聲明:基於cas4.0改造
1.需求
基於cas做掃碼登陸、短信登陸等特殊場景時,用戶無需輸入賬號密碼進行登陸操作。
2.改造
2.1.增加生成tgt接口類核心代碼如下
// 登陸用戶對象
UsernamePasswordCaptchaCredential credential = new UsernamePasswordCaptchaCredential();
credential.setUsername(usernameKey);
// 不驗證密碼
credential.setSign(1);
// 驗證用戶信息
Authentication authentication = this.authenticationManager.authenticate(credential);
// 生成tgt
tgt = this.ticketGrantingTicketUniqueIdGenerator.getNewTicketId(TicketGrantingTicket.PREFIX);
TicketGrantingTicket ticketGrantingTicket = new TicketGrantingTicketImpl(tgt, authentication, this.grantingTicketExpirationPolicy);
// 將tgt註冊進cas
this.ticketRegistry.addTicket(ticketGrantingTicket);
UsernamePasswordCaptchaCredential 爲繼承UsernamePasswordCredential擴增了sign用來標示是否需要驗證密碼
2.2.修改cas-servlet.xml
<!-- 新增 生成TGT-->
<bean id="casCreateTgtController" class="com.***.controller.CasCreateTgtController"
p:redisDataSourceUtil-ref="redisDataSourceUtil" p:dataSourceUtil-ref="dataSourceUtil"
p:ticketGrantingTicketUniqueIdGenerator-ref="ticketGrantingTicketUniqueIdGenerator"
p:ticketRegistry-ref="ticketRegistry"
p:grantingTicketExpirationPolicy-ref="grantingTicketExpirationPolicy"
p:authenticationManager-ref="authenticationManager"
/>
注入p:ticketGrantingTicketUniqueIdGenerator-ref="ticketGrantingTicketUniqueIdGenerator"
p:ticketRegistry-ref="ticketRegistry"
p:grantingTicketExpirationPolicy-ref="grantingTicketExpirationPolicy"
p:authenticationManager-ref="authenticationManager"
2.3.重寫驗證流程AbstractJdbcUsernamePasswordAuthenticationHandler
// 等於1忽略驗證密碼
if(sign != 1){
// 獲取密碼 根據配置加密明文密碼
String encryptedPassword = this.getPasswordEncoder().encode(credential.getPassword());
if (!dbPassword.equals(encryptedPassword)) {
throw new FailedLoginException("Password does not match value on record.");
}
}
此時獲取的tgt就能直接存入cookie中使用
3.驗證
3.1.生成tgt
3.2.將tgt存入cookie驗證