手把手教Apereo CAS5.2.3服务端 查数据库验证身份
程序员文章站
2022-05-05 11:43:38
...
hugeo的CAS系列:https://blog.csdn.net/u010588262/article/category/7548325
DEMO下载:https://download.csdn.net/download/u010588262/10327539
现在咱们开发环境搭好了就一切好办了
只需要增加两个类,修改两个配置文件就ok了
第一个类,登录验证类
类里面用到了 com.mysql.jdbc.Driver,所以你们懂得,记得在pom里面加入对mysql驱动的依赖,上一篇里提到过了
package com.hugeo.cas;
import org.apereo.cas.authentication.HandlerResult;
import org.apereo.cas.authentication.PreventedException;
import org.apereo.cas.authentication.UsernamePasswordCredential;
import org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager;
import org.slf4j.LoggerFactory;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.datasource.DriverManagerDataSource;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import javax.security.auth.login.FailedLoginException;
import java.security.GeneralSecurityException;
import java.util.HashMap;
import java.util.Map;
public class Login extends AbstractUsernamePasswordAuthenticationHandler {
private static final org.slf4j.Logger logger = LoggerFactory.getLogger(Login.class);
public Login(String name, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer order) {
super(name, servicesManager, principalFactory, order);
}
@Override
protected HandlerResult authenticateUsernamePasswordInternal(UsernamePasswordCredential transformedCredential, String originalPassword) throws GeneralSecurityException, PreventedException {
DriverManagerDataSource d=new DriverManagerDataSource();
d.setDriverClassName("com.mysql.jdbc.Driver");
d.setUrl("jdbc:mysql://127.0.0.1:3306/orange");
d.setUsername("root");
d.setPassword("123456");
JdbcTemplate template=new JdbcTemplate();
template.setDataSource(d);
String username=transformedCredential.getUsername();
String pd=transformedCredential.getPassword();
//查询数据库加密的的密码
Map<String,Object> user = template.queryForMap("SELECT `password` FROM sys_user WHERE username = ?", transformedCredential.getUsername());
if(user==null){
throw new FailedLoginException("没有该用户");
}
//返回多属性(暂时不知道怎么用,没研究)
Map<String, Object> map=new HashMap<>();
map.put("email", "aaa@qq.com");
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
if(encoder.matches(transformedCredential.getPassword(),user.get("password").toString())){
return createHandlerResult(transformedCredential, principalFactory.createPrincipal(username, map), null);
}
throw new FailedLoginException("Sorry, login attemp failed.");
}
}
第二个类 登录验证配置
package com.hugeo.cas;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
import org.apereo.cas.authentication.AuthenticationHandler;
import org.apereo.cas.authentication.principal.DefaultPrincipalFactory;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.services.ServicesManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration("CustomAuthConfig")
@EnableConfigurationProperties(CasConfigurationProperties.class)
public class CustomAuthConfig implements AuthenticationEventExecutionPlanConfigurer{
@Autowired
private CasConfigurationProperties casProperties;
@Autowired
@Qualifier("servicesManager")
private ServicesManager servicesManager;
@Bean
public AuthenticationHandler myAuthenticationHandler() {
final Login handler = new Login(Login.class.getSimpleName(), servicesManager, new DefaultPrincipalFactory(), 10);
return handler;
}
@Override
public void configureAuthenticationExecutionPlan(AuthenticationEventExecutionPlan plan) {
plan.registerAuthenticationHandler(myAuthenticationHandler());
}
}
把配置文件里写死的用户名密码注释掉
修改spring.factories里的配置
大功告成了
上一篇: Java Web 开发发展简介
下一篇: 社会焦点:社会责任感的那些事