cas5.3 重写了UsernamePasswordCredential 后,rest api 401
加了rest的依赖
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-rest</artifactId>
<version>${cas.version}</version>
</dependency>然后postmain调用错误如下:
找到问题应该是cas默认的rest认证只允许默认的UsernamePasswordCredential 认证,现在重定义了自己的 UsernamePasswordCaptchaCredential extends UsernamePasswordCredential
就报401,但是不知道怎么解决
代码如下:
/**
* * 自定义用户登入流程使用的自定义的用户凭证
*/
@Configuration("usernamePasswordCaptchaConfig")
@EnableConfigurationProperties(CasConfigurationProperties.class)
public class UsernamePasswordCaptchaConfig implements AuthenticationEventExecutionPlanConfigurer {
@Autowired
private CasConfigurationProperties casProperties;
@Autowired
@Qualifier("servicesManager")
private ServicesManager servicesManager;
/**
* 用户定义用户登入处理器
* @return
*/
@Bean
public AuthenticationHandler rememberMeUsernamePasswordCaptchaAuthenticationHandler() {
UsernamePasswordCaptchaAuthenticationHandler handler = new UsernamePasswordCaptchaAuthenticationHandler(
UsernamePasswordCaptchaAuthenticationHandler.class.getSimpleName(),
servicesManager,
new DefaultPrincipalFactory(),
9);
return handler;
}
@Override
public void configureAuthenticationExecutionPlan(AuthenticationEventExecutionPlan plan) {
plan.registerAuthenticationHandler(rememberMeUsernamePasswordCaptchaAuthenticationHandler());
}
}/**
* * 自定义用户认证核心代码
*/
public class UsernamePasswordCaptchaAuthenticationHandler extends AbstractPreAndPostProcessingAuthenticationHandler {
@Autowired
private UserService userService;
@Autowired
private ResourceService resourceService;
public UsernamePasswordCaptchaAuthenticationHandler(String name, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer order) {
super(name, servicesManager, principalFactory, order);
}
@Override
protected AuthenticationHandlerExecutionResult doAuthentication(Credential credential) throws GeneralSecurityException {
UsernamePasswordCaptchaCredential myCredential = (UsernamePasswordCaptchaCredential) credential;
String requestCaptcha = myCredential.getCapcha();
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
Object attribute = attributes.getRequest().getSession().getAttribute("capcha");
String realCaptcha = attribute == null ? null : attribute.toString();
if (StringUtils.isBlank(requestCaptcha) || !requestCaptcha.equalsIgnoreCase(realCaptcha)) {
throw new CaptchaErrorException();
}
// String sysCode = myCredential.getSysCode();
// if(StringUtils.isBlank(sysCode)){
// throw new SysCodeNullErrorException();
// }
//
// Resource resource = resourceService.getValidSystemResourceBySysCode(sysCode);
// if(null == resource){
// throw new SysCodeNotExistException();
// }
User user = userService.getUserByLoginName(((UsernamePasswordCaptchaCredential) credential).getUsername());
if(null == user){
throw new UserCodeErrorException();
}
boolean passwordVerifyMD5 = MD5Utils.getSaltverifyMD5(myCredential.getPassword(),
user.getSalt(),
user.getPassword());
if(!passwordVerifyMD5){
throw new UserCodeErrorException();
}
List<MessageDescriptor> warning = new ArrayList<MessageDescriptor>();
// 返回多属性
Map<String, Object> map = new HashMap<>();
return createHandlerResult(myCredential, principalFactory.createPrincipal(myCredential.getUsername(), map),
warning);
}
// 判断是否支持自定义用户登入凭证
@Override
public boolean supports(Credential credential) {
// TODO Auto-generated method stub
return credential instanceof UsernamePasswordCaptchaCredential;
}
}在线等大佬支持。。。
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
遇到也同样的问题,看到问题还没解决,提供一个方法。
在这里不判断类型直接返回true;
在这里判断
credential的className根据名称分别进行判断,例如