Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
C
cas
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
陈天仲
cas
Commits
a0d26759
Commit
a0d26759
authored
Nov 03, 2022
by
chentianzhong
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
退了两个版本了。1.redis保存票据2 开启restful
parent
fb2c5986
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
243 additions
and
151 deletions
+243
-151
pom.xml
+35
-35
src/main/java/com/zq/cas/config/MyAuthenticationConfiguration.java
+14
-15
src/main/java/com/zq/cas/handler/MyUsernameAndPasswordAuthenticationHandler.java
+58
-58
src/main/java/org/apereo/cas/web/support/DefaultCasCookieValueManager.java
+84
-0
src/main/resources/application.properties
+49
-40
src/main/resources/application.yml
+1
-1
src/main/resources/templates/app/casLoginView.html
+2
-2
No files found.
pom.xml
View file @
a0d26759
...
...
@@ -164,18 +164,18 @@
</dependency>
<!--redis存储ticket-->
<dependency
>
<groupId>
org.apereo.cas
</groupId
>
<artifactId>
cas-server-support-redis-ticket-registry
</artifactId
>
<version>
${cas.version}
</version
>
</dependency
>
<!-- <dependency>--
>
<!-- <groupId>org.apereo.cas</groupId>--
>
<!-- <artifactId>cas-server-support-redis-ticket-registry</artifactId>--
>
<!-- <version>${cas.version}</version>--
>
<!-- </dependency>--
>
<!--session存入redis-->
<dependency
>
<groupId>
org.apereo.cas
</groupId
>
<artifactId>
cas-server-webapp-session-redis
</artifactId
>
<version>
${cas.version}
</version
>
</dependency
>
<!-- <dependency>--
>
<!-- <groupId>org.apereo.cas</groupId>--
>
<!-- <artifactId>cas-server-webapp-session-redis</artifactId>--
>
<!-- <version>${cas.version}</version>--
>
<!-- </dependency>--
>
<!--连接池 -->
...
...
@@ -220,35 +220,35 @@
<version>
2.5
</version>
</dependency>
<!-- log4j -->
<dependency
>
<groupId>
org.apache.logging.log4j
</groupId
>
<artifactId>
log4j-api
</artifactId
>
<version>
2.17.1
</version
>
</dependency
>
<!-- <dependency>--
>
<!-- <groupId>org.apache.logging.log4j</groupId>--
>
<!-- <artifactId>log4j-api</artifactId>--
>
<!-- <version>2.17.1</version>--
>
<!-- </dependency>--
>
<dependency
>
<groupId>
org.apache.logging.log4j
</groupId
>
<artifactId>
log4j-core
</artifactId
>
<version>
2.17.1
</version
>
</dependency
>
<!-- <dependency>--
>
<!-- <groupId>org.apache.logging.log4j</groupId>--
>
<!-- <artifactId>log4j-core</artifactId>--
>
<!-- <version>2.17.1</version>--
>
<!-- </dependency>--
>
<dependency
>
<groupId>
org.apache.logging.log4j
</groupId
>
<artifactId>
log4j-jcl
</artifactId
>
<version>
2.17.1
</version
>
</dependency
>
<!-- <dependency>--
>
<!-- <groupId>org.apache.logging.log4j</groupId>--
>
<!-- <artifactId>log4j-jcl</artifactId>--
>
<!-- <version>2.17.1</version>--
>
<!-- </dependency>--
>
<dependency
>
<groupId>
org.apache.logging.log4j
</groupId
>
<artifactId>
log4j-slf4j-impl
</artifactId
>
<version>
2.17.1
</version
>
</dependency
>
<!-- <dependency>--
>
<!-- <groupId>org.apache.logging.log4j</groupId>--
>
<!-- <artifactId>log4j-slf4j-impl</artifactId>--
>
<!-- <version>2.17.1</version>--
>
<!-- </dependency>--
>
<dependency
>
<groupId>
org.apache.logging.log4j
</groupId
>
<artifactId>
log4j-web
</artifactId
>
<version>
2.17.1
</version
>
</dependency
>
<!-- <dependency>--
>
<!-- <groupId>org.apache.logging.log4j</groupId>--
>
<!-- <artifactId>log4j-web</artifactId>--
>
<!-- <version>2.17.1</version>--
>
<!-- </dependency>--
>
<dependency>
...
...
src/main/java/com/zq/cas/config/MyAuthenticationConfiguration.java
View file @
a0d26759
...
...
@@ -2,7 +2,6 @@ package com.zq.cas.config;
import
cn.org.bjca.client.security.SecurityEngineDeal
;
import
com.zq.cas.handler.MyAuthenticationHandler
;
import
com.zq.cas.handler.MyUsernameAndPasswordAuthenticationHandler
;
import
com.zq.cas.service.ISysUserService
;
import
org.apereo.cas.authentication.AuthenticationEventExecutionPlan
;
import
org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer
;
...
...
@@ -56,19 +55,19 @@ public class MyAuthenticationConfiguration implements AuthenticationEventExecuti
return
handler
;
}
@Bean
public
AuthenticationHandler
myUsernameAndPasswordAuthenticationHandler
()
{
// MyAuthenticationHandler handler1 =
// new CustomUsernamePasswordAuthentication(MyAuthenticationHandler.class.getSimpleName(),
// servicesManager, new DefaultPrincipalFactory(), 1);
MyUsernameAndPasswordAuthenticationHandler
handler
=
new
MyUsernameAndPasswordAuthenticationHandler
(
MyAuthenticationHandler
.
class
.
getSimpleName
(),
servicesManager
,
new
DefaultPrincipalFactory
(),
9
);
handler
.
setSysUserService
(
sysUserService
);
return
handler
;
}
//
@Bean
//
public AuthenticationHandler myUsernameAndPasswordAuthenticationHandler() {
//
//
MyAuthenticationHandler handler1 =
//
//
new CustomUsernamePasswordAuthentication(MyAuthenticationHandler.class.getSimpleName(),
//
//
servicesManager, new DefaultPrincipalFactory(), 1);
//
//
//
MyUsernameAndPasswordAuthenticationHandler handler =
//
new MyUsernameAndPasswordAuthenticationHandler(MyAuthenticationHandler.class.getSimpleName(),
//
servicesManager, new DefaultPrincipalFactory(), 9);
//
handler.setSysUserService(sysUserService);
//
return handler;
//
}
/**
* 注册验证器
...
...
@@ -76,7 +75,7 @@ public class MyAuthenticationConfiguration implements AuthenticationEventExecuti
*/
@Override
public
void
configureAuthenticationExecutionPlan
(
AuthenticationEventExecutionPlan
plan
)
{
plan
.
registerAuthenticationHandler
(
myUsernameAndPasswordAuthenticationHandler
());
//
plan.registerAuthenticationHandler(myUsernameAndPasswordAuthenticationHandler());
plan
.
registerAuthenticationHandler
(
myAuthenticationHandler
());
}
}
src/main/java/com/zq/cas/handler/MyUsernameAndPasswordAuthenticationHandler.java
View file @
a0d26759
package
com
.
zq
.
cas
.
handler
;
import
com.zq.cas.entity.SysUser
;
import
com.zq.cas.service.ISysUserService
;
import
com.zq.cas.util.MD5PasswordEncoderUtil
;
import
org.apereo.cas.authentication.AuthenticationHandlerExecutionResult
;
import
org.apereo.cas.authentication.UsernamePasswordCredential
;
import
org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler
;
import
org.apereo.cas.authentication.principal.PrincipalFactory
;
import
org.apereo.cas.services.ServicesManager
;
import
javax.security.auth.login.AccountNotFoundException
;
import
java.security.GeneralSecurityException
;
import
java.util.LinkedHashMap
;
import
java.util.Map
;
/**
* 自定义登录验证器(restful)
*/
public
class
MyUsernameAndPasswordAuthenticationHandler
extends
AbstractUsernamePasswordAuthenticationHandler
{
private
ISysUserService
sysUserService
;
public
MyUsernameAndPasswordAuthenticationHandler
(
String
name
,
ServicesManager
servicesManager
,
PrincipalFactory
principalFactory
,
Integer
order
)
{
super
(
name
,
servicesManager
,
principalFactory
,
order
);
}
public
ISysUserService
getSysUserService
()
{
return
sysUserService
;
}
public
void
setSysUserService
(
ISysUserService
sysUserService
)
{
this
.
sysUserService
=
sysUserService
;
}
@Override
protected
AuthenticationHandlerExecutionResult
authenticateUsernamePasswordInternal
(
UsernamePasswordCredential
credential
,
String
originalPassword
)
throws
GeneralSecurityException
{
String
username
=
credential
.
getUsername
().
trim
();
String
password
=
credential
.
getPassword
().
trim
();
if
(!
username
.
contains
(
"@gxfy.com"
)){
username
+=
"@gxfy.com"
;
}
password
=
MD5PasswordEncoderUtil
.
encode
(
password
);
SysUser
user
=
sysUserService
.
findByUsernameAndPwd
(
username
,
password
);
if
(
user
==
null
){
throw
new
AccountNotFoundException
(
"对象查询失败"
);
}
Map
<
String
,
Object
>
message
=
new
LinkedHashMap
<>();
message
.
put
(
"userId"
,
user
.
getUsername
());
message
.
put
(
"rybs"
,
user
.
getPCode
());
message
.
put
(
"fybm"
,
user
.
getCourtCode
());
return
createHandlerResult
(
credential
,
this
.
principalFactory
.
createPrincipal
(
credential
.
getUsername
(),
message
));
}
}
//
package com.zq.cas.handler;
//
//
import com.zq.cas.entity.SysUser;
//
import com.zq.cas.service.ISysUserService;
//
import com.zq.cas.util.MD5PasswordEncoderUtil;
//
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
//
import org.apereo.cas.authentication.UsernamePasswordCredential;
//
import org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
//
import org.apereo.cas.authentication.principal.PrincipalFactory;
//
import org.apereo.cas.services.ServicesManager;
//
//
import javax.security.auth.login.AccountNotFoundException;
//
import java.security.GeneralSecurityException;
//
import java.util.LinkedHashMap;
//
import java.util.Map;
//
/
//
**
//
* 自定义登录验证器(restful)
//
*/
//
public class MyUsernameAndPasswordAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {
//
//
private ISysUserService sysUserService;
//
//
public MyUsernameAndPasswordAuthenticationHandler(String name, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer order) {
//
super(name, servicesManager, principalFactory, order);
//
}
//
//
public ISysUserService getSysUserService() {
//
return sysUserService;
//
}
//
//
public void setSysUserService(ISysUserService sysUserService) {
//
this.sysUserService = sysUserService;
//
}
//
//
@Override
//
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(UsernamePasswordCredential credential, String originalPassword) throws GeneralSecurityException {
//
String username = credential.getUsername().trim();
//
String password = credential.getPassword().trim();
//
if (!username.contains("@gxfy.com")){
//
username += "@gxfy.com";
//
}
//
password = MD5PasswordEncoderUtil.encode(password);
//
//
SysUser user = sysUserService.findByUsernameAndPwd(username, password);
//
if (user == null){
//
throw new AccountNotFoundException("对象查询失败");
//
}
//
Map<String, Object> message = new LinkedHashMap<>();
//
message.put("userId", user.getUsername());
//
message.put("rybs", user.getPCode());
//
message.put("fybm", user.getCourtCode());
//
//
return createHandlerResult(credential,
//
this.principalFactory.createPrincipal(credential.getUsername(), message));
//
//
}
//
}
src/main/java/org/apereo/cas/web/support/DefaultCasCookieValueManager.java
0 → 100644
View file @
a0d26759
package
org
.
apereo
.
cas
.
web
.
support
;
import
com.google.common.base.Splitter
;
import
lombok.Generated
;
import
org.apache.commons.lang3.StringUtils
;
import
org.apereo.cas.CipherExecutor
;
import
org.apereo.inspektr.common.web.ClientInfo
;
import
org.apereo.inspektr.common.web.ClientInfoHolder
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
javax.servlet.http.HttpServletRequest
;
import
java.io.Serializable
;
import
java.util.List
;
public
class
DefaultCasCookieValueManager
extends
EncryptedCookieValueManager
{
@Generated
private
static
final
Logger
LOGGER
=
LoggerFactory
.
getLogger
(
DefaultCasCookieValueManager
.
class
);
private
static
final
char
COOKIE_FIELD_SEPARATOR
=
'@'
;
private
static
final
int
COOKIE_FIELDS_LENGTH
=
3
;
public
DefaultCasCookieValueManager
(
final
CipherExecutor
<
Serializable
,
Serializable
>
cipherExecutor
)
{
super
(
cipherExecutor
);
}
protected
String
buildCompoundCookieValue
(
final
String
givenCookieValue
,
final
HttpServletRequest
request
)
{
ClientInfo
clientInfo
=
ClientInfoHolder
.
getClientInfo
();
StringBuilder
builder
=
(
new
StringBuilder
(
givenCookieValue
)).
append
(
'@'
).
append
(
clientInfo
.
getClientIpAddress
());
String
userAgent
=
getHttpServletRequestUserAgent
(
request
);
if
(
StringUtils
.
isBlank
(
userAgent
))
{
throw
new
IllegalStateException
(
"Request does not specify a user-agent"
);
}
else
{
builder
.
append
(
'@'
).
append
(
userAgent
);
return
builder
.
toString
();
}
}
protected
String
obtainValueFromCompoundCookie
(
final
String
cookieValue
,
final
HttpServletRequest
request
)
{
List
<
String
>
cookieParts
=
Splitter
.
on
(
String
.
valueOf
(
'@'
)).
splitToList
(
cookieValue
);
if
(
cookieParts
.
size
()
!=
3
)
{
throw
new
IllegalStateException
(
"Invalid cookie. Required fields are missing"
);
}
else
{
String
value
=
(
String
)
cookieParts
.
get
(
0
);
String
remoteAddr
=
(
String
)
cookieParts
.
get
(
1
);
String
userAgent
=
(
String
)
cookieParts
.
get
(
2
);
if
(!
StringUtils
.
isBlank
(
value
)
&&
!
StringUtils
.
isBlank
(
remoteAddr
)
&&
!
StringUtils
.
isBlank
(
userAgent
))
{
ClientInfo
clientInfo
=
ClientInfoHolder
.
getClientInfo
();
if
(!
remoteAddr
.
equals
(
clientInfo
.
getClientIpAddress
()))
{
throw
new
IllegalStateException
(
"Invalid cookie. Required remote address "
+
remoteAddr
+
" does not match "
+
clientInfo
.
getClientIpAddress
());
}
else
{
String
agent
=
getHttpServletRequestUserAgent
(
request
);
String
agent1
=
""
;
String
userAgent1
=
""
;
try
{
agent1
=
agent
.
split
(
";"
)[
0
];
userAgent1
=
userAgent
.
split
(
";"
)[
0
];
}
catch
(
Exception
e
){
e
.
printStackTrace
();
}
if
(!
userAgent1
.
equals
(
agent1
))
{
throw
new
IllegalStateException
(
"Invalid cookie. Required user-agent "
+
userAgent
+
" does not match "
+
agent
);
}
return
value
;
// if (!userAgent.equals(agent)) {
// throw new IllegalStateException("Invalid cookie. Required user-agent " + userAgent + " does not match " + agent);
// } else {
// return value;
// }
}
}
else
{
throw
new
IllegalStateException
(
"Invalid cookie. Required fields are empty"
);
}
}
}
public
static
String
getHttpServletRequestUserAgent
(
final
HttpServletRequest
request
)
{
return
request
!=
null
?
request
.
getHeader
(
"user-agent"
)
:
null
;
}
}
src/main/resources/application.properties
View file @
a0d26759
...
...
@@ -85,7 +85,7 @@ security.basic.path=/cas/status/**
##
# CAS Web Application Session Configuration
#
server.session.timeout
=
3
00
server.session.timeout
=
288
00
server.session.cookie.http-only
=
true
server.session.tracking-modes
=
COOKIE
...
...
@@ -110,6 +110,13 @@ spring.aop.proxy-target-class=true
#去掉https
cas.tgc.secure
=
false
#不加密cookie tgc
cas.tgc.maxAge
=
-1
cas.tgc.crypto.enabled
=
false
cas.tgc.name
=
CASPIVACY
cas.tgc.httpOnly
=
true
cas.tgc.rememberMeMaxAge
=
1209600
#注册service中的json验证
cas.serviceRegistry.initFromJson
=
true
cas.serviceRegistry.watcherEnabled
=
true
...
...
@@ -138,56 +145,58 @@ cas.theme.defaultThemeName=app
cas.authn.exceptions.exceptions
=
com.zq.cas.exception.LoginModeException,com.zq.cas.exception.PasswordErrorException,com.zq.cas.exception.NoLoginModeException
#TGT的最大生存时间,28800秒,8小时
cas.ticket.tgt.maxTimeToLiveInSeconds
=
288
00
cas.ticket.tgt.maxTimeToLiveInSeconds
=
432
00
#用户没有对系统进行任何操作的情况下,7200秒(2小时)之后TGT会过期
cas.ticket.tgt.timeToKillInSeconds
=
7200
cas.ticket.tgt.timeToKillInSeconds
=
28800
#cas.ticket.tgt.timeoutExpirationPolicy=28800
#ST可以用几次才过期
cas.ticket.st.numberOfUses
=
1
#ST过期设置,默认是10秒
cas.ticket.st.timeToKillInSeconds
=
6000
cas.ticket.st.numberOfUses
=
2
#ST过期设置,默认是10秒 ms
cas.ticket.st.timeToKillInSeconds
=
10000
#配置redis存储ticket
cas.ticket.registry.redis.host
=
127.0.0.1
cas.ticket.registry.redis.database
=
0
cas.ticket.registry.redis.port
=
6379
cas.ticket.registry.redis.password
=
cas.ticket.registry.redis.timeout
=
2000
cas.ticket.registry.redis.useSsl
=
false
cas.ticket.registry.redis.usePool
=
true
cas.ticket.registry.redis.pool.max-active
=
20
cas.ticket.registry.redis.pool.maxIdle
=
8
cas.ticket.registry.redis.pool.minIdle
=
0
cas.ticket.registry.redis.pool.maxActive
=
8
cas.ticket.registry.redis.pool.maxWait
=
-1
cas.ticket.registry.redis.pool.numTestsPerEvictionRun
=
0
cas.ticket.registry.redis.pool.softMinEvictableIdleTimeMillis
=
0
cas.ticket.registry.redis.pool.minEvictableIdleTimeMillis
=
0
cas.ticket.registry.redis.pool.lifo
=
true
cas.ticket.registry.redis.pool.fairness
=
false
cas.ticket.registry.redis.pool.testOnCreate
=
false
cas.ticket.registry.redis.pool.testOnBorrow
=
false
cas.ticket.registry.redis.pool.testOnReturn
=
false
cas.ticket.registry.redis.pool.testWhileIdle
=
false
#
cas.ticket.registry.redis.host=127.0.0.1
#
cas.ticket.registry.redis.database=0
#
cas.ticket.registry.redis.port=6379
#
cas.ticket.registry.redis.password=
#
cas.ticket.registry.redis.timeout=2000
#
cas.ticket.registry.redis.useSsl=false
#
cas.ticket.registry.redis.usePool=true
#
cas.ticket.registry.redis.pool.max-active=20
#
cas.ticket.registry.redis.pool.maxIdle=8
#
cas.ticket.registry.redis.pool.minIdle=0
#
cas.ticket.registry.redis.pool.maxActive=8
#
cas.ticket.registry.redis.pool.maxWait=-1
#
cas.ticket.registry.redis.pool.numTestsPerEvictionRun=0
#
cas.ticket.registry.redis.pool.softMinEvictableIdleTimeMillis=0
#
cas.ticket.registry.redis.pool.minEvictableIdleTimeMillis=0
#
cas.ticket.registry.redis.pool.lifo=true
#
cas.ticket.registry.redis.pool.fairness=false
#
cas.ticket.registry.redis.pool.testOnCreate=false
#
cas.ticket.registry.redis.pool.testOnBorrow=false
#
cas.ticket.registry.redis.pool.testOnReturn=false
#
cas.ticket.registry.redis.pool.testWhileIdle=false
#cas.ticket.registry.redis.sentinel.master=mymaster
#cas.ticket.registry.redis.sentinel.nodes[0]=localhost:26377
#cas.ticket.registry.redis.sentinel.nodes[1]=localhost:26378
#cas.ticket.registry.redis.sentinel.nodes[2]=localhost:26379
#配置redis存储session
cas.webflow.autoconfigure
=
true
cas.webflow.alwaysPauseRedirect
=
false
cas.webflow.refresh
=
true
cas.webflow.redirectSameState
=
false
cas.webflow.session.lockTimeout
=
30
cas.webflow.session.compress
=
false
cas.webflow.session.maxConversations
=
5
cas.webflow.session.storage
=
true
spring.session.store-type
=
redis
spring.redis.host
=
127.0.0.1
spring.redis.password
=
spring.redis.port
=
6379
#
cas.webflow.autoconfigure=true
#
cas.webflow.alwaysPauseRedirect=false
#
cas.webflow.refresh=true
#
cas.webflow.redirectSameState=false
#
#
cas.webflow.session.lockTimeout=30
#
cas.webflow.session.compress=false
#
cas.webflow.session.maxConversations=5
#
cas.webflow.session.storage=true
#
spring.session.store-type=redis
#
spring.redis.host=127.0.0.1
#
spring.redis.password=
#
spring.redis.port=6379
#取消x-frame-options为deny限制,允许外部项目使用iframe嵌入cas-server登录页面
...
...
src/main/resources/application.yml
View file @
a0d26759
...
...
@@ -33,7 +33,7 @@ spring:
stat
:
enabled
:
true
log-slow-sql
:
true
slow-sql-millis
:
1000
slow-sql-millis
:
1000
0
merge-sql
:
true
wall
:
enabled
:
false
...
...
src/main/resources/templates/app/casLoginView.html
View file @
a0d26759
...
...
@@ -2,8 +2,8 @@
<html
xmlns:th=
"http://www.thymeleaf.org"
>
<head>
<meta
http-equiv=
"Content-Type"
content=
"text/html; charset=utf-8"
/>
<meta
http-equiv=
"X-UA-Compatible"
content=
"IE=edge,chrome=1"
/>
<meta
name=
"renderer"
content=
"webkit"
>
<meta
http-equiv=
"X-UA-Compatible"
content=
"IE=edge"
/>
<meta
name=
"viewport"
content=
"width=device-width, initial-scale=1, shrink-to-fit=no"
/>
<title>
登录入口
</title>
<link
href=
"./app/css/pintuer.css"
rel=
"stylesheet"
/>
...
...
@@ -194,7 +194,7 @@
<script
src=
"./app/layui/layui.js"
></script>
<script
type=
"text/javascript"
src=
"./app/js/myself/messenger.js"
></script>
<script
type=
"text/javascript"
src=
"./app/js/myself/SelectGXFYUsers.js"
></script>
<
script
type=
"text/javascript"
src=
"./app/js/ca/XTXSAB.js"
></script
>
<
!--<script type="text/javascript" src="./app/js/ca/XTXSAB.js"></script>--
>
<script
type=
"text/javascript"
src=
"./app/js/myself/login.js"
></script>
<script
type=
"text/javascript"
>
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment