As mentioned earlier, CAS is compiled and deployed to run, but has only one default account, casuser. It doesn’t make any sense.

You can change it to support existing databases.

1, modify the configuration file Change the configuration file (source: webapp/resources/application. The properties, after deployment is/WEB – INF/classes/application. The properties). Take Oracle as an example:

[0]. SQL =SELECT REVERSE(u_password) as PSW FROM org_user WHERE u_loginname=? cas.authn.jdbc.query[0].healthQuery=SELECT 1 from dual Cas. Authn. JDBC. The query [0]. Url = JDBC: oracle: thin: @ 192.168.0.22: # 1521 / PDBHNJCZS oracle database version of 12 c, PDBHNJCZS for PDB, So the connection string is written in the format "IP: port /PDB", Cas.authn.jdbc.query [0]. User = database login account Cas.authn.jdbc.query [0]. Password = database login password cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.Oracle10gDialect cas.authn.jdbc.query[0].driverClass=oracle.jdbc.OracleDriver cas.authn.jdbc.query[0].isolateInternalQueries=false cas.authn.jdbc.query[0].failFast=true cas.authn.jdbc.query[0].isolationLevelName=ISOLATION_READ_COMMITTED cas.authn.jdbc.query[0].leakThreshold=10 cas.authn.jdbc.query[0].propagationBehaviorName=PROPAGATION_REQUIRED cas.authn.jdbc.query[0].batchSize=1 cas.authn.jdbc.query[0].ddlAuto=create-drop cas.authn.jdbc.query[0].maxAgeDays=180 cas.authn.jdbc.query[0].autocommit=false cas.authn.jdbc.query[0].idleTimeout=5000Copy the code

This is said to support database access to account numbers from the database. This is provided that the JDK supports Oracle. Let’s say I’m JDk8 and I want to copy ojdbc7.jar to %JAVA_HOME%\jre\lib\ext\.

If the password of the account is in plain text, it can be used directly. But! The reality is always very complicated, usually the password is encrypted, the front-end submitted password, often also need to go through a series of processing before comparison; Either you want to add a verification code, or you want to add information such as the department you belong to.


2018-05-07 The above paragraph is incorrect. In fact, account encryption, generally do not need to write their own code for verification. You can modify the configuration file. For example, if the account password of our project is encrypted with MD5, the configuration file can be set like this:

The cas # MD5 encryption strategy. Authn. JDBC. Query [0]. PasswordEncoder. EncodingAlgorithm = MD5 Cas. Authn. JDBC. The query [0]. PasswordEncoder. Strength = 32 # MD5 encryption has 16, 32 two lengthCopy the code

The following custom validation module is written, regardless of whether the database is encrypted or not, purely to illustrate this step.


2. Write a custom verification module

This validation module is completely new, does not modify the existing code, by registering in the system, and setting the validation order, so that our custom validators take effect.

The code structure is shown below:

I just used Intellij idea not long ago, I am not familiar with it, I do not know how to add a module on it, so I have to create it manually in the folder. My module, let’s call it “lt” :

mkdir lt\src\main\java\com\landtool\sso\support\auth\config
mkdir lt\src\main\java\com\landtool\sso\support\auth\handler
Copy the code

Add code to each folder:

1) custom validator UsernamePasswordSystemAuthenticationHandler. Java

package com.landtool.sso.support.auth.handler; import org.apereo.cas.authentication.Credential; import org.apereo.cas.authentication.HandlerResult; import org.apereo.cas.authentication.PreventedException; import org.apereo.cas.authentication.UsernamePasswordCredential; import org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler; import org.apereo.cas.authentication.principal.PrincipalFactory; import org.apereo.cas.services.ServicesManager; import javax.security.auth.login.AccountNotFoundException; import java.security.GeneralSecurityException; import java.util.Collections; /** * username system authentication, As long as the admin user is allowed to pass * * @ author chenqu * @ date 2018/2/12 * * / public class UsernamePasswordSystemAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler { public UsernamePasswordSystemAuthenticationHandler(String name, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer order) { super(name, servicesManager, principalFactory, order); } @Override protected HandlerResult doAuthentication(Credential credential) throws GeneralSecurityException, PreventedException {/ / when a user called admin that allowed by / / UsernamePasswordSysCredential sysCredential = (UsernamePasswordSysCredential) credential; UsernamePasswordCredential ltCredential = (UsernamePasswordCredential)credential; If ("admin".equals(ltCredential.getUsername())) {return createHandlerResult(credential, this.principalFactory.createPrincipal(ltCredential.getUsername(), Collections.emptyMap()), null); } else {throw new AccountNotFoundException(" must be admin to pass "); } } @Override public boolean supports(Credential credential) { return true; }}Copy the code

2) registered validators CustomAuthenticationEventExecutionPlanConfiguration. Java

package com.landtool.sso.support.auth.config; import com.landtool.sso.support.auth.handler.UsernamePasswordSystemAuthenticationHandler; import org.apereo.cas.authentication.AuthenticationEventExecutionPlan; import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer; import org.apereo.cas.authentication.AuthenticationHandler; import org.apereo.cas.authentication.principal.PrincipalFactory; import org.apereo.cas.configuration.CasConfigurationProperties; import org.apereo.cas.services.ServicesManager; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration("customAuthenticationEventExecutionPlanConfiguration") @EnableConfigurationProperties(CasConfigurationProperties.class) public class CustomAuthenticationEventExecutionPlanConfiguration implements AuthenticationEventExecutionPlanConfigurer { @Autowired @Qualifier("servicesManager") private ServicesManager servicesManager; @Autowired @Qualifier("jdbcPrincipalFactory") public PrincipalFactory jdbcPrincipalFactory; Registered validator / * * * * * @ return * / @ Bean public AuthenticationHandler customAuthenticationHandler () {/ / priority to verify the return new UsernamePasswordSystemAuthenticationHandler("customAuthenticationHandler", servicesManager, jdbcPrincipalFactory, 1); } / / registered custom authentication, @ Override public void configureAuthenticationExecutionPlan (final AuthenticationEventExecutionPlan plan) { plan.registerAuthenticationHandler(customAuthenticationHandler()); }}Copy the code

3) Add gradle lt/build.gradle to this module

dependencies {
    compile project(":core:cas-server-core")
    compile project(":core:cas-server-core-configuration")
    compile project(":core:cas-server-core-authentication")
    compile project(":core:cas-server-core-services")
}
Copy the code

Lt \ SRC \main\resources\ meta-inf \spring.factories (shit!)

org.springframework.boot.autoconfigure.EnableAutoConfiguration=\  com.landtool.sso.support.auth.config.CustomAuthenticationEventExecutionPlanConfiguration
Copy the code

And then compile. Reference article: CAS Single Sign-on – Overriding Credential for Custom Authentication (15)

5) Add this module to war package

Thus, drop the WAR pack on Tomcat8: