我正在使用CAS作为身份验证服务器开发项目,到目前为止,该服务器可以进行用户身份验证并可以访问故障单。但是当我尝试通过"(Map)ticket.getAttributes()"来访问票证的属性时。 (使用带有jdbc的数据库)CAS返回null。以下是deployerConfigContext.xml文件中的设置以及我尝试访问故障单属性的代码块:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<util:map id="authenticationHandlersResolvers">
<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
<entry key-ref="SearchModeSearchDatabaseAuthenticationHandler" value-ref="primaryPrincipalResolver" />
</util:map>
<!-- Required for proxy ticket mechanism -->
<bean id="proxyPrincipalResolver"
class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
<bean id="primaryPrincipalResolver"
class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" >
<property name="attributeRepository" ref="singleRowJdbcPersonAttributeDao" />
</bean>
<bean id="iPersonAttributeDao" class="org.jasig.services.persondir.IPersonAttributeDao"/>
<bean id="singleRowJdbcPersonAttributeDao"
class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
<constructor-arg index="0" ref="dataSource" />
<constructor-arg index="1" value="SELECT * FROM user WHERE {0}" />
<property name="queryAttributeMapping">
<map>
<entry key="id" value="1" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="email" value="email" />
</map>
</property>
</bean>
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
<property name="registeredServices">
<list>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="0" />
<property name="name" value="HTTP" />
<property name="description" value="Only Allows HTTP Urls" />
<property name="serviceId" value="http://**" />
<property name="evaluationOrder" value="10000001" />
<property name="allowedAttributes">
<list>
<value>email</value>
</list>
</property>
</bean>
</list>
</property>
</bean>
<util:list id="authenticationMetadataPopulators">
<ref bean="successfulHandlerMetaDataPopulator" />
<ref bean="rememberMeAuthenticationMetaDataPopulator" />
</util:list>
<alias name="acceptUsersAuthenticationHandler" alias="primaryAuthenticationHandler" />
<alias name="personDirectoryPrincipalResolver" alias="primaryPrincipalResolver" />
<alias name="serviceThemeResolver" alias="themeResolver" />
<alias name="jsonServiceRegistryDao" alias="serviceRegistryDao" />
<alias name="defaultTicketRegistry" alias="ticketRegistry" />
<alias name="ticketGrantingTicketExpirationPolicy" alias="grantingTicketExpirationPolicy" />
<alias name="multiTimeUseOrTimeoutExpirationPolicy" alias="serviceTicketExpirationPolicy" />
<alias name="anyAuthenticationPolicy" alias="authenticationPolicy" />
<alias name="acceptAnyAuthenticationPolicyFactory" alias="authenticationPolicyFactory" />
<bean id="auditTrailManager"
class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager"
p:entrySeparator="${cas.audit.singleline.separator:|}"
p:useSingleLine="${cas.audit.singleline:false}"/>
<alias name="neverThrottle" alias="authenticationThrottle" />
<util:list id="monitorsList">
<ref bean="memoryMonitor" />
<ref bean="sessionMonitor" />
</util:list>
<alias name="defaultPrincipalFactory" alias="principalFactory" />
<alias name="defaultAuthenticationTransactionManager" alias="authenticationTransactionManager" />
<alias name="defaultPrincipalElectionStrategy" alias="principalElectionStrategy" />
<alias name="tgcCipherExecutor" alias="defaultCookieCipherExecutor" />
<bean id="dataSource"
class="com.mchange.v2.c3p0.ComboPooledDataSource"
p:driverClass="com.mysql.jdbc.Driver"
p:jdbcUrl="jdbc:mysql://localhost:3306/teste"
p:user="root"
p:password="123456789"
/>
<!-- Authentication method end-->
<bean id="passwordEncoder"
class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
c:encodingAlgorithm="MD5"
p:characterEncoding="UTF-8" />
<bean id="SearchModeSearchDatabaseAuthenticationHandler"
class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler"
p:dataSource-ref="dataSource"
p:passwordEncoder-ref="passwordEncoder"
p:tableUsers="user"
p:fieldUser="email"
p:fieldPassword="password" />
</beans>
代码块:
AttributePrincipal ticket = (AttributePrincipal) req.getUserPrincipal();
Map attributes = ticket.getAttributes();
答案 0 :(得分:0)
这不是它的工作原理。请参阅https://github.com/UniconLabs/cas-sample-java-webapp作为Java CAS客户端如何工作的示例:
https://github.com/UniconLabs/cas-sample-java-webapp/blob/master/src/main/webapp/index.jsp
答案 1 :(得分:0)
我通过更改web.xml文件过滤器&#34; Cas20ProxyReceivingTicketValidationFilter&#34;来解决问题,遵循Misagh Moayyed建议。到&#34; Cas30ProxyReceivingTicketValidationFilter&#34;以及文件中的一些设置&#34; deployerConfigContext.xml&#34;:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<util:map id="authenticationHandlersResolvers">
<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
<entry key-ref="SearchModeSearchDatabaseAuthenticationHandler" value-ref="proxyPrincipalResolver" />
</util:map>
<!-- Required for proxy ticket mechanism -->
<bean id="proxyPrincipalResolver"
class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
<util:list id="authenticationMetadataPopulators">
<ref bean="successfulHandlerMetaDataPopulator" />
<ref bean="rememberMeAuthenticationMetaDataPopulator" />
</util:list>
<!-- Attribute Repository -->
<bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
<constructor-arg index="0" ref="dataSource"/>
<constructor-arg index="1" value="SELECT * FROM user u WHERE {0}" />
<property name="queryAttributeMapping">
<map>
<entry key="username" value="email" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="email" value="username"/>
<entry key="id" value="id"/>
<entry key="password" value="password"/>
<entry key="campoteste" value="campoteste"/>
</map>
</property>
</bean>
<bean id="serviceRegistryDao"
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
<property name="registeredServices">
<list>
<bean class="org.jasig.cas.services.RegexRegisteredService">
<property name="id" value="0" />
<property name="name" value="HTTP and IMAP" />
<property name="description" value="Allows HTTP(S) and IMAP(S) protocols" />
<property name="serviceId" value="^(https?|imaps?)://.*" />
<property name="evaluationOrder" value="10000001" />
</bean>
</list>
</property>
</bean>
<alias name="acceptUsersAuthenticationHandler" alias="primaryAuthenticationHandler" />
<alias name="personDirectoryPrincipalResolver" alias="primaryPrincipalResolver" />
<alias name="serviceThemeResolver" alias="themeResolver" />
<alias name="jsonServiceRegistryDao" alias="serviceRegistryDao" />
<alias name="defaultTicketRegistry" alias="ticketRegistry" />
<alias name="ticketGrantingTicketExpirationPolicy" alias="grantingTicketExpirationPolicy" />
<alias name="multiTimeUseOrTimeoutExpirationPolicy" alias="serviceTicketExpirationPolicy" />
<alias name="anyAuthenticationPolicy" alias="authenticationPolicy" />
<alias name="acceptAnyAuthenticationPolicyFactory" alias="authenticationPolicyFactory" />
<bean id="auditTrailManager"
class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager"
p:entrySeparator="${cas.audit.singleline.separator:|}"
p:useSingleLine="${cas.audit.singleline:false}"/>
<alias name="neverThrottle" alias="authenticationThrottle" />
<util:list id="monitorsList">
<ref bean="memoryMonitor" />
<ref bean="sessionMonitor" />
</util:list>
<alias name="defaultPrincipalFactory" alias="principalFactory" />
<alias name="defaultAuthenticationTransactionManager" alias="authenticationTransactionManager" />
<alias name="defaultPrincipalElectionStrategy" alias="principalElectionStrategy" />
<alias name="tgcCipherExecutor" alias="defaultCookieCipherExecutor" />
<bean id="dataSource"
class="com.mchange.v2.c3p0.ComboPooledDataSource"
p:driverClass="com.mysql.jdbc.Driver"
p:jdbcUrl="jdbc:mysql://localhost:3306/cas"
p:user="root"
p:password="123456789"
/>
<!-- Authentication method end-->
<bean id="passwordEncoder"
class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
c:encodingAlgorithm="MD5"
p:characterEncoding="UTF-8" />
<bean id="SearchModeSearchDatabaseAuthenticationHandler"
class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler"
p:dataSource-ref="dataSource"
p:passwordEncoder-ref="passwordEncoder"
p:tableUsers="user"
p:fieldUser="email"
p:fieldPassword="password" />
</beans>
&#34; Cas.properties&#34;:
server.name=https://localhost:8444
server.prefix=${server.name}/cas
# security configuration based on IP address to access the /status and /statistics pages
# cas.securityContext.adminpages.ip=127\.0\.0\.1
##
# Unique CAS node name
# host.name is used to generate unique Service Ticket IDs and SAMLArtifacts. This is usually set to the specific
# hostname of the machine running the CAS node, but it could be any label so long as it is unique in the cluster.
host.name=localhost
##
# JPA Service Registry Database Configuration
#
# svcreg.database.ddl.auto=create-drop
svcreg.database.hibernate.dialect=org.hibernate.dialect.MySQLInnoDBDialect
# svcreg.database.hibernate.batchSize=10
svcreg.database.driverClass=com.mysql.jdbc.Driver
svcreg.database.url=jdbc:mysql://localhost/cas
svcreg.database.user=root
svcreg.database.password=123456789
svcreg.database.pool.minSize=6
svcreg.database.pool.maxSize=18
svcreg.database.pool.maxWait=10000
svcreg.database.pool.maxIdleTime=120
svcreg.database.pool.acquireIncrement=6
svcreg.database.pool.idleConnectionTestPeriod=30
svcreg.database.pool.connectionHealthQuery=select 1
svcreg.database.pool.acquireRetryAttempts=5
svcreg.database.pool.acquireRetryDelay=2000
##
database.hibernate.dialect=org.hibernate.dialect.MySQLInnoDBDialect
#database.ddl.auto=create
#database.hibernate.batchSize=10
database.driverClass=com.mysql.jdbc.Driver
database.url=jdbc:mysql://localhost/cas
database.username=root
database.password="123456789"
database.driver.class=com.mysql.jdbc.Driver
database.pool.minSize=6
#database.user=root
database.pool.maxSize=18
database.pool.maxWait=10000
database.pool.maxIdleTime=120
database.pool.acquireIncrement=6
database.pool.idleConnectionTestPeriod=30
database.pool.connectionHealthQuery=select 1
database.pool.acquireRetryAttempts=5
database.pool.acquireRetryDelay=2000
cas.jdbc.authn.query.sql=select password from users where username=?
# CAS UI Theme Resolution
#
cas.themeResolver.defaultThemeName=cas-theme-default
##
# CAS PersonDirectory Principal Resolution
#
# cas.principal.resolver.persondir.principal.attribute=cn
cas.principal.resolver.persondir.return.null=false
# IPv4 version
cas.securityContext.status.allowedSubnet=127.0.0.1
cas.securityContext.serviceProperties.service = ${server.prefix}/services/j_acegi_cas_security_check
cas.securityContext.serviceProperties.adminRoles=ROLE_ADMINISTRATORS
cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${server.prefix}/login
cas.securityContext.ticketValidator.casServerUrlPrefix=${server.prefix}
cas.viewResolver.basename=default_views
users.database.url=jdbc:mysql://localhost/userdata
users.database.username=root
users.database.password=""
users.database.driver.class=com.mysql.jdbc.Driver
#users.database.hibernate.dialect=org.hibernate.dialect.OracleDialect
users.database.hibernate.dialect=org.hibernate.dialect.MySQLDialect
#users.database.hibernate.dialect=org.hibernate.dialect.HSQLDialect
&#34; HTTPSandIMAPS-10000001.json&#34;:
{
"@class" : "org.jasig.cas.services.RegexRegisteredService",
"serviceId" : "^(https|imaps)://.*",
"name" : "HTTPS and IMAPS",
"id" : 10000001,
"description" : "This service definition authorized all application urls that support HTTPS and IMAPS protocols.",
"proxyPolicy" : {
"@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy"
},
"evaluationOrder" : 10000,
"usernameAttributeProvider" : {
"@class" : "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
},
"logoutType" : "BACK_CHANNEL",
"attributeReleasePolicy" : {
"@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", ["email", "password", "id", "campoteste"] ],
"principalAttributesRepository" : {
"@class" : "org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository"
},
"authorizedToReleaseCredentialPassword" : false,
"authorizedToReleaseProxyGrantingTicket" : false
},
"accessStrategy" : {
"@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true
}
}
然后......
