apereo cas mysql_Apereo CAS 5.0.X 默认提供的数据库认证的四种方式
Apereo CAS 5.0.X中為我們提供了四種基于JDBC的AuthenticationHandler的實現,在cas-server-support-jdbc子模塊中,下面一一對他們進行介紹。
Query
配置一個SQL語句,該SQL可以通過傳入的用戶名查詢返回該用戶的密碼,然后與用戶輸入的密碼進行比較,進行比較之前,可以配置加密過程。匹配結果將作為認證結果,如果對應的用戶名不存在也將返回false。
@Override
protected HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential, final String originalPassword)
throws GeneralSecurityException, PreventedException {
if (StringUtils.isBlank(this.sql) || getJdbcTemplate() == null) {
throw new GeneralSecurityException("Authentication handler is not configured correctly. "
+ "No SQL statement or JDBC template is found.");
}
final String username = credential.getUsername();
final String password = credential.getPassword();
try {
final String dbPassword = getJdbcTemplate().queryForObject(this.sql, String.class, username);
if ((StringUtils.isNotBlank(originalPassword) && !this.matches(originalPassword, dbPassword))
|| (StringUtils.isBlank(originalPassword) && !StringUtils.equals(password, dbPassword))) {
throw new FailedLoginException("Password does not match value on record.");
}
} catch (final IncorrectResultSizeDataAccessException e) {
if (e.getActualSize() == 0) {
throw new AccountNotFoundException(username + " not found with SQL query");
}
throw new FailedLoginException("Multiple records found for " + username);
} catch (final DataAccessException e) {
throw new PreventedException("SQL exception while executing query for " + username, e);
}
return createHandlerResult(credential, this.principalFactory.createPrincipal(username), null);
}
QueryAndEncode
跟上邊一樣的模式,不過密碼再加密的時候可以配置加鹽處理。
@Override
protected HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential transformedCredential)
throws GeneralSecurityException, PreventedException {
if (StringUtils.isBlank(this.sql) || StringUtils.isBlank(this.algorithmName) || getJdbcTemplate() == null) {
throw new GeneralSecurityException("Authentication handler is not configured correctly");
}
final String username = transformedCredential.getUsername();
try {
final Map values = getJdbcTemplate().queryForMap(this.sql, username);
final String digestedPassword = digestEncodedPassword(transformedCredential.getPassword(), values);
if (!values.get(this.passwordFieldName).equals(digestedPassword)) {
throw new FailedLoginException("Password does not match value on record.");
}
return createHandlerResult(transformedCredential,
this.principalFactory.createPrincipal(username), null);
} catch (final IncorrectResultSizeDataAccessException e) {
if (e.getActualSize() == 0) {
throw new AccountNotFoundException(username + " not found with SQL query");
} else {
throw new FailedLoginException("Multiple records found for " + username);
}
} catch (final DataAccessException e) {
throw new PreventedException("SQL exception while executing query for " + username, e);
}
}
SearchModeSearch
通過查詢指定的表的指定的用戶名和指定的密碼的記錄是否存在來判斷是否驗證通過。
@Override
protected HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential)
throws GeneralSecurityException, PreventedException {
String sql = null;
if (StringUtils.isNotBlank(tableUsers) || StringUtils.isNotBlank(fieldUser) || StringUtils.isNotBlank(fieldPassword)) {
sql = "SELECT COUNT('x') FROM ".concat(this.tableUsers).concat(" WHERE ").concat(this.fieldUser)
.concat(" = ? AND ").concat(this.fieldPassword).concat("= ?");
}
if (StringUtils.isBlank(sql) || getJdbcTemplate() == null) {
throw new GeneralSecurityException("Authentication handler is not configured correctly. "
+ "No SQL statement or JDBC template found");
}
final String username = credential.getUsername();
try {
logger.debug("Executing SQL query {}", sql);
final int count = getJdbcTemplate().queryForObject(sql, Integer.class, username, credential.getPassword());
if (count == 0) {
throw new FailedLoginException(username + " not found with SQL query.");
}
return createHandlerResult(credential, this.principalFactory.createPrincipal(username), null);
} catch (final DataAccessException e) {
throw new PreventedException("SQL exception while executing query for " + username, e);
}
}
BindModeSearch
將試圖以傳入的用戶名和密碼從配置的DataSource中建立一個連接,如果連接成功,則表示認證成功,否則就是認證失敗。
protected HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential)
throws GeneralSecurityException, PreventedException {
if (getDataSource() == null) {
throw new GeneralSecurityException("Authentication handler is not configured correctly");
}
Connection connection = null;
try {
final String username = credential.getUsername();
final String password = credential.getPassword();
connection = this.getDataSource().getConnection(username, password);
return createHandlerResult(credential, this.principalFactory.createPrincipal(username), null);
} catch (final SQLException e) {
throw new FailedLoginException(e.getMessage());
} catch (final Exception e) {
throw new PreventedException("Unexpected SQL connection error", e);
} finally {
if (connection != null) {
DataSourceUtils.releaseConnection(connection, this.getDataSource());
}
}
}
總結
以上是生活随笔為你收集整理的apereo cas mysql_Apereo CAS 5.0.X 默认提供的数据库认证的四种方式的全部內容,希望文章能夠幫你解決所遇到的問題。
