我正在配置CAS v4.1.1并且我正在尝试返回参数Map(加上票证)对客户端phpCAS的响应,“Custom Bean”(我根据bean org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler子项目cas-server-support-jdbc)进行身份验证,用作我的deployerConfigContext.xml上使用的“authenticationManager”bean的“primaryPrincipalResolver”
我的deployerConfigContext.xml配置看起来像这样:
<beans xmlns="http://www.springframework.org/schema/beans"
...
... />
<bean id="authenticationManager"
class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
<constructor-arg>
<map>
<!-- | IMPORTANT | Every handler requires a unique name. | If more than
one instance of the same handler class is configured, you must explicitly
| set its name to something other than its default name (typically the simple
class name). -->
<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
<!-- Beans de autenticación:
Aquí se enlistan los beans que serán usados para la autenticación. Dependiendo del orden
En que se agreguen, se dará prioridad al método de autenticación que describa el bean. -->
<entry key-ref="SearchDatabaseAuthenticationMovilred" value-ref="primaryPrincipalResolver" />
</map>
</constructor-arg>
<!-- | Defines the security policy around authentication. Some alternative
policies that ship with CAS: | | * NotPreventedAuthenticationPolicy - all
credential must either pass or fail authentication | * AllAuthenticationPolicy
- all presented credential must be authenticated successfully | * RequiredHandlerAuthenticationPolicy
- specifies a handler that must authenticate its credential to pass -->
<property name="authenticationPolicy">
<bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
</property>
</bean>
...
....
<bean id="SearchDatabaseAuthenticationMovilred"
class="com.solidda.cas.jdbc.SearchDatabaseAuthenticationMovilred">
<property name="urlService">
<value> { SOME URL THAT I USE TO POINT TO A SERVICE THAT RETURN A MAP OF DATA } </value>
</property>
<property name="dataSource" ref="dataSource" />
</bean>
...
<!-- Required for proxy ticket mechanism -->
<bean id="proxyPrincipalResolver"
class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
<!-- | Resolves a principal from a credential using an attribute repository
that is configured to resolve | against a deployer-specific store (e.g. LDAP). -->
<bean id="primaryPrincipalResolver"
class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver"
p:principalFactory-ref="principalFactory" p:attributeRepository-ref="attributeRepository" />
<!-- Bean that defines the attributes that a service may return. This example
uses the Stub/Mock version. A real implementation may go against a database
or LDAP server. The id should remain "attributeRepository" though. + -->
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao"
p:backingMap-ref="attrRepoBackingMap" />
<util:map id="attrRepoBackingMap">
<entry key="uid" value="uid" />
<entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
<entry key="groupMembership" value="groupMembership" />
<entry>
<key>
<value>memberOf</value>
</key>
<list>
<value>faculty</value>
<value>staff</value>
<value>org</value>
</list>
</entry>
</util:map>
....
这类似于我创建的“自定义bean”的代码:
...
public class SearchDatabaseAuthenticationMovilred extends
AbstractJdbcUsernamePasswordAuthenticationHandler {
@NotNull
private String urlService;
/**
* {@inheritDoc}
*/
@Override
protected final HandlerResult authenticateUsernamePasswordInternal(
final UsernamePasswordCredential credential)
throws GeneralSecurityException, PreventedException {
//Get the data to adquire user and password from the petition
final String username = credential.getUsername();
final String password = credential.getPassword();
....
//Creates the petition to the method that call a POST service that returns a Map of data
....
//Maps that decompose the result
final Map<String, Object> result;
final Map<String, Object> dataValues;
//At the end I obtain a Map something like this object bellow
dataValues = new HashMap<String, Object>();
dataValues.put("data", "{\"InfoLogin\": {\"USUA_LOGIN\": "
+ "\"USERNAME\",\"USUA_ID\": SOMEID,\"TPTE_ID\": "
+ "TYPE,\"TERC_ID\": OTHERSOMEID}");
//I send something like this, sending the map to the method "createPrincipal" the map of the result
final HandlerResult a = createHandlerResult(credential,
this.principalFactory.createPrincipal(username, dataValues), null);
return a;
}
....
//Some more code and stuff
我无法获得关于phpCAS上的响应make的“dataValues”内容,如“属性”或类似内容。我对此非常不满,我看到很多论坛,对我的案子一无所知......你们能帮助我吗?
来自哥伦比亚的问候。
谢谢。
- Cristian Guerrero。 开发人员神经衰弱
答案 0 :(得分:0)
两件事: 1.如果您希望使用处理程序返回属性,则应该使相应的主体解析器无效。 2.应根据属性发布策略将属性发布到CAS客户端。您应列出需要发布的所有属性,即数据。
答案 1 :(得分:0)
指定Misagh Moayyed响应,
我找到了解决方案,基于另一个论坛:https://groups.google.com/forum/#!msg/jasig-cas-user/N8aod-ijs90/zzHKpk-hBgAJ(还有很多阅读),回复真的令人沮丧。
你应该&#34; null-ify&#34;自定义身份验证处理程序的 deployerConfigContext.xml 上的主要解析程序,如下所示:
<entry key-ref="YourCustomAuthHandler" value="#{null}" />
</map>
</constructor-arg>
{...}
之后,你应该查看你的&#34; serviceRegistry.json&#34;在路径上:cas-server-webapp / scr / main / resources / services。在此文件中,您应该检查必须包含此anotation的 attributeReleasePolicy :
&#34; attributeReleasePolicy&#34; :{ &#34; @类&#34; :&#34; org.jasig.cas.services.ReturnAllAttributeReleasePolicy&#34;, .... },
第二次anotation非常重要,因为这是管理AuthHandler必须返回的属性的策略。在这种情况下,您允许返回所有属性(包括自定义属性)。
我希望它有所帮助。它花了我一个眼球。
问候。