Cas統(tǒng)一身份認(rèn)證與db認(rèn)證

前端提供兩種方式

代碼:

<button  class="btn btn-success btn-block" onclick="checkLogin();">統(tǒng)一認(rèn)證登錄</button>
<button class="btn btn-success btn-block" id="btnSubmit" data-loading="正在驗(yàn)證登錄,請稍后...">登&emsp;錄</button>

普通登錄就直接進(jìn)行登錄,cas登錄則進(jìn)入統(tǒng)一的登錄頁面,如下:

function checkLogin(){
    window.open('https://ids6.****.***.cn/authserver/login?service=https%3A%2F%2F***.****.****.com%2Fdemo%2Fcas%2Flogin','_self');
}

與shiro權(quán)限整合

主要思想是通過cas認(rèn)證的用戶直接再用shiro免密登錄一下

1.ShiroConfig中開放cas路徑

filterChainDefinitionMap.put("/cas/**", "anon");

2.加登錄類型class

public enum LoginType {
    PASSWORD("password"), // 密碼登錄
    NOPASSWD("nopassword"); // 免密登錄
    private String code;// 狀態(tài)值

    private LoginType(String code) {
        this.code = code;
    }

    public String getCode() {
        return code;
    }
}

3.重寫UsernamePasswordToken,主要是加了一個(gè)登錄類型

public class CustomToken extends UsernamePasswordToken {
    private static final long serialVersionUID = -2564928913725078138L;
    private LoginType type;
    public CustomToken() {
        super();
    }

    public CustomToken(String username, String password, LoginType type, boolean rememberMe, String host) {
        super(username, password, rememberMe, host);
        this.type = type;
    }

    /**
     * 免密登錄
     */
    public CustomToken(String username) {
        super(username, "", false, null);
        this.type = LoginType.NOPASSWD;
    }

    /**
     * 賬號(hào)密碼登錄
     */
    public CustomToken(String username, String password) {
        super(username, password, false, null);
        this.type = LoginType.PASSWORD;
    }

    public LoginType getType() {
        return type;
    }


    public void setType(LoginType type) {
        this.type = type;
    }
}

4.修改UserRealm中的登錄認(rèn)證方法,區(qū)別正常登錄和免密登錄
UserRealm.java中

@Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException
    {
        //UsernamePasswordToken upToken = (UsernamePasswordToken) token;
        CustomToken upToken = (CustomToken) token;
        String username = upToken.getUsername();
        String password = "";
        if (upToken.getPassword() != null)
        {
            password = new String(upToken.getPassword());
        }

        SysUser user = null;
        try
        {
            if(upToken.getType()== LoginType.PASSWORD) {
                user = loginService.login(username, password);
            }else{
                user = loginService.noPassLogin(username);
            }
        }
      ............

5.添加 noPassLogin方法和noPassValidate方法

public SysUser noPassLogin(String username)
    {

        // 查詢用戶信息
        SysUser user = userService.selectUserByLoginName(username);
        if (user == null)
        {
            AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.not.exists")));
            throw new UserNotExistsException();
        }
        if (UserStatus.DELETED.getCode().equals(user.getDelFlag()))
        {
            AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.delete")));
            throw new UserDeleteException();
        }
        if (UserStatus.DISABLE.getCode().equals(user.getStatus()))
        {
            AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.blocked", user.getRemark())));
            throw new UserBlockedException();
        }
        passwordService.noPassValidate(user);
        AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
        recordLoginInfo(user);
        return user;
    }

public void noPassValidate(SysUser user)
    {
        String loginName = user.getLoginName();
        clearLoginRecordCache(loginName);
    }

6.修改認(rèn)證成功后的contorller

 //UsernamePasswordToken token = new UsernamePasswordToken(uid, "password");
CustomToken customToken = new CustomToken(uid);
customToken.setType(LoginType.NOPASSWD);
subject.login(customToken);
return redirect("/index");

7.正常通過db登錄的controller

//UsernamePasswordToken token = new UsernamePasswordToken(uid, "password");
CustomToken token = new CustomToken(username, RsaUtils.decryptByPrivateKey(password));
token.setType(LoginType.PASSWORD);
Subject subject = SecurityUtils.getSubject();
subject.login(token);
return success();

8.cas注銷
系統(tǒng)中本地服務(wù)器注銷后還需要注銷cas登錄狀態(tài)

@Override
protected String getRedirectUrl(ServletRequest request, ServletResponse response, Subject subject)
 {
        String casLogoutURL = "https://ids6.****.****.cn/authserver/logout";
        String redirectURL = casLogoutURL + "?service=https%3A%2F%2F****.****.***.com%2F****";
        return  redirectURL;
 }

存在的問題

1.如果別的cas client注銷后,本系統(tǒng)還是可以正常運(yùn)行,因?yàn)楸镜氐卿浀挠涗洓]有變化
2.如果本系統(tǒng)中注銷,則本系統(tǒng)和cas服務(wù)器端都會(huì)注銷,別的cas client端也登錄不上

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

友情鏈接更多精彩內(nèi)容