolicy"

          p:authenticationManager-ref="authenticationManager"

          p:ticketGrantingTicketUniqueTicketIdGenerator-ref="ticketGrantingTicketUniqueIdGenerator"

          p:ticketRegistry-ref="ticketRegistry"

          p:servicesManager-ref="servicesManager"

          p:persistentIdGenerator-ref="persistentIdGenerator"

          p:uniqueTicketIdGeneratorsForService-ref="uniqueIdGeneratorsMap"

          p:dataSource-ref="dataSource"/>

6、 在cas-servlet.xml添加dataSource的代码如下:

    <beanid="dataSource"class="org.springframework.jdbc.datasource.DriverManagerDataSource">

       <propertyname="driverClassName"><value>com.mysql.jdbc.Drivervalue>property>

       <propertyname="url"><value>jdbc:mysql://localhost:3306/wlwvalue>property>

       <propertyname="username"><value>rootvalue>property>

       <propertyname="password"><value>rootvalue>property>

    bean>

7、修改用户查询方式:修改deployerConfigContext.xml文件中的 

改为如下所示(可根据实际情况进行修改):


 







注意:dataSource中的配置可以在配置文件cas.propertie中进行配置

二、参照网址:

http://www.mytju.com/classCode/news_readNews.asp?newsID=524

CentralAuthenticationServiceImpl.java源码网址:

http://code.taobao.org/p/castest/src/service3/src/org/jasig/cas/CentralAuthenticationServiceImpl.java

注意:

a)dataSource的配置可以在配置文件cas.propertie中进行配置;

b)cas客户端需要对不符合登录条件的500错误进行拦截。


你可能感兴趣的:(CasServer添加子系统登陆权限验证)