一、实现步骤:
1、 将CentralAuthenticationServiceImpl.java拷贝到org.jasig.cas包下;
2、修改validateServiceTicket方法
在
final Authenticationauthentication = serviceTicket
.getGrantingTicket().getChainedAuthentications().get(authenticationChainSize- 1);
final Principal principal =authentication.getPrincipal();
后面加入如下代码:
/*************新增部分开始**************/
//取得用户名
String username = principal.getId();
Map
String user_id = (String) attrs.get("fdObjectid"); //用户id
//截取网址前半段,如http://www.a.com:8080/UserManage/xxx/bbb只截取到UserManage
String url = service.toString();
int index = url.indexOf("/", url.indexOf("/", 8)+1);
String myUrl = url.substring(0, index+1);
// 看是否有权限,根据实际情况进行修改
String sql = "SELECT count(*) as myCountfrom sys_pro_user s "
+ "where s.pro_id in("
+ "select pro_id from sys_prowhere pro_url like '%"
+ myUrl+ "%' and is_del=0) "
+ "and s.user_id = '" + user_id + "'";
// + "and s.user_id in("
// + "select fd_objectid from user_infowhere user_name='"
// + username+"' andis_del=0) ";
List xx = getJdbcTemplate().queryForList(sql);
long count = (Long)((Map) xx.get(0)).get("myCount");
if(count==0){
throw newTicketValidationException(serviceTicket.getService());
}
3、让类继承AbstractJdbcUsernamePasswordAuthenticationHandler
4、修改方法类型为public class CentralAuthenticationServiceImpl
5、 在cas-servlet.xml加入如下代码:
<beanid="centralAuthenticationService"class="org.jasig.cas.CentralAuthenticationServiceImpl"
p:ticketGrantingTicketExpirationPolicy-ref="grantingTicketExpirationPolicy"
p:serviceTicketExpirationPolicy-ref="serviceTicketExpirationPolicy"
p:authenticationManager-ref="authenticationManager"
p:ticketGrantingTicketUniqueTicketIdGenerator-ref="ticketGrantingTicketUniqueIdGenerator"
p:ticketRegistry-ref="ticketRegistry"
p:servicesManager-ref="servicesManager"
p:persistentIdGenerator-ref="persistentIdGenerator"
p:uniqueTicketIdGeneratorsForService-ref="uniqueIdGeneratorsMap"
p:dataSource-ref="dataSource"/>
6、 在cas-servlet.xml添加dataSource的代码如下:
<beanid="dataSource"class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<propertyname="driverClassName"><value>com.mysql.jdbc.Drivervalue>property>
<propertyname="url"><value>jdbc:mysql://localhost:3306/wlwvalue>property>
<propertyname="username"><value>rootvalue>property>
<propertyname="password"><value>rootvalue>property>
bean>
7、修改用户查询方式:修改deployerConfigContext.xml文件中的
改为如下所示(可根据实际情况进行修改):
注意:dataSource中的配置可以在配置文件cas.propertie中进行配置
二、参照网址:
http://www.mytju.com/classCode/news_readNews.asp?newsID=524
CentralAuthenticationServiceImpl.java源码网址:
http://code.taobao.org/p/castest/src/service3/src/org/jasig/cas/CentralAuthenticationServiceImpl.java
注意:
a)dataSource的配置可以在配置文件cas.propertie中进行配置;
b)cas客户端需要对不符合登录条件的500错误进行拦截。