通过cas登录,成功之后默认返回的只有登录名,如果需要更多的用户信息就需要重新配置和改写.
在Java中获取用户名的语句为:
class="java" name="code">AttributePrincipal principal = (AttributePrincipal)request.getUserPrincipal();
String username = principal.getName();
各种
版本的配置可能不尽相同,本文使用3.2.1版本,可以作为一个参考
首先,在cas\WEB-INF\deployerConfigContext.xml中增加如下内容
<bean
id="serviceRegistryDao"
class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
<property name="registeredServices">
<list>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="0" />
<property name="name" value="HTTP" />
<property name="description" value="Only Allows HTTP Urls" />
<property name="serviceId" value="http://**" />
<property name="allowedAttributes">
<list>
<value>USER_LOGIN_ID</value> <!-- 将要返回的仔细字段-->
<value>CURRENT_PASSWORD</value>
<value>PARTY_ID</value>
<value>ENABLED</value>
</list>
</property>
</bean>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="1" />
<property name="name" value="HTTPS" />
<property name="description" value="Only Allows HTTPS Urls" />
<property name="serviceId" value="https://**" />
<property name="allowedAttributes">
<list>
<value>USER_LOGIN_ID</value>
<value>CURRENT_PASSWORD</value>
<value>PARTY_ID</value>
<value>ENABLED</value>
</list>
</property>
</bean>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="2" />
<property name="name" value="IMAPS" />
<property name="description" value="Only Allows HTTPS Urls" />
<property name="serviceId" value="imaps://**" />
<property name="allowedAttributes">
<list>
<value>USER_LOGIN_ID</value>
<value>CURRENT_PASSWORD</value>
<value>PARTY_ID</value>
<value>ENABLED</value>
</list>
</property>
</bean>
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="3" />
<property name="name" value="IMAP" />
<property name="description" value="Only Allows IMAP Urls" />
<property name="serviceId" value="imap://**" />
<property name="allowedAttributes">
<list>
<value>USER_LOGIN_ID</value>
<value>CURRENT_PASSWORD</value>
<value>PARTY_ID</value>
<value>ENABLED</value>
</list>
</property>
</bean>
</list>
</property>
</bean>
<bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
<constructor-arg index="0" ref="casDataSource" />
<constructor-arg index="1">
<list>
<value>username</value>
</list>
</constructor-arg>
<constructor-arg index="2" value="select USER_LOGIN_ID,CURRENT_PASSWORD,PARTY_ID,ENABLED from user_login where USER_LOGIN_ID = ?"/>
<property name="columnsToAttributes">
<map>
<entry key="USER_LOGIN_ID" value="USER_LOGIN_ID"/>
<entry key="CURRENT_PASSWORD" value="CURRENT_PASSWORD"/>
<entry key="PARTY_ID" value="PARTY_ID"/>
<entry key="ENABLED" value="ENABLED" />
</map>
</property>
</bean>
其中username为cas登录名,是出入SQL的参数,columnsToAttributes是sql执行完毕后返回的结构属性, key对应数据库字段,value对应客户端获取参数。
在deployerConfigContext.xml中,找到
credentialsToPrincipalResolvers,为UsernamePasswordCredentialsToPrincipalResolver注入attributeRepository,那么attributeRepository就会被触发并通过此类进行
解析,红色为新添部分。
<property name="credentialsToPrincipalResolvers">
<list>
<bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver">
[color=red] <property name="attributeRepository" ref="attributeRepository"/>[/color]
</bean>
<bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"/>
</list>
</property>
修改WEB-INF/view/jsp/protocol/2.0/casServiceValidationSuccess.jsp,在server验证成功后,这个页面负责生成与客户端交互的xml信息,在默认的casServiceValidationSuccess.jsp中,只包括用户名,并不提供其他的属性信息,因此需要对页面进行扩展,如下,红色为新添加部分
<%@ page session="false" pageEncoding="utf-8" contentType="text/html;charset=utf-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.id)}</cas:user>
[color=red] <c:if test="${fn:length(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes) > 0}">
<cas:attributes>
<c:forEach var="attr" items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}">
<cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>
</c:forEach>
</cas:attributes>
</c:if>[/color]
<c:if test="${not empty pgtIou}">
<cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket>
</c:if>
<c:if test="${fn:length(assertion.chainedAuthentications) > 1}">
<cas:proxies>
<c:forEach var="proxy" items="${assertion.chainedAuthentications}" varStatus="loopStatus" begin="0" end="${fn:length(assertion.chainedAuthentications)-2}" step="1">
<cas:proxy>${fn:escapeXml(proxy.principal.id)}</cas:proxy>
</c:forEach>
</cas:proxies>
</c:if>
</cas:authenticationSuccess>
</cas:serviceResponse>
java客户端获取:
AttributePrincipal principal = (AttributePrincipal) request.getUserPrincipal();
Map attributes = principal.getAttributes();
String email=attributes .get("USER_LOGIN_ID");
将全部信息打印:
Map attributes = principal.getAttributes();
Set attributeSet=principal.getAttributes().entrySet();
//将信息打印到控制台
for(Iterator iter=attributeSet.iterator();iter.hasNext();){
Map.Entry attribute=(Map.Entry)iter.next();
if("CURRENT_PASSWORD".equals(attribute.getKey())){
session.setAttribute("password", attribute.getValue());
}
if("USER_LOGIN_ID".equals(attribute.getKey())){
session.setAttribute("username", attribute.getValue());
}
System.out.println("key:("+attribute.getKey()+")--->"+"value:("+attribute.getValue()+")***");
}