创建java类
/* * Licensed to Jasig under one or more contributor license * agreements. See the NOTICE file distributed with this work * for additional information regarding copyright ownership. * Jasig licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file * except in compliance with the License. You may obtain a * copy of the License at the following location: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.jasig.cas.adaptors.jdbc; import org.jasig.cas.authentication.handler.AuthenticationException; import org.jasig.cas.authentication.principal.UsernamePasswordCredentials; import org.springframework.dao.IncorrectResultSizeDataAccessException; import com.liferay.portal.PwdEncryptorException; import com.liferay.portal.security.pwd.BCryptPasswordEncryptor; import com.liferay.portal.security.pwd.CompositePasswordEncryptor; import com.liferay.portal.security.pwd.CryptPasswordEncryptor; import com.liferay.portal.security.pwd.DefaultPasswordEncryptor; import com.liferay.portal.security.pwd.NullPasswordEncryptor; import com.liferay.portal.security.pwd.PBKDF2PasswordEncryptor; import com.liferay.portal.security.pwd.PasswordEncryptor; import com.liferay.portal.security.pwd.SSHAPasswordEncryptor; import java.util.ArrayList; import java.util.List; import javax.validation.constraints.NotNull; /** * Class that if provided a query that returns a password (parameter of query * must be username) will compare that password to a translated version of the * password provided by the user. If they match, then authentication succeeds. * Default password translator is plaintext translator. * * @author Scott Battaglia * @author Dmitriy Kopylenko * @version $Revision$ $Date$ * @since 3.0 */ public class LiferayQueryDatabaseAuthenticationHandler extends AbstractJdbcUsernamePasswordAuthenticationHandler { private static CompositePasswordEncryptor compositePasswordEncryptor = new CompositePasswordEncryptor(); public LiferayQueryDatabaseAuthenticationHandler() { super(); compositePasswordEncryptor.setDefaultPasswordEncryptor(new DefaultPasswordEncryptor()); List<PasswordEncryptor> passwordEncryptors = new ArrayList<PasswordEncryptor>(); passwordEncryptors.add(new BCryptPasswordEncryptor()); passwordEncryptors.add(new CryptPasswordEncryptor()); passwordEncryptors.add(new NullPasswordEncryptor()); passwordEncryptors.add(new PBKDF2PasswordEncryptor()); passwordEncryptors.add(new SSHAPasswordEncryptor()); compositePasswordEncryptor.setPasswordEncryptors(passwordEncryptors); } @NotNull private String sql; protected final boolean authenticateUsernamePasswordInternal(final UsernamePasswordCredentials credentials) throws AuthenticationException { final String username = getPrincipalNameTransformer().transform(credentials.getUsername()); try { final String dbPassword = getJdbcTemplate().queryForObject(this.sql, String.class, username); final String encryptedPassword = compositePasswordEncryptor.encrypt("PBKDF2WITHHMACSHA1/160/128000", credentials.getPassword(), dbPassword); return dbPassword.equals(encryptedPassword); } catch (final IncorrectResultSizeDataAccessException e) { // this means the username was not found. return false; } catch (PwdEncryptorException e) { return false; } } /** * @param sql The sql to set. */ public void setSql(final String sql) { this.sql = sql; } }
修改\cas\WEB-INF 目录下的deployerConfigContext.xml文件部分如下:
<property name="authenticationHandlers"> <list> <!-- | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating | a server side SSL certificate. +--> <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" p:httpClient-ref="httpClient" /> <!-- | This is the authentication handler declaration that every CAS deployer will need to change before deploying CAS | into production. The default SimpleTestUsernamePasswordAuthenticationHandler authenticates UsernamePasswordCredentials | where the username equals the password. You will need to replace this with an AuthenticationHandler that implements your | local authentication strategy. You might accomplish this by coding a new such handler and declaring | edu.someschool.its.cas.MySpecialHandler here, or you might use one of the handlers provided in the adaptors modules. +--> <!-- <bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" /> --> <bean class="org.jasig.cas.adaptors.jdbc.LiferayQueryDatabaseAuthenticationHandler"> <property name="sql" value="select password_ from user_ where screenName=?" /> <property name="dataSource" ref="dataSource" /> <!-- <property name="passwordEncoder" ref="myPasswordEncoder" /> --> </bean> </list> </property> </bean> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName" value="com.mysql.jdbc.Driver" /> <property name="url" value="jdbc:mysql://localhost:3306/liferay_portal" /> <property name="username" value="root" /> <property name="password" value="passw0rd" /> </bean>
缺少几个jar包,添加到lib目录下:
portal-impl-6.2.5.jar
portal-service-6.2.5.jar
cas-server-support-jdbc-4.2.4.jar
MySQL-connector-java-5.1.36-bin.jar
最后在Liferay中配置CAS连接信息。