CAS 3.5.2仅在特定的AuthHandler上应用LPPE

Question

我使用的是Cas 3.5.2，我有2个不同的身份验证处理程序，一个依赖于基于cn / password的ldap auth，一个是我实现的自定义类，无论如何都是用户属性在成功验证后形成ldap。 在第一种情况下，我需要LPPE来检查密码到期等，在第二种情况下没有。 我遇到的问题是在两种情况下都执行了LPPE，如何在第一种情况下配置执行LPPE的情况呢？

关注我的deployConfigContext.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd">
<bean id="authenticationManager" class="org.jasig.cas.authentication.LinkedAuthenticationHandlerAndCredentialsToPrincipalResolverAuthenticationManager">
    <constructor-arg name="linkedHandlers" ref="authenticationHandlersAndPrincipalResolversMap" />
</bean>

<!-- my custom authHandler-->
<bean id="customAuthHandler"
  class="my.custom.authentication.handler.customAuthHandler" />

 <!-- http proxy-->
<bean id="httpAuthHandler" class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
            p:httpClient-ref="httpClient" />

<util:map id="authenticationHandlersAndPrincipalResolversMap">
    <entry key-ref="httpAuthHandler">
            <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" >
                <property name="attributeRepository" ref="cnsAttributeRepository" />
            </bean>
    </entry>
    <entry key-ref="customAuthHandler">
            <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" >
                <property name="attributeRepository" ref="customAttributeRepository" />
            </bean>

    </entry>
    <entry key-ref="lppeEnabledLdapAuthenticationHandler">
            <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" >
                <property name="attributeRepository" ref="lppeAttributeRepository" />
            </bean>
    </entry>

</util:map>

<sec:user-service id="userDetailsService">
    <sec:user name="cas.sa" password="notuseed" authorities="ROLE_ADMIN" />
</sec:user-service>

    <!-- lppe attributes-->
    <bean id="lppeAttributeRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
        <property name="baseDN" value="ou=Users, dc=my,dc=test,dc=org"/>     
        <property name="contextSource" ref="contextSource" />
        <property name="requireAllQueryAttributes" value="true"/>
        <property name="queryAttributeMapping">
            <map>
                <entry key="username" value="cn" />
            </map>
        </property>     
        <property name="resultAttributeMapping">
            <map>               
                <entry key="cn" value="cn" />
                <entry key="sn" value="sn" />
                <entry key="mail" value="mail" />
            </map>
        </property>
    </bean>

    <!-- custom auth attributes-->
    <bean id="customAttributeRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
        <property name="baseDN" value="ou=Users, dc=my,dc=test,dc=org"/>     
        <property name="contextSource" ref="contextSource" />
        <property name="requireAllQueryAttributes" value="true"/>
        <property name="queryAttributeMapping">
            <map>
                <entry key="username" value="cn" />
            </map>
        </property>     
        <property name="resultAttributeMapping">
            <map>               
                <entry key="cn" value="cn" />
                <entry key="sn" value="sn" />
                <entry key="mail" value="mail" />
            </map>
        </property>
    </bean>

     <bean id="attributeRepository" class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
        <property name="baseDN" value="ou=Users, dc=my,dc=test,dc=org"/>     
        <property name="contextSource" ref="contextSource" />
        <property name="requireAllQueryAttributes" value="true"/>
        <property name="queryAttributeMapping">
            <map>
                <entry key="username" value="cn" />
            </map>
        </property>     
        <property name="resultAttributeMapping">
            <map>               
                <entry key="cn" value="cn" />
                <entry key="sn" value="sn" />
                <entry key="mail" value="mail" />
            </map>
        </property>
    </bean>

        <bean id="serviceRegistryDao" class="org.jasig.cas.services.JpaServiceRegistryDaoImpl"
            p:entityManagerFactory-ref="entityManagerFactory" />

        <bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
            <property name="dataSource" ref="dataSource"/>
            <property name="jpaVendorAdapter">
                <bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
                    <property name="generateDdl" value="true"/>
                    <property name="showSql" value="true" />
                </bean>
            </property>
            <property name="jpaProperties">
                <props>
                    <prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
                    <prop key="hibernate.hbm2ddl.auto">update</prop>
                </props>
            </property>
        </bean>

        <bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
                    <property name="entityManagerFactory" ref="entityManagerFactory"/>
        </bean>

        <tx:annotation-driven transaction-manager="transactionManager"/>

        <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
                 <property name="driverClassName">
                  <value>com.mysql.jdbc.Driver</value>
                 </property>
                 <property name="url">
                  <value>jdbc:mysql://127.0.0.1:3306/cas_db</value>
                 </property>
                 <property name="username">
                  <value>root</value>
                 </property>
                 <property name="password">
                  <value>mydummypassword</value>
                 </property>
        </bean>
        <!-- a qui -->

  <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />

  <bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor">
    <property name="monitors">
      <list>
        <bean class="org.jasig.cas.monitor.MemoryMonitor"
            p:freeMemoryWarnThreshold="10" />
        <!--
          NOTE
          The following ticket registries support SessionMonitor:
            * DefaultTicketRegistry
            * JpaTicketRegistry
          Remove this monitor if you use an unsupported registry.
        -->
        <bean class="org.jasig.cas.monitor.SessionMonitor"
            p:ticketRegistry-ref="ticketRegistry"
            p:serviceTicketCountWarnThreshold="5000"
            p:sessionCountWarnThreshold="100000" />
      </list>
    </property>
  </bean>
</beans>