我必须构建一个集中式身份验证和授权服务。我正在尝试使用 JASIG CAS。但它提到它是一个身份验证协议(protocol)。我的场景如下。
- 我的应用程序在第一次访问时重定向到 cas 服务器。
- CAS 重定向用户以进行 Google 身份验证
- 用户使用所需的电子邮件地址登录并重定向回 CAS
-
At this moment i need to validate the user in my local jdbc store for user enabled or not and if not already registered user, and the email domain is abc.com i need to auto register the user.
- CAS 重定向到调用服务
-
My service do the validateService api call. I would like to get the user authorities for the requested service in the result response from the CAS
这个场景可以通过CAS实现吗,如果CAS可以扩展,有人可以建议如何做到这一点,基本上是我需要修改的类
最佳答案
Does this scenario can be achieved by CAS
Jasig CAS 是高度可定制的,因为它是使用 Spring 框架和 Spring Security 构建的,您可以将其扩展以满足您的任何需求。
basically the classes that i need to modify
您的兴趣类别是:
PolicyBasedAuthenticationManager
Entry point into authentication subsystem. It accepts one or more credentials and delegates authentication to configured
AuthenticationHandler
components. It collects the results of each attempt and determines effective security policy.
AuthenticationHandler
Authenticates a single credential and reports one of three possible results: success, failure, not attempted.
PrincipalResolver
Converts information in the authentication credential into a security principal that commonly contains additional metadata attributes (i.e. user details such as affiliations, group membership, email, display name).
Jasig CAS 一切顺利 documented 。您应该能够在那里找到所需的所有信息。
关于java - 扩展 JASIG CAS 的授权,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35377849/