通過查詢數據庫,對用戶名和密碼進行相關的認證配置,deployerConfigContext.xml中配置了一個dbAuthHandler、dataSource還有一個passwordEncoder。
create table test_user(username varchar(30), password varchar(40) , primary key (username));
insert into test_user(username,password) values ('admin','admin');
insert into test_user(username,password) values('user','password');
2 複製所需的類庫到web應用下,如下三個jar包。
commons-collections-3.2.jar
cas-server-support-jdbc-4.0.0.jar
下載:mysql-connector-java-5.1.7-bin.jar
3 配置cas/WEB-INF/目錄下的deployerConfigContext.xml 文件。
3.1增加數據源
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver"></property>
<property name="url" value="jdbc:mysql://localhost:3306/deamo"></property>
<property name="username" value="root"></property>
<property name="password" value="123456"></property>
</bean>
3.2 改變認證方式
<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
<property name="users">
<map>
<entry key="casuser" value="Mellon"/>
</map>
</property>
</bean>
變爲數據庫認證方式:
<bean id="dbAuthHandler"
class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
p:dataSource-ref="dataSource"
p:sql="select password from app_user where username=?" />
3.修改
<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<!--
| IMPORTANT
| Every handler requires a unique name.
| If more than one instance of the same handler class is configured, you must explicitly
| set its name to something other than its default name (typically the simple class name).
-->
<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
<entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" />
</map>
</constructor-arg>
變爲:
<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<!-- <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> -->
<entry key-ref="dbAuthHandler" value-ref="primaryPrincipalResolver" />
</map>
</constructor-arg>
<property name="authenticationPolicy">
<bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
</property>
</bean>
4 啓動tomcat,輸入http://localhost:8080/servlets-examples
在轉發的CAS登陸頁面中,輸入用戶和密碼。轉發成功後就通過SSO單點登陸認證了。
數據庫密碼不是加密的方式則不使用passwordEncoder 加密驗證
參考文獻:
http://blog.sina.com.cn/s/blog_3fc815b30100ihtr.html
http://www.oschina.net/question/1987045_162150?fromerr=nm8p269o