CAS (14) —— CAS 更多用户信息
摘要
将更多用户信息写入到service验证返回消息中
版本
tomcat版本: tomcat-8.0.29
jdk版本: jdk1.8.0_65
cas版本: 4.1.3
**cas4.1.3 (4.x还在开发过程中不是很稳定,迭代比较快,也会有些bug) **
cas-client-3.4.1
Ehcache版本: 2.10.1
内容
准备
参照下列文章配置好相关环境
配置
- 重构attributeRepository
在deployerConfigContext.xml中移除
<!--Richard move to attributeRepository.xml-->
<!--
<bean id="attributeRepository" class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao"
p:backingMap-ref="attrRepoBackingMap" />
<util:map id="attrRepoBackingMap">
<entry key="uid" value="uid" />
<entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
<entry key="groupMembership" value="groupMembership" />
<entry>
<key><value>memberOf</value></key>
<list>
<value>faculty</value>
<value>staff</value>
<value>org</value>
</list>
</entry>
</util:map>
-->
新增attributeRepository.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<!--
Bean that defines the attributes that a service may return. This example uses the Stub/Mock version. A real implementation
may go against a database or LDAP server. The id should remain "attributeRepository" though.
+-->
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
<constructor-arg index="0" ref="authenticationDataSource" />
<constructor-arg index="1" value="SELECT ACCOUNT as account, EMPLOYEE_NAME as name, DEPT_NAME as dept, JOB_NAME as job FROM mdm.t_oa_employee t where {0}" />
<property name="queryAttributeMapping">
<map>
<entry key="username" value="ACCOUNT" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="account" value="account" />
<entry key="name" value="name" />
<entry key="dept" value="department" />
<entry key="job" value="job" />
</map>
</property>
</bean>
<util:map id="attrRepoBackingMap">
<entry key="uid" value="uid" />
<entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
<entry key="groupMembership" value="groupMembership" />
<entry>
<key><value>memberOf</value></key>
<list>
<value>faculty</value>
<value>staff</value>
<value>org</value>
</list>
</entry>
</util:map>
</beans>
-
修改Protocol 2.0的返回模板casServiceValidationSuccess.jsp
<%@ page session="false" contentType="application/xml; charset=UTF-8" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>${fn:escapeXml(principal.id)}</cas:user>
<cas:protocal>2.0</cas:protocal>
<cas:attributes>
<c:forEach var="attr" items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}">
<cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>
</c:forEach>
</cas:attributes>
<c:if test="${not empty pgtIou}">
<cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket>
</c:if>
<c:if test="${fn:length(chainedAuthentications) > 0}">
<cas:proxies>
<c:forEach var="proxy" items="${chainedAuthentications}" varStatus="loopStatus" begin="0" end="${fn:length(chainedAuthentications)}" step="1">
<cas:proxy>${fn:escapeXml(proxy.principal.id)}</cas:proxy>
</c:forEach>
</cas:proxies>
</c:if>
</cas:authenticationSuccess>
</cas:serviceResponse>
客户端使用
<%
String name = null;
String department = null;
String job = null;
if (null != request.getUserPrincipal()) {
Map<?,?> attributes = ((AttributePrincipal) request.getUserPrincipal()).getAttributes();
if( attributes == null ) {
out.println("<b>No Attributes</b>");
throw new ServletException("no attributes set by the CAS client");
}
name = (String) attributes .get("name");
department = (String) attributes .get("department");
job = (String) attributes .get("job");
} else {
out.println("<b>No User Principal</b>");
}
%>
<body>
<div class="sys_top">请选择您要进入的模块</div>
<div class="sys_list">
<h2><span><%= (department == null ? "" : department) %> </span><%= (job == null ? "" : job) %> <%= (name == null ? request.getRemoteUser() : name) %>, 欢迎您!</h2>
<div class="sys_list_item clearfix">
<%--jsrender myTemplate--%>
</div>
</div>
问题
如果遇到返回中文名字为乱码,可以在CAS Validation Filter下添加encoding
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://nssotest.hoau.net/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://authtest.hoau.net</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>useSession</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>acceptAnyProxy</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
测试
略
参考
参考来源:
CAS Protocol 3.0 Specification