1. Zuhause
  2. Frage und Antwort
  3. getAttributes von Prinzipal (Ticket) gibt null zurück - CAS

getAttributes von Prinzipal (Ticket) gibt null zurück - CAS

2016-07-15 4 views
0

Ich entwickle ein Projekt mit dem CAS als Authentifizierungsserver, der bisher die Benutzerauthentifizierung durchführen und Zugriff auf das Ticket haben kann. Wenn ich jedoch versuche, mit "(Map) ticket.getAttributes()" auf Attribute des Tickets zuzugreifen (unter Verwendung der Datenbank mit jdbc), gibt CAS null zurück. Im Folgenden sind die Einstellungen in der deployerConfigContext.xml Datei und der Codeblock, wo ich versuche, das Ticket für den Zugriff auf Attribute:getAttributes von Prinzipal (Ticket) gibt null zurück - CAS

<?xml version="1.0" encoding="UTF-8"?> 
 
<beans xmlns="http://www.springframework.org/schema/beans" 
 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
 
     xmlns:context="http://www.springframework.org/schema/context" 
 
     xmlns:p="http://www.springframework.org/schema/p" 
 
     xmlns:c="http://www.springframework.org/schema/c" 
 
     xmlns:aop="http://www.springframework.org/schema/aop" 
 
     xmlns:tx="http://www.springframework.org/schema/tx" 
 
     xmlns:util="http://www.springframework.org/schema/util" 
 
     xmlns:sec="http://www.springframework.org/schema/security" 
 
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 
 
     http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd 
 
     http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd 
 
     http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd 
 
     http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd 
 
     http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"> 
 

 

 
    <util:map id="authenticationHandlersResolvers"> 
 
     <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> 
 
     
 
\t \t <entry key-ref="SearchModeSearchDatabaseAuthenticationHandler" value-ref="primaryPrincipalResolver" /> 
 
    </util:map> 
 

 
\t <!-- Required for proxy ticket mechanism --> 
 
    <bean id="proxyPrincipalResolver" 
 
      class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" /> 
 
\t \t 
 
\t <bean id="primaryPrincipalResolver" 
 
      class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" > 
 
     <property name="attributeRepository" ref="singleRowJdbcPersonAttributeDao" /> 
 
    </bean> 
 

 
\t <bean id="iPersonAttributeDao" class="org.jasig.services.persondir.IPersonAttributeDao"/> 
 
\t 
 
\t <bean id="singleRowJdbcPersonAttributeDao" 
 
    class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao"> 
 
    <constructor-arg index="0" ref="dataSource" /> 
 
    <constructor-arg index="1" value="SELECT * FROM user WHERE {0}" /> 
 
    <property name="queryAttributeMapping"> 
 
     <map> 
 
\t \t \t <entry key="id" value="1" /> 
 
     </map> 
 
    </property> 
 
    <property name="resultAttributeMapping"> 
 
     <map> 
 
      <entry key="email" value="email" /> 
 
     </map> 
 
    </property> 
 
\t </bean> 
 
\t 
 
\t 
 
\t <bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> 
 
<property name="registeredServices"> 
 
    <list> 
 
    <bean class="org.jasig.cas.services.RegisteredServiceImpl"> 
 
     <property name="id" value="0" /> 
 
     <property name="name" value="HTTP" /> 
 
     <property name="description" value="Only Allows HTTP Urls" /> 
 
     <property name="serviceId" value="http://**" /> 
 
     <property name="evaluationOrder" value="10000001" /> 
 
     <property name="allowedAttributes"> 
 
     <list> 
 
      <value>email</value> 
 
      
 
\t \t </list> 
 
\t \t </property> 
 
\t </bean> 
 
\t </list> 
 
    </property> 
 
    </bean> 
 

 
    <util:list id="authenticationMetadataPopulators"> 
 
     <ref bean="successfulHandlerMetaDataPopulator" /> 
 
     <ref bean="rememberMeAuthenticationMetaDataPopulator" /> 
 
    </util:list> 
 

 
    
 

 
    <alias name="acceptUsersAuthenticationHandler" alias="primaryAuthenticationHandler" /> 
 
    <alias name="personDirectoryPrincipalResolver" alias="primaryPrincipalResolver" /> 
 

 
    <alias name="serviceThemeResolver" alias="themeResolver" /> 
 

 
    <alias name="jsonServiceRegistryDao" alias="serviceRegistryDao" /> 
 

 
    <alias name="defaultTicketRegistry" alias="ticketRegistry" /> 
 

 
    <alias name="ticketGrantingTicketExpirationPolicy" alias="grantingTicketExpirationPolicy" /> 
 
    <alias name="multiTimeUseOrTimeoutExpirationPolicy" alias="serviceTicketExpirationPolicy" /> 
 

 
    <alias name="anyAuthenticationPolicy" alias="authenticationPolicy" /> 
 
    <alias name="acceptAnyAuthenticationPolicyFactory" alias="authenticationPolicyFactory" /> 
 

 
    <bean id="auditTrailManager" 
 
      class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager" 
 
      p:entrySeparator="${cas.audit.singleline.separator:|}" 
 
      p:useSingleLine="${cas.audit.singleline:false}"/> 
 

 
    <alias name="neverThrottle" alias="authenticationThrottle" /> 
 

 
    <util:list id="monitorsList"> 
 
     <ref bean="memoryMonitor" /> 
 
     <ref bean="sessionMonitor" /> 
 
    </util:list> 
 

 
    <alias name="defaultPrincipalFactory" alias="principalFactory" /> 
 
    <alias name="defaultAuthenticationTransactionManager" alias="authenticationTransactionManager" /> 
 
    <alias name="defaultPrincipalElectionStrategy" alias="principalElectionStrategy" /> 
 
    <alias name="tgcCipherExecutor" alias="defaultCookieCipherExecutor" /> 
 
\t 
 
\t <bean id="dataSource" 
 
\t class="com.mchange.v2.c3p0.ComboPooledDataSource" 
 
\t p:driverClass="com.mysql.jdbc.Driver" 
 
\t p:jdbcUrl="jdbc:mysql://localhost:3306/teste" 
 
\t p:user="root" 
 
\t p:password="123456789" 
 
\t /> 
 
\t 
 
\t <!-- Authentication method end--> 
 
\t <bean id="passwordEncoder" 
 
     class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" 
 
     c:encodingAlgorithm="MD5" 
 
     p:characterEncoding="UTF-8" /> 
 

 
\t <bean id="SearchModeSearchDatabaseAuthenticationHandler" 
 
     class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler" 
 
     p:dataSource-ref="dataSource" 
 
     p:passwordEncoder-ref="passwordEncoder" 
 
     p:tableUsers="user" 
 
     p:fieldUser="email" 
 
     p:fieldPassword="password" /> 
 
</beans>

Codeblock:

AttributePrincipal ticket = (AttributePrincipal) req.getUserPrincipal(); 
Map attributes = ticket.getAttributes();

Quelle

2016-07-15 Robson

Antwort

0

Das ist es nicht, wie funktioniert. Siehe https://github.com/UniconLabs/cas-sample-java-webapp als Beispiel dafür, wie Java CAS-Client funktioniert:

https://github.com/UniconLabs/cas-sample-java-webapp/blob/master/src/main/webapp/index.jsp

Quelle

2016-07-17 07:41:55

+0

Mein Problem ist das Zugriffsmethode "principal.getAttributes()" gibt sie immer null zurück. Ich wollte wissen, welche Einstellungen ich vornehmen soll, damit der CAS diese Attribute in meiner Datenbank sucht. – Robson

+0

Siehe https://apereo.github.io/cas/4.2.x/integration/Attribute-Release.html –

+0

Ihr CAS-Client muss Attribute auch mit dem richtigen v3-Validator abrufen können. –

0

ich das Problem, indem Sie die Misagh Moayyed Empfehlungen gelöst, indem Sie die Datei web.xml Filter „Cas20ProxyReceivingTicketValidationFilter“ auf „Cas30ProxyReceivingTicketValidationFilter“ ändern und einige Einstellungen in die Datei "deployerConfigContext.xml":

<?xml version="1.0" encoding="UTF-8"?> 
 
<beans xmlns="http://www.springframework.org/schema/beans" 
 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
 
     xmlns:context="http://www.springframework.org/schema/context" 
 
     xmlns:p="http://www.springframework.org/schema/p" 
 
     xmlns:c="http://www.springframework.org/schema/c" 
 
     xmlns:aop="http://www.springframework.org/schema/aop" 
 
     xmlns:tx="http://www.springframework.org/schema/tx" 
 
     xmlns:util="http://www.springframework.org/schema/util" 
 
     xmlns:sec="http://www.springframework.org/schema/security" 
 
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 
 
     http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd 
 
     http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd 
 
     http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd 
 
     http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd 
 
     http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"> 
 

 

 
    <util:map id="authenticationHandlersResolvers"> 
 
     <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" /> 
 
     
 
\t \t <entry key-ref="SearchModeSearchDatabaseAuthenticationHandler" value-ref="proxyPrincipalResolver" /> 
 
    </util:map> 
 
\t 
 
\t <!-- Required for proxy ticket mechanism --> 
 
    <bean id="proxyPrincipalResolver" 
 
      class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" /> 
 

 
    <util:list id="authenticationMetadataPopulators"> 
 
     <ref bean="successfulHandlerMetaDataPopulator" /> 
 
     <ref bean="rememberMeAuthenticationMetaDataPopulator" /> 
 
    </util:list> 
 
\t 
 
\t 
 
\t <!-- Attribute Repository --> 
 
\t <bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao"> 
 
\t \t <constructor-arg index="0" ref="dataSource"/> 
 
\t \t <constructor-arg index="1" value="SELECT * FROM user u WHERE {0}" /> 
 
\t \t <property name="queryAttributeMapping"> 
 
\t \t <map> 
 
\t \t \t <entry key="username" value="email" /> 
 
\t \t </map> 
 
\t \t </property> 
 
\t \t <property name="resultAttributeMapping"> 
 
\t \t \t <map> 
 
\t \t \t \t <entry key="email" value="username"/> 
 
\t \t \t \t <entry key="id" value="id"/> 
 
\t \t \t \t <entry key="password" value="password"/> 
 
\t \t \t \t <entry key="campoteste" value="campoteste"/> 
 
\t \t \t </map> 
 
\t \t </property> 
 
\t </bean> 
 
\t 
 
\t <bean id="serviceRegistryDao" 
 
      class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> 
 
\t \t <property name="registeredServices"> 
 
\t \t \t <list> 
 
\t \t \t \t <bean class="org.jasig.cas.services.RegexRegisteredService"> 
 
\t \t \t \t \t <property name="id" value="0" /> 
 
\t \t \t \t \t <property name="name" value="HTTP and IMAP" /> 
 
\t \t \t \t \t <property name="description" value="Allows HTTP(S) and IMAP(S) protocols" /> 
 
\t \t \t \t \t <property name="serviceId" value="^(https?|imaps?)://.*" /> 
 
\t \t \t \t \t <property name="evaluationOrder" value="10000001" /> 
 
\t \t \t \t </bean> 
 
\t \t \t </list> 
 
     </property> 
 
    </bean> 
 

 
    <alias name="acceptUsersAuthenticationHandler" alias="primaryAuthenticationHandler" /> 
 
    <alias name="personDirectoryPrincipalResolver" alias="primaryPrincipalResolver" /> 
 

 
    <alias name="serviceThemeResolver" alias="themeResolver" /> 
 

 
    <alias name="jsonServiceRegistryDao" alias="serviceRegistryDao" /> 
 

 
    <alias name="defaultTicketRegistry" alias="ticketRegistry" /> 
 

 
    <alias name="ticketGrantingTicketExpirationPolicy" alias="grantingTicketExpirationPolicy" /> 
 
    <alias name="multiTimeUseOrTimeoutExpirationPolicy" alias="serviceTicketExpirationPolicy" /> 
 

 
    <alias name="anyAuthenticationPolicy" alias="authenticationPolicy" /> 
 
    <alias name="acceptAnyAuthenticationPolicyFactory" alias="authenticationPolicyFactory" /> 
 

 
    <bean id="auditTrailManager" 
 
      class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager" 
 
      p:entrySeparator="${cas.audit.singleline.separator:|}" 
 
      p:useSingleLine="${cas.audit.singleline:false}"/> 
 

 
    <alias name="neverThrottle" alias="authenticationThrottle" /> 
 

 
    <util:list id="monitorsList"> 
 
     <ref bean="memoryMonitor" /> 
 
     <ref bean="sessionMonitor" /> 
 
    </util:list> 
 

 
    <alias name="defaultPrincipalFactory" alias="principalFactory" /> 
 
    <alias name="defaultAuthenticationTransactionManager" alias="authenticationTransactionManager" /> 
 
    <alias name="defaultPrincipalElectionStrategy" alias="principalElectionStrategy" /> 
 
    <alias name="tgcCipherExecutor" alias="defaultCookieCipherExecutor" /> 
 
\t 
 
\t <bean id="dataSource" 
 
\t class="com.mchange.v2.c3p0.ComboPooledDataSource" 
 
\t p:driverClass="com.mysql.jdbc.Driver" 
 
\t p:jdbcUrl="jdbc:mysql://localhost:3306/cas" 
 
\t p:user="root" 
 
\t p:password="123456789" 
 
\t /> 
 
\t 
 
\t <!-- Authentication method end--> 
 
\t <bean id="passwordEncoder" 
 
     class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" 
 
     c:encodingAlgorithm="MD5" 
 
     p:characterEncoding="UTF-8" /> 
 

 
\t <bean id="SearchModeSearchDatabaseAuthenticationHandler" 
 
     class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler" 
 
     p:dataSource-ref="dataSource" 
 
     p:passwordEncoder-ref="passwordEncoder" 
 
     p:tableUsers="user" 
 
     p:fieldUser="email" 
 
     p:fieldPassword="password" /> 
 
</beans>

"Cas.properties":

server.name=https://localhost:8444 
server.prefix=${server.name}/cas 

# security configuration based on IP address to access the /status and /statistics pages 
# cas.securityContext.adminpages.ip=127\.0\.0\.1 


## 
# Unique CAS node name 
# host.name is used to generate unique Service Ticket IDs and SAMLArtifacts. This is usually set to the specific 
# hostname of the machine running the CAS node, but it could be any label so long as it is unique in the cluster. 
host.name=localhost 

## 
# JPA Service Registry Database Configuration 
# 
# svcreg.database.ddl.auto=create-drop 
svcreg.database.hibernate.dialect=org.hibernate.dialect.MySQLInnoDBDialect 
# svcreg.database.hibernate.batchSize=10 
svcreg.database.driverClass=com.mysql.jdbc.Driver 
svcreg.database.url=jdbc:mysql://localhost/cas 
svcreg.database.user=root 
svcreg.database.password=123456789 
svcreg.database.pool.minSize=6 
svcreg.database.pool.maxSize=18 
svcreg.database.pool.maxWait=10000 
svcreg.database.pool.maxIdleTime=120 
svcreg.database.pool.acquireIncrement=6 
svcreg.database.pool.idleConnectionTestPeriod=30 
svcreg.database.pool.connectionHealthQuery=select 1 
svcreg.database.pool.acquireRetryAttempts=5 
svcreg.database.pool.acquireRetryDelay=2000 
## 

database.hibernate.dialect=org.hibernate.dialect.MySQLInnoDBDialect 
#database.ddl.auto=create 
#database.hibernate.batchSize=10 
database.driverClass=com.mysql.jdbc.Driver 
database.url=jdbc:mysql://localhost/cas 
database.username=root 
database.password="123456789" 
database.driver.class=com.mysql.jdbc.Driver 
database.pool.minSize=6 
#database.user=root 
database.pool.maxSize=18 
database.pool.maxWait=10000 
database.pool.maxIdleTime=120 
database.pool.acquireIncrement=6 
database.pool.idleConnectionTestPeriod=30 
database.pool.connectionHealthQuery=select 1 
database.pool.acquireRetryAttempts=5 
database.pool.acquireRetryDelay=2000 


cas.jdbc.authn.query.sql=select password from users where username=? 

# CAS UI Theme Resolution 
# 
cas.themeResolver.defaultThemeName=cas-theme-default 


## 
# CAS PersonDirectory Principal Resolution 
# 
# cas.principal.resolver.persondir.principal.attribute=cn 
cas.principal.resolver.persondir.return.null=false 



# IPv4 version 
cas.securityContext.status.allowedSubnet=127.0.0.1 


cas.securityContext.serviceProperties.service = ${server.prefix}/services/j_acegi_cas_security_check 
cas.securityContext.serviceProperties.adminRoles=ROLE_ADMINISTRATORS 
cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${server.prefix}/login 
cas.securityContext.ticketValidator.casServerUrlPrefix=${server.prefix} 
cas.viewResolver.basename=default_views 


users.database.url=jdbc:mysql://localhost/userdata 
users.database.username=root 
users.database.password="" 
users.database.driver.class=com.mysql.jdbc.Driver 
#users.database.hibernate.dialect=org.hibernate.dialect.OracleDialect 
users.database.hibernate.dialect=org.hibernate.dialect.MySQLDialect 
#users.database.hibernate.dialect=org.hibernate.dialect.HSQLDialect

"HTTPSandIMAPS-10000001.json":

{ 
 
    "@class" : "org.jasig.cas.services.RegexRegisteredService", 
 
    "serviceId" : "^(https|imaps)://.*", 
 
    "name" : "HTTPS and IMAPS", 
 
    "id" : 10000001, 
 
    "description" : "This service definition authorized all application urls that support HTTPS and IMAPS protocols.", 
 
    "proxyPolicy" : { 
 
    "@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy" 
 
    }, 
 
    "evaluationOrder" : 10000, 
 
    "usernameAttributeProvider" : { 
 
    "@class" : "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider" 
 
    }, 
 
    "logoutType" : "BACK_CHANNEL", 
 
    "attributeReleasePolicy" : { 
 
    "@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy", 
 
\t "allowedAttributes" : [ "java.util.ArrayList", ["email", "password", "id", "campoteste"] ], 
 
    "principalAttributesRepository" : { 
 
     "@class" : "org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository" 
 
    }, 
 
    "authorizedToReleaseCredentialPassword" : false, 
 
    "authorizedToReleaseProxyGrantingTicket" : false 
 
    }, 
 
    "accessStrategy" : { 
 
    "@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy", 
 
    "enabled" : true, 
 
    "ssoEnabled" : true 
 
    } 
 
}

Und dann ...

Screenshot CAS Attributes

Quelle

2016-07-21 12:10:07 Robson

Verwandte Themen

 Verwandte Themen