扩展 JASIG CAS 以进行授权
Extending JASIG CAS for Authorization
我必须构建集中式身份验证和授权服务。我正在尝试使用 JASIG CAS。但是它提到它的身份验证protocol.My场景如下。
- 我的应用程序在第一次访问时重定向到 cas 服务器。
- CAS 重定向用户以进行 google 身份验证
- 用户使用所需的电子邮件登录并重定向回 CAS
At this moment i need to validate the user in my local jdbc store for user enabled or not and if not already registered user, and the email domain is abc.com i need to auto register the user.
- CAS 重定向到调用服务
My service do the validateService api call. I would like to get the user authorities for the requested service in the result response from the CAS
这个场景是否可以通过 CAS 实现,如果 CAS 可以扩展,有人可以建议如何做到这一点,基本上是我需要修改的 类
Does this scenario can be achieved by CAS
Jasig CAS 是高度可定制的,因为它是使用 spring 框架和 spring 安全性构建的,您可以扩展它以满足您的任何需求。
basically the classes that i need to modify
类 您的兴趣是:
PolicyBasedAuthenticationManager
Entry point into authentication subsystem. It accepts one or more
credentials and delegates authentication to configured
AuthenticationHandler components. It collects the results of each
attempt and determines effective security policy.
AuthenticationHandler
Authenticates a single credential and reports one of three possible
results: success, failure, not attempted.
PrincipalResolver
Converts information in the authentication credential into a security
principal that commonly contains additional metadata attributes (i.e.
user details such as affiliations, group membership, email, display
name).
Jasig CAS 很好 documented。你应该能够在那里找到你需要的所有信息。
我必须构建集中式身份验证和授权服务。我正在尝试使用 JASIG CAS。但是它提到它的身份验证protocol.My场景如下。
- 我的应用程序在第一次访问时重定向到 cas 服务器。
- CAS 重定向用户以进行 google 身份验证
- 用户使用所需的电子邮件登录并重定向回 CAS
At this moment i need to validate the user in my local jdbc store for user enabled or not and if not already registered user, and the email domain is abc.com i need to auto register the user.
- CAS 重定向到调用服务
My service do the validateService api call. I would like to get the user authorities for the requested service in the result response from the CAS
这个场景是否可以通过 CAS 实现,如果 CAS 可以扩展,有人可以建议如何做到这一点,基本上是我需要修改的 类
Does this scenario can be achieved by CAS
Jasig CAS 是高度可定制的,因为它是使用 spring 框架和 spring 安全性构建的,您可以扩展它以满足您的任何需求。
basically the classes that i need to modify
类 您的兴趣是:
PolicyBasedAuthenticationManager
Entry point into authentication subsystem. It accepts one or more credentials and delegates authentication to configured
AuthenticationHandlercomponents. It collects the results of each attempt and determines effective security policy.
AuthenticationHandler
Authenticates a single credential and reports one of three possible results: success, failure, not attempted.
PrincipalResolver
Converts information in the authentication credential into a security principal that commonly contains additional metadata attributes (i.e. user details such as affiliations, group membership, email, display name).
Jasig CAS 很好 documented。你应该能够在那里找到你需要的所有信息。