java - 扩展 JASIG CAS 的授权

Question

我必须构建一个集中式身份验证和授权服务。我正在尝试使用 JASIG CAS。但它提到它是一个身份验证协议(protocol)。我的场景如下。

1. 我的应用程序在第一次访问时重定向到 cas 服务器。
2. CAS 重定向用户以进行 Google 身份验证
3. 用户使用所需的电子邮件地址登录并重定向回 CAS

4. At this moment i need to validate the user in my local jdbc store for user enabled or not and if not already registered user, and the email domain is abc.com i need to auto register the user.

5. CAS 重定向到调用服务

6. My service do the validateService api call. I would like to get the user authorities for the requested service in the result response from the CAS

这个场景可以通过CAS实现吗，如果CAS可以扩展，有人可以建议如何做到这一点，基本上是我需要修改的类

Answer 1

Does this scenario can be achieved by CAS

Jasig CAS 是高度可定制的，因为它是使用 Spring 框架和 Spring Security 构建的，您可以将其扩展以满足您的任何需求。

basically the classes that i need to modify

您的兴趣类别是:

• PolicyBasedAuthenticationManager

Entry point into authentication subsystem. It accepts one or more credentials and delegates authentication to configured AuthenticationHandler components. It collects the results of each attempt and determines effective security policy.

• AuthenticationHandler

Authenticates a single credential and reports one of three possible results: success, failure, not attempted.

• PrincipalResolver

Converts information in the authentication credential into a security principal that commonly contains additional metadata attributes (i.e. user details such as affiliations, group membership, email, display name).

Jasig CAS 一切顺利 documented 。您应该能够在那里找到所需的所有信息。