Apereo CAS 5.0.X中為我們提供了四種基于JDBC的AuthenticationHandler的實(shí)現(xiàn)，在cas-server-support-jdbc子模塊中，下面一一對(duì)他們進(jìn)行介紹。

Query

配置一個(gè)SQL語(yǔ)句，該SQL可以通過傳入的用戶名查詢返回該用戶的密碼，然后與用戶輸入的密碼進(jìn)行比較，進(jìn)行比較之前，可以配置加密過程。匹配結(jié)果將作為認(rèn)證結(jié)果，如果對(duì)應(yīng)的用戶名不存在也將返回false。

@Override

protected HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential, final String originalPassword)

throws GeneralSecurityException, PreventedException {

if (StringUtils.isBlank(this.sql) || getJdbcTemplate() == null) {

throw new GeneralSecurityException("Authentication handler is not configured correctly. "

+ "No SQL statement or JDBC template is found.");

}

final String username = credential.getUsername();

final String password = credential.getPassword();

try {

final String dbPassword = getJdbcTemplate().queryForObject(this.sql, String.class, username);

if ((StringUtils.isNotBlank(originalPassword) && !this.matches(originalPassword, dbPassword))

|| (StringUtils.isBlank(originalPassword) && !StringUtils.equals(password, dbPassword))) {

throw new FailedLoginException("Password does not match value on record.");

}

} catch (final IncorrectResultSizeDataAccessException e) {

if (e.getActualSize() == 0) {

throw new AccountNotFoundException(username + " not found with SQL query");

}

throw new FailedLoginException("Multiple records found for " + username);

} catch (final DataAccessException e) {

throw new PreventedException("SQL exception while executing query for " + username, e);

}

return createHandlerResult(credential, this.principalFactory.createPrincipal(username), null);

}

QueryAndEncode

跟上邊一樣的模式，不過密碼再加密的時(shí)候可以配置加鹽處理。

@Override

protected HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential transformedCredential)

throws GeneralSecurityException, PreventedException {

if (StringUtils.isBlank(this.sql) || StringUtils.isBlank(this.algorithmName) || getJdbcTemplate() == null) {

throw new GeneralSecurityException("Authentication handler is not configured correctly");

}

final String username = transformedCredential.getUsername();

try {

final Map values = getJdbcTemplate().queryForMap(this.sql, username);

final String digestedPassword = digestEncodedPassword(transformedCredential.getPassword(), values);

if (!values.get(this.passwordFieldName).equals(digestedPassword)) {

throw new FailedLoginException("Password does not match value on record.");

}

return createHandlerResult(transformedCredential,

this.principalFactory.createPrincipal(username), null);

} catch (final IncorrectResultSizeDataAccessException e) {

if (e.getActualSize() == 0) {

throw new AccountNotFoundException(username + " not found with SQL query");

} else {

throw new FailedLoginException("Multiple records found for " + username);

}

} catch (final DataAccessException e) {

throw new PreventedException("SQL exception while executing query for " + username, e);

}

}

SearchModeSearch

通過查詢指定的表的指定的用戶名和指定的密碼的記錄是否存在來判斷是否驗(yàn)證通過。

@Override

protected HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential)

throws GeneralSecurityException, PreventedException {

String sql = null;

if (StringUtils.isNotBlank(tableUsers) || StringUtils.isNotBlank(fieldUser) || StringUtils.isNotBlank(fieldPassword)) {

sql = "SELECT COUNT('x') FROM ".concat(this.tableUsers).concat(" WHERE ").concat(this.fieldUser)

.concat(" = ? AND ").concat(this.fieldPassword).concat("= ?");

}

if (StringUtils.isBlank(sql) || getJdbcTemplate() == null) {

throw new GeneralSecurityException("Authentication handler is not configured correctly. "

+ "No SQL statement or JDBC template found");

}

final String username = credential.getUsername();

try {

logger.debug("Executing SQL query {}", sql);

final int count = getJdbcTemplate().queryForObject(sql, Integer.class, username, credential.getPassword());

if (count == 0) {

throw new FailedLoginException(username + " not found with SQL query.");

}

return createHandlerResult(credential, this.principalFactory.createPrincipal(username), null);

} catch (final DataAccessException e) {

throw new PreventedException("SQL exception while executing query for " + username, e);

}

}

BindModeSearch

將試圖以傳入的用戶名和密碼從配置的DataSource中建立一個(gè)連接，如果連接成功，則表示認(rèn)證成功，否則就是認(rèn)證失敗。

protected HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential)

throws GeneralSecurityException, PreventedException {

if (getDataSource() == null) {

throw new GeneralSecurityException("Authentication handler is not configured correctly");

}

Connection connection = null;

try {

final String username = credential.getUsername();

final String password = credential.getPassword();

connection = this.getDataSource().getConnection(username, password);

return createHandlerResult(credential, this.principalFactory.createPrincipal(username), null);

} catch (final SQLException e) {

throw new FailedLoginException(e.getMessage());

} catch (final Exception e) {

throw new PreventedException("Unexpected SQL connection error", e);

} finally {

if (connection != null) {

DataSourceUtils.releaseConnection(connection, this.getDataSource());

}

}

}

總結(jié)

以上是生活随笔為你收集整理的apereo cas mysql_Apereo CAS 5.0.X 默认提供的数据库认证的四种方式的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。