多属性返回

[kawhii]

• 用于登录成功返回自定义熟悉

1. 权限
2. 扩展数据

[kawhii]

{
  "@class": "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^(https|imaps|http)://localhost:8080/sample.*",
  "name": "CasClient-demo",
  "id": 10000001,
  "description": "CasClient-demo service",
  "evaluationOrder": 100,
  "theme":"apereo",
  "logoutUrl": "http://localhost:8080/sample/" ,
  "attributeReleasePolicy" : {
    "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
  }
}

由于安全问题不能把所有属性返回，否则得不偿失，例如授权登录是会返回access_token这是绝对不允许的

[songxiaoxuan]

https://apereo.github.io/cas/5.1.x/integration/Attribute-Value-Release-Policies.html

{ "@class": "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "^(https|imaps|http)://.*", "name": "Local Services", "id": 10000008, "description": "this is a localhost service", "evaluationOrder": 10000000,

"attributeReleasePolicy" : { "@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy", "allowedAttributes" : [ "java.util.ArrayList", [ "id", "mail", "sn" ] ] } }

[kawhii]

@songxiaoxuan org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy是旧版的

[songxiaoxuan]

@kawhii 哦哦，我用的5.1.3 我看ReturnAllowedAttributeReleasePolicy可以自定义返回参数，ReturnAllAttributeReleasePolicy貌似是返回所有的参数

[kawhii]

1. 配置策略（返回所有，返回过滤。。。）

"attributeReleasePolicy" : {
    "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
  }

cas.authn.attributeRepository.jdbc[0].attributes.id=id
cas.authn.attributeRepository.jdbc[0].attributes.email=email
cas.authn.attributeRepository.jdbc[0].attributes.address=address
cas.authn.attributeRepository.jdbc[0].attributes.age=age
cas.authn.attributeRepository.jdbc[0].singleRow=true
cas.authn.attributeRepository.jdbc[0].order=0
cas.authn.attributeRepository.jdbc[0].url=${cas.authn.jdbc.query[0].url}
# 以下属性为查询sql时，当为多个时逗号分隔，如填写username、email,sql会变成 select * from sys_user where username=${?} {and/or} email=${?}
cas.authn.attributeRepository.jdbc[0].username=username,email
cas.authn.attributeRepository.jdbc[0].user=${cas.authn.jdbc.query[0].user}
cas.authn.attributeRepository.jdbc[0].password=${cas.authn.jdbc.query[0].password}
cas.authn.attributeRepository.jdbc[0].sql=select * from sys_user where {0}
cas.authn.attributeRepository.jdbc[0].dialect=${cas.authn.jdbc.query[0].dialect}
cas.authn.attributeRepository.jdbc[0].ddlAuto=none
cas.authn.attributeRepository.jdbc[0].driverClass=${cas.authn.jdbc.query[0].driverClass}
cas.authn.attributeRepository.jdbc[0].leakThreshold=10
cas.authn.attributeRepository.jdbc[0].propagationBehaviorName=PROPAGATION_REQUIRED
cas.authn.attributeRepository.jdbc[0].batchSize=1
cas.authn.attributeRepository.jdbc[0].healthQuery=SELECT 1
cas.authn.attributeRepository.jdbc[0].failFast=true

以上为单条singleRow=true的多属性返回

允许多条返回，当返回权限或者其他业务场景时，必须返回多条，这里不再强调，有兴趣查看博客