Closed kawhii closed 6 years ago
{
"@class": "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https|imaps|http)://localhost:8080/sample.*",
"name": "CasClient-demo",
"id": 10000001,
"description": "CasClient-demo service",
"evaluationOrder": 100,
"theme":"apereo",
"logoutUrl": "http://localhost:8080/sample/" ,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
}
}
由于安全问题不能把所有属性返回,否则得不偿失,例如授权登录是会返回access_token这是绝对不允许的
https://apereo.github.io/cas/5.1.x/integration/Attribute-Value-Release-Policies.html
{ "@class": "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "^(https|imaps|http)://.*", "name": "Local Services", "id": 10000008, "description": "this is a localhost service", "evaluationOrder": 10000000,
"attributeReleasePolicy" : { "@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy", "allowedAttributes" : [ "java.util.ArrayList", [ "id", "mail", "sn" ] ] } }
@songxiaoxuan org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy
是旧版的
@kawhii 哦哦,我用的5.1.3 我看ReturnAllowedAttributeReleasePolicy可以自定义返回参数,ReturnAllAttributeReleasePolicy貌似是返回所有的参数
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
}
cas.authn.attributeRepository.jdbc[0].attributes.id=id
cas.authn.attributeRepository.jdbc[0].attributes.email=email
cas.authn.attributeRepository.jdbc[0].attributes.address=address
cas.authn.attributeRepository.jdbc[0].attributes.age=age
cas.authn.attributeRepository.jdbc[0].singleRow=true
cas.authn.attributeRepository.jdbc[0].order=0
cas.authn.attributeRepository.jdbc[0].url=${cas.authn.jdbc.query[0].url}
# 以下属性为查询sql时,当为多个时逗号分隔,如填写username、email,sql会变成 select * from sys_user where username=${?} {and/or} email=${?}
cas.authn.attributeRepository.jdbc[0].username=username,email
cas.authn.attributeRepository.jdbc[0].user=${cas.authn.jdbc.query[0].user}
cas.authn.attributeRepository.jdbc[0].password=${cas.authn.jdbc.query[0].password}
cas.authn.attributeRepository.jdbc[0].sql=select * from sys_user where {0}
cas.authn.attributeRepository.jdbc[0].dialect=${cas.authn.jdbc.query[0].dialect}
cas.authn.attributeRepository.jdbc[0].ddlAuto=none
cas.authn.attributeRepository.jdbc[0].driverClass=${cas.authn.jdbc.query[0].driverClass}
cas.authn.attributeRepository.jdbc[0].leakThreshold=10
cas.authn.attributeRepository.jdbc[0].propagationBehaviorName=PROPAGATION_REQUIRED
cas.authn.attributeRepository.jdbc[0].batchSize=1
cas.authn.attributeRepository.jdbc[0].healthQuery=SELECT 1
cas.authn.attributeRepository.jdbc[0].failFast=true
以上为单条singleRow=true
的多属性返回
允许多条返回,当返回权限或者其他业务场景时,必须返回多条,这里不再强调,有兴趣查看博客