主体（票证）的 getAttributes 返回 null - CAS

Question

我正在开发一个使用 CAS 作为身份验证服务器的项目，到目前为止，它可以进行用户身份验证并可以访问票证。但是，当我尝试通过“（Map）ticket.getAttributes（）”（使用带有jdbc的数据库）访问票证的属性时，CAS返回null。以下是 deployerConfigContext.xml 文件中的设置以及我尝试访问票证属性的代码块：

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:c="http://www.springframework.org/schema/c"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xmlns:tx="http://www.springframework.org/schema/tx"
       xmlns:util="http://www.springframework.org/schema/util"
       xmlns:sec="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
       http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
       http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
       http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">


    <util:map id="authenticationHandlersResolvers">
        <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
        
		<entry key-ref="SearchModeSearchDatabaseAuthenticationHandler" value-ref="primaryPrincipalResolver" />
    </util:map>

	<!-- Required for proxy ticket mechanism -->
    <bean id="proxyPrincipalResolver"
          class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
		  
	<bean id="primaryPrincipalResolver"
          class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" >
        <property name="attributeRepository" ref="singleRowJdbcPersonAttributeDao" />
    </bean>

	<bean id="iPersonAttributeDao" class="org.jasig.services.persondir.IPersonAttributeDao"/>
	
	<bean id="singleRowJdbcPersonAttributeDao"
    class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
    <constructor-arg index="0" ref="dataSource" />
    <constructor-arg index="1" value="SELECT * FROM user WHERE {0}" />
    <property name="queryAttributeMapping">
        <map>
			<entry key="id" value="1" />
        </map>
    </property>
    <property name="resultAttributeMapping">
        <map>
            <entry key="email" value="email" />
        </map>
    </property>
	</bean>
	
	
	<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
 <property name="registeredServices">
   <list>
     <bean class="org.jasig.cas.services.RegisteredServiceImpl">
       <property name="id" value="0" />
       <property name="name" value="HTTP" />
       <property name="description" value="Only Allows HTTP Urls" />
       <property name="serviceId" value="http://**" />
       <property name="evaluationOrder" value="10000001" />
       <property name="allowedAttributes">
        <list>
          <value>email</value>
          
		</list>
		</property>
	 </bean>
	</list>
  </property>
  </bean>

    <util:list id="authenticationMetadataPopulators">
        <ref bean="successfulHandlerMetaDataPopulator" />
        <ref bean="rememberMeAuthenticationMetaDataPopulator" />
    </util:list>

    

    <alias name="acceptUsersAuthenticationHandler" alias="primaryAuthenticationHandler" />
    <alias name="personDirectoryPrincipalResolver" alias="primaryPrincipalResolver" />

    <alias name="serviceThemeResolver" alias="themeResolver" />

    <alias name="jsonServiceRegistryDao" alias="serviceRegistryDao" />

    <alias name="defaultTicketRegistry" alias="ticketRegistry" />

    <alias name="ticketGrantingTicketExpirationPolicy" alias="grantingTicketExpirationPolicy" />
    <alias name="multiTimeUseOrTimeoutExpirationPolicy" alias="serviceTicketExpirationPolicy" />

    <alias name="anyAuthenticationPolicy" alias="authenticationPolicy" />
    <alias name="acceptAnyAuthenticationPolicyFactory" alias="authenticationPolicyFactory" />

    <bean id="auditTrailManager"
          class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager"
          p:entrySeparator="${cas.audit.singleline.separator:|}"
          p:useSingleLine="${cas.audit.singleline:false}"/>

    <alias name="neverThrottle" alias="authenticationThrottle" />

    <util:list id="monitorsList">
        <ref bean="memoryMonitor" />
        <ref bean="sessionMonitor" />
    </util:list>

    <alias name="defaultPrincipalFactory" alias="principalFactory" />
    <alias name="defaultAuthenticationTransactionManager" alias="authenticationTransactionManager" />
    <alias name="defaultPrincipalElectionStrategy" alias="principalElectionStrategy" />
    <alias name="tgcCipherExecutor" alias="defaultCookieCipherExecutor" />
	
	<bean id="dataSource"
	  class="com.mchange.v2.c3p0.ComboPooledDataSource"
	  p:driverClass="com.mysql.jdbc.Driver"
	  p:jdbcUrl="jdbc:mysql://localhost:3306/teste"
	  p:user="root"
	  p:password="123456789"
	  />
	  
	<!-- Authentication method end-->
	<bean id="passwordEncoder"
      class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
      c:encodingAlgorithm="MD5"
      p:characterEncoding="UTF-8" />

	<bean id="SearchModeSearchDatabaseAuthenticationHandler"
      class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler"
      p:dataSource-ref="dataSource"
      p:passwordEncoder-ref="passwordEncoder"
      p:tableUsers="user"
      p:fieldUser="email"
      p:fieldPassword="password" />
</beans>

代码块：

AttributePrincipal ticket = (AttributePrincipal) req.getUserPrincipal();
Map attributes = ticket.getAttributes();

Answer 1

这不是它的工作原理。请参阅 https://github.com/UniconLabs/cas-sample-java-webapp 作为 Java CAS 客户端如何工作的示例：

https://github.com/UniconLabs/cas-sample-java-webapp/blob/master/src/main/webapp/index.jsp

Answer 2

我按照 Misagh Moayyed 的建议通过将 web.xml 文件过滤器“Cas20ProxyReceivingTicketValidationFilter”更改为“Cas30ProxyReceivingTicketValidationFilter”以及文件“deployerConfigContext.xml”中的一些设置解决了这个问题：

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:c="http://www.springframework.org/schema/c"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xmlns:tx="http://www.springframework.org/schema/tx"
       xmlns:util="http://www.springframework.org/schema/util"
       xmlns:sec="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
       http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
       http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
       http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">


    <util:map id="authenticationHandlersResolvers">
        <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
        
		<entry key-ref="SearchModeSearchDatabaseAuthenticationHandler" value-ref="proxyPrincipalResolver" />
    </util:map>
	
	<!-- Required for proxy ticket mechanism -->
    <bean id="proxyPrincipalResolver"
          class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />

    <util:list id="authenticationMetadataPopulators">
        <ref bean="successfulHandlerMetaDataPopulator" />
        <ref bean="rememberMeAuthenticationMetaDataPopulator" />
    </util:list>
	
	
	<!-- Attribute Repository -->
	<bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
		<constructor-arg index="0" ref="dataSource"/>
		<constructor-arg index="1" value="SELECT * FROM user u WHERE {0}" />
		<property name="queryAttributeMapping">
		   <map>
			  <entry key="username" value="email" />
		   </map>
		</property>
		<property name="resultAttributeMapping">
			<map>
				<entry key="email" value="username"/>
				<entry key="id" value="id"/>
				<entry key="password" value="password"/>
				<entry key="campoteste" value="campoteste"/>
			</map>
		</property>
	</bean>
	
	<bean id="serviceRegistryDao"
          class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
		<property name="registeredServices">
			<list>
				<bean class="org.jasig.cas.services.RegexRegisteredService">
					<property name="id" value="0" />
					<property name="name" value="HTTP and IMAP" />
					<property name="description" value="Allows HTTP(S) and IMAP(S) protocols" />
					<property name="serviceId" value="^(https?|imaps?)://.*" />
					<property name="evaluationOrder" value="10000001" />
				</bean>
			</list>
        </property>
    </bean>

    <alias name="acceptUsersAuthenticationHandler" alias="primaryAuthenticationHandler" />
    <alias name="personDirectoryPrincipalResolver" alias="primaryPrincipalResolver" />

    <alias name="serviceThemeResolver" alias="themeResolver" />

    <alias name="jsonServiceRegistryDao" alias="serviceRegistryDao" />

    <alias name="defaultTicketRegistry" alias="ticketRegistry" />

    <alias name="ticketGrantingTicketExpirationPolicy" alias="grantingTicketExpirationPolicy" />
    <alias name="multiTimeUseOrTimeoutExpirationPolicy" alias="serviceTicketExpirationPolicy" />

    <alias name="anyAuthenticationPolicy" alias="authenticationPolicy" />
    <alias name="acceptAnyAuthenticationPolicyFactory" alias="authenticationPolicyFactory" />

    <bean id="auditTrailManager"
          class="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager"
          p:entrySeparator="${cas.audit.singleline.separator:|}"
          p:useSingleLine="${cas.audit.singleline:false}"/>

    <alias name="neverThrottle" alias="authenticationThrottle" />

    <util:list id="monitorsList">
        <ref bean="memoryMonitor" />
        <ref bean="sessionMonitor" />
    </util:list>

    <alias name="defaultPrincipalFactory" alias="principalFactory" />
    <alias name="defaultAuthenticationTransactionManager" alias="authenticationTransactionManager" />
    <alias name="defaultPrincipalElectionStrategy" alias="principalElectionStrategy" />
    <alias name="tgcCipherExecutor" alias="defaultCookieCipherExecutor" />
	
	<bean id="dataSource"
	  class="com.mchange.v2.c3p0.ComboPooledDataSource"
	  p:driverClass="com.mysql.jdbc.Driver"
	  p:jdbcUrl="jdbc:mysql://localhost:3306/cas"
	  p:user="root"
	  p:password="123456789"
	  />
	  
	<!-- Authentication method end-->
	<bean id="passwordEncoder"
      class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
      c:encodingAlgorithm="MD5"
      p:characterEncoding="UTF-8" />

	<bean id="SearchModeSearchDatabaseAuthenticationHandler"
      class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler"
      p:dataSource-ref="dataSource"
      p:passwordEncoder-ref="passwordEncoder"
      p:tableUsers="user"
      p:fieldUser="email"
      p:fieldPassword="password" />
</beans>

“Cas.properties”：

server.name=https://localhost:8444
server.prefix=${server.name}/cas

# security configuration based on IP address to access the /status and /statistics pages
# cas.securityContext.adminpages.ip=127\.0\.0\.1


##
# Unique CAS node name
# host.name is used to generate unique Service Ticket IDs and SAMLArtifacts.  This is usually set to the specific
# hostname of the machine running the CAS node, but it could be any label so long as it is unique in the cluster.
host.name=localhost

##
# JPA Service Registry Database Configuration
#
# svcreg.database.ddl.auto=create-drop
 svcreg.database.hibernate.dialect=org.hibernate.dialect.MySQLInnoDBDialect
# svcreg.database.hibernate.batchSize=10
 svcreg.database.driverClass=com.mysql.jdbc.Driver
 svcreg.database.url=jdbc:mysql://localhost/cas
 svcreg.database.user=root
 svcreg.database.password=123456789
 svcreg.database.pool.minSize=6
 svcreg.database.pool.maxSize=18
 svcreg.database.pool.maxWait=10000
 svcreg.database.pool.maxIdleTime=120
 svcreg.database.pool.acquireIncrement=6
 svcreg.database.pool.idleConnectionTestPeriod=30
 svcreg.database.pool.connectionHealthQuery=select 1
 svcreg.database.pool.acquireRetryAttempts=5
 svcreg.database.pool.acquireRetryDelay=2000
##

database.hibernate.dialect=org.hibernate.dialect.MySQLInnoDBDialect
#database.ddl.auto=create
#database.hibernate.batchSize=10
 database.driverClass=com.mysql.jdbc.Driver
 database.url=jdbc:mysql://localhost/cas
 database.username=root
 database.password="123456789"
 database.driver.class=com.mysql.jdbc.Driver
 database.pool.minSize=6
#database.user=root
 database.pool.maxSize=18
 database.pool.maxWait=10000
 database.pool.maxIdleTime=120
 database.pool.acquireIncrement=6
 database.pool.idleConnectionTestPeriod=30
 database.pool.connectionHealthQuery=select 1
 database.pool.acquireRetryAttempts=5
 database.pool.acquireRetryDelay=2000


cas.jdbc.authn.query.sql=select password from users where username=?

# CAS UI Theme Resolution
#
 cas.themeResolver.defaultThemeName=cas-theme-default


##
# CAS PersonDirectory Principal Resolution
#
# cas.principal.resolver.persondir.principal.attribute=cn
 cas.principal.resolver.persondir.return.null=false



# IPv4 version
cas.securityContext.status.allowedSubnet=127.0.0.1


cas.securityContext.serviceProperties.service = ${server.prefix}/services/j_acegi_cas_security_check
cas.securityContext.serviceProperties.adminRoles=ROLE_ADMINISTRATORS
cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${server.prefix}/login
cas.securityContext.ticketValidator.casServerUrlPrefix=${server.prefix}
cas.viewResolver.basename=default_views


users.database.url=jdbc:mysql://localhost/userdata
users.database.username=root
users.database.password=""
users.database.driver.class=com.mysql.jdbc.Driver
#users.database.hibernate.dialect=org.hibernate.dialect.OracleDialect
users.database.hibernate.dialect=org.hibernate.dialect.MySQLDialect
#users.database.hibernate.dialect=org.hibernate.dialect.HSQLDialect

“HTTPSandIMAPS-10000001.json”：

{
  "@class" : "org.jasig.cas.services.RegexRegisteredService",
  "serviceId" : "^(https|imaps)://.*",
  "name" : "HTTPS and IMAPS",
  "id" : 10000001,
  "description" : "This service definition authorized all application urls that support HTTPS and IMAPS protocols.",
  "proxyPolicy" : {
    "@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy"
  },
  "evaluationOrder" : 10000,
  "usernameAttributeProvider" : {
    "@class" : "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
  },
  "logoutType" : "BACK_CHANNEL",
  "attributeReleasePolicy" : {
    "@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy",
	"allowedAttributes" : [ "java.util.ArrayList", ["email", "password", "id", "campoteste"] ],
    "principalAttributesRepository" : {
      "@class" : "org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository"
    },
    "authorizedToReleaseCredentialPassword" : false,
    "authorizedToReleaseProxyGrantingTicket" : false
  },
  "accessStrategy" : {
    "@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
    "enabled" : true,
    "ssoEnabled" : true
  }
}

然后……

Screenshot CAS Attributes