原文地址: http://www.micmiu.com/enterprise-app/sso/cas-server-auth-db/
目录:
[一]、概述
继前面介绍过 SSO之CAS单点登录实例演示(http://www.micmiu.com/enterprise-app/sso/sso-cas-sample/),演示过程中服务端认证机制采用的是测试环境的默认配置,本文将重点演示如何通过查询数据库,对用户名和密码进行相关的认证配置。
[二]、演示环境
- 基本环境同: SSO之CAS单点登录实例演示
- Mysql:5.1.51
[三]、演示步骤
1.创建演示的用户数据
在mysql数据库中创建Database,以 test 为例,然后再创建用户表:sso_t_user,详细SQL如下:
1 | CREATE TABLE `sso_t_user` ( |
2 | `Id` int (11) NOT NULL AUTO_INCREMENT, |
3 | `login_name` varchar (50) DEFAULT NULL , |
4 | ` password ` varchar (255) DEFAULT NULL , |
6 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8; |
向表sso_t_user 中插入如下数据:
1 | INSERT INTO `sso_t_user` VALUES (1, 'admin' , '96e79218965eb72c92a549dd5a330112' ); |
2 | INSERT INTO `sso_t_user` VALUES (2, 'user' , '96e79218965eb72c92a549dd5a330112' ); |
Tips:
- 密码以MD5 加密后存放数据库中为例
- “111111”的MD5值为:“96e79218965eb72c92a549dd5a330112”
2.修改cas服务端配置
在%tomcat_cas%/webapps/cas/WEB_INF/deployerConfigContext.xml 找到如下信息:
1 | < bean class = "org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> |
修改成如下:
1 | < bean class = "org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler" > |
2 | < property name = "dataSource" ref = "dataSource" ></ property > |
3 | < property name = "sql" value = "select password from sso_t_user where login_name=?" ></ property > |
4 | < property name = "passwordEncoder" ref = "MD5PasswordEncoder" ></ property > |
同时增加datasource和加密处理两个bean的定义:
1 | < bean id = "dataSource" |
2 | class = "org.springframework.jdbc.datasource.DriverManagerDataSource" > |
3 | < property name = "driverClassName" value = "com.mysql.jdbc.Driver" /> |
4 | < property name = "url" value = "jdbc:mysql://localhost/test" /> |
5 | < property name = "username" value = "root" /> |
6 | < property name = "password" value = "" /> |
8 | < bean id = "MD5PasswordEncoder" |
9 | class = "org.jasig.cas.authentication.handler.DefaultPasswordEncoder" > |
10 | < constructor-arg index = "0" value = "MD5" /> |
修改后的配置信息如下:
CAS服务端-配置数据库查询认证机制 3.添加相关的jar包
需要在web项目的lib下添加两个包:cas-server-support-jdbc-x.x.x.jar 和 mysql-connector-java-x.x.x-bin.jar(具体版本号根据情况而定)
4.测试认证过程
分别启动已经配置好的三个tomcat分别为:tomcat-cas、tomcat-app1、tomcat-app2.
此时在cas-server认证界面输入:admin/111111 ,需要和数据库中查询到的密码验证匹配后才能登陆系统。
![SSO单点登录技术选型SSO描述[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)