CAS (14) —— CAS 更多用户信息

CAS (14) —— CAS 更多用户信息

摘要

将更多用户信息写入到service验证返回消息中

---

版本

tomcat版本: tomcat-8.0.29

jdk版本: jdk1.8.0_65

cas版本: 4.1.3

**cas4.1.3 (4.x还在开发过程中不是很稳定，迭代比较快，也会有些bug) **

cas-client-3.4.1

Ehcache版本: 2.10.1

内容

准备

参照下列文章配置好相关环境

• CAS (1) —— Mac下配置CAS到Tomcat（服务端）

• CAS 4.x (7) —— Mac下配置CAS集群及JPATicketRegistry（服务端）

• CAS (8) —— Mac下配置CAS到JBoss EAP 6.4(6.x)的Standalone模式（服务端）

• CAS (10) —— JBoss EAP 6.4下部署CAS时出现错误exception.message=Error decoding flow execution的解决办法

配置

• 重构attributeRepository

在deployerConfigContext.xml中移除

<!--Richard move to attributeRepository.xml-->
    <!--
    <bean id="attributeRepository" class="org.jasig.services.persondir.support.NamedStubPersonAttributeDao"
          p:backingMap-ref="attrRepoBackingMap" />

    <util:map id="attrRepoBackingMap">
        <entry key="uid" value="uid" />
        <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
        <entry key="groupMembership" value="groupMembership" />
        <entry>
            <key><value>memberOf</value></key>
            <list>
                <value>faculty</value>
                <value>staff</value>
                <value>org</value>
            </list>
        </entry>
    </util:map>
    -->

新增attributeRepository.xml

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:util="http://www.springframework.org/schema/util"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">

    <!--
    Bean that defines the attributes that a service may return.  This example uses the Stub/Mock version.  A real implementation
    may go against a database or LDAP server.  The id should remain "attributeRepository" though.
    +-->
    <bean id="attributeRepository"
          class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
        <constructor-arg index="0" ref="authenticationDataSource" />
        <constructor-arg index="1" value="SELECT ACCOUNT as account, EMPLOYEE_NAME as name, DEPT_NAME as dept, JOB_NAME as job FROM mdm.t_oa_employee t where {0}" />
        <property name="queryAttributeMapping">
            <map>
                <entry key="username" value="ACCOUNT" />
            </map>
        </property>
        <property name="resultAttributeMapping">
            <map>
                <entry key="account" value="account" />
                <entry key="name" value="name" />
                <entry key="dept" value="department" />
                <entry key="job" value="job" />
            </map>
        </property>
    </bean>

    <util:map id="attrRepoBackingMap">
        <entry key="uid" value="uid" />
        <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
        <entry key="groupMembership" value="groupMembership" />
        <entry>
            <key><value>memberOf</value></key>
            <list>
                <value>faculty</value>
                <value>staff</value>
                <value>org</value>
            </list>
        </entry>
    </util:map>
</beans>

• 修改Protocol 2.0的返回模板casServiceValidationSuccess.jsp

    <%@ page session="false" contentType="application/xml; charset=UTF-8" %>
    <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
    <%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
    <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
        <cas:authenticationSuccess>
            <cas:user>${fn:escapeXml(principal.id)}</cas:user>
            <cas:protocal>2.0</cas:protocal>
            <cas:attributes>
                <c:forEach var="attr" items="${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}">
                    <cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>
                </c:forEach>
            </cas:attributes>
            <c:if test="${not empty pgtIou}">
                <cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket>
            </c:if>
            <c:if test="${fn:length(chainedAuthentications) > 0}">
                <cas:proxies>
                    <c:forEach var="proxy" items="${chainedAuthentications}" varStatus="loopStatus" begin="0" end="${fn:length(chainedAuthentications)}" step="1">
                        <cas:proxy>${fn:escapeXml(proxy.principal.id)}</cas:proxy>
                    </c:forEach>
                </cas:proxies>
            </c:if>
        </cas:authenticationSuccess>
    </cas:serviceResponse>
  

客户端使用

<%
    String name = null;
    String department = null;
    String job = null;
    if (null != request.getUserPrincipal()) {
        Map<?,?> attributes = ((AttributePrincipal) request.getUserPrincipal()).getAttributes();
        if( attributes == null ) {
            out.println("<b>No Attributes</b>");
            throw new ServletException("no attributes set by the CAS client");
        }
        name = (String) attributes .get("name");
        department = (String) attributes .get("department");
        job = (String) attributes .get("job");
    } else {
        out.println("<b>No User Principal</b>");
    }
%>
<body>
<div class="sys_top">请选择您要进入的模块</div>
<div class="sys_list">
    <h2><span><%= (department == null ? "" : department) %>&nbsp;</span><%= (job == null ? "" : job) %>&nbsp;<%= (name == null ? request.getRemoteUser() : name) %>， 欢迎您！</h2>
    <div class="sys_list_item clearfix">
        <%--jsrender myTemplate--%>
    </div>
</div>

问题

如果遇到返回中文名字为乱码，可以在CAS Validation Filter下添加encoding

<filter>
		<filter-name>CAS Validation Filter</filter-name>
		<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
		<init-param>
			<param-name>casServerUrlPrefix</param-name>
			<param-value>https://nssotest.hoau.net/cas</param-value>
		</init-param>
		<init-param>
			<param-name>serverName</param-name>
			<param-value>https://authtest.hoau.net</param-value>
		</init-param>
		<init-param>
			<param-name>redirectAfterValidation</param-name>
			<param-value>true</param-value>
		</init-param>
		<init-param>
			<param-name>useSession</param-name>
			<param-value>true</param-value>
		</init-param>
		<init-param>
			<param-name>acceptAnyProxy</param-name>
			<param-value>true</param-value>
		</init-param>
		<init-param>
			<param-name>encoding</param-name>
			<param-value>UTF-8</param-value>
		</init-param>
	</filter>

测试

略

参考

参考来源:

CAS Protocol 3.0 Specification

CAS服务端自定义返回的用户信息

CAS返回中文乱码解决

结束