Skip to content

C
cas
Commit a0d26759 by chentianzhong
Options

退了两个版本了。1.redis保存票据2 开启restful

parent fb2c5986
Showing with 243 additions and 151 deletions
pom.xml
...@@ -164,18 +164,18 @@ ...@@ -164,18 +164,18 @@
</dependency> </dependency>
<!--redis存储ticket--> <!--redis存储ticket-->
<dependency> <!-- <dependency>-->
<groupId>org.apereo.cas</groupId> <!-- <groupId>org.apereo.cas</groupId>-->
<artifactId>cas-server-support-redis-ticket-registry</artifactId> <!-- <artifactId>cas-server-support-redis-ticket-registry</artifactId>-->
<version>${cas.version}</version> <!-- <version>${cas.version}</version>-->
</dependency> <!-- </dependency>-->
<!--session存入redis--> <!--session存入redis-->
<dependency> <!-- <dependency>-->
<groupId>org.apereo.cas</groupId> <!-- <groupId>org.apereo.cas</groupId>-->
<artifactId>cas-server-webapp-session-redis</artifactId> <!-- <artifactId>cas-server-webapp-session-redis</artifactId>-->
<version>${cas.version}</version> <!-- <version>${cas.version}</version>-->
</dependency> <!-- </dependency>-->
<!--连接池 --> <!--连接池 -->
...@@ -220,35 +220,35 @@ ...@@ -220,35 +220,35 @@
<version>2.5</version> <version>2.5</version>
</dependency> </dependency>
<!-- log4j --> <!-- log4j -->
<dependency> <!-- <dependency>-->
<groupId>org.apache.logging.log4j</groupId> <!-- <groupId>org.apache.logging.log4j</groupId>-->
<artifactId>log4j-api</artifactId> <!-- <artifactId>log4j-api</artifactId>-->
<version>2.17.1</version> <!-- <version>2.17.1</version>-->
</dependency> <!-- </dependency>-->
<dependency> <!-- <dependency>-->
<groupId>org.apache.logging.log4j</groupId> <!-- <groupId>org.apache.logging.log4j</groupId>-->
<artifactId>log4j-core</artifactId> <!-- <artifactId>log4j-core</artifactId>-->
<version>2.17.1</version> <!-- <version>2.17.1</version>-->
</dependency> <!-- </dependency>-->
<dependency> <!-- <dependency>-->
<groupId>org.apache.logging.log4j</groupId> <!-- <groupId>org.apache.logging.log4j</groupId>-->
<artifactId>log4j-jcl</artifactId> <!-- <artifactId>log4j-jcl</artifactId>-->
<version>2.17.1</version> <!-- <version>2.17.1</version>-->
</dependency> <!-- </dependency>-->
<dependency> <!-- <dependency>-->
<groupId>org.apache.logging.log4j</groupId> <!-- <groupId>org.apache.logging.log4j</groupId>-->
<artifactId>log4j-slf4j-impl</artifactId> <!-- <artifactId>log4j-slf4j-impl</artifactId>-->
<version>2.17.1</version> <!-- <version>2.17.1</version>-->
</dependency> <!-- </dependency>-->
<dependency> <!-- <dependency>-->
<groupId>org.apache.logging.log4j</groupId> <!-- <groupId>org.apache.logging.log4j</groupId>-->
<artifactId>log4j-web</artifactId> <!-- <artifactId>log4j-web</artifactId>-->
<version>2.17.1</version> <!-- <version>2.17.1</version>-->
</dependency> <!-- </dependency>-->
<dependency> <dependency>
......
src/main/java/com/zq/cas/config/MyAuthenticationConfiguration.java
...@@ -2,7 +2,6 @@ package com.zq.cas.config; ...@@ -2,7 +2,6 @@ package com.zq.cas.config;
import cn.org.bjca.client.security.SecurityEngineDeal; import cn.org.bjca.client.security.SecurityEngineDeal;
import com.zq.cas.handler.MyAuthenticationHandler; import com.zq.cas.handler.MyAuthenticationHandler;
import com.zq.cas.handler.MyUsernameAndPasswordAuthenticationHandler;
import com.zq.cas.service.ISysUserService; import com.zq.cas.service.ISysUserService;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlan; import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer; import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
...@@ -56,19 +55,19 @@ public class MyAuthenticationConfiguration implements AuthenticationEventExecuti ...@@ -56,19 +55,19 @@ public class MyAuthenticationConfiguration implements AuthenticationEventExecuti
return handler; return handler;
} }
@Bean // @Bean
public AuthenticationHandler myUsernameAndPasswordAuthenticationHandler() { // public AuthenticationHandler myUsernameAndPasswordAuthenticationHandler() {
// MyAuthenticationHandler handler1 = //// MyAuthenticationHandler handler1 =
// new CustomUsernamePasswordAuthentication(MyAuthenticationHandler.class.getSimpleName(), //// new CustomUsernamePasswordAuthentication(MyAuthenticationHandler.class.getSimpleName(),
// servicesManager, new DefaultPrincipalFactory(), 1); //// servicesManager, new DefaultPrincipalFactory(), 1);
//
//
MyUsernameAndPasswordAuthenticationHandler handler = // MyUsernameAndPasswordAuthenticationHandler handler =
new MyUsernameAndPasswordAuthenticationHandler(MyAuthenticationHandler.class.getSimpleName(), // new MyUsernameAndPasswordAuthenticationHandler(MyAuthenticationHandler.class.getSimpleName(),
servicesManager, new DefaultPrincipalFactory(), 9); // servicesManager, new DefaultPrincipalFactory(), 9);
handler.setSysUserService(sysUserService); // handler.setSysUserService(sysUserService);
return handler; // return handler;
} // }
/** /**
* 注册验证器 * 注册验证器
...@@ -76,7 +75,7 @@ public class MyAuthenticationConfiguration implements AuthenticationEventExecuti ...@@ -76,7 +75,7 @@ public class MyAuthenticationConfiguration implements AuthenticationEventExecuti
*/ */
@Override @Override
public void configureAuthenticationExecutionPlan(AuthenticationEventExecutionPlan plan) { public void configureAuthenticationExecutionPlan(AuthenticationEventExecutionPlan plan) {
plan.registerAuthenticationHandler(myUsernameAndPasswordAuthenticationHandler()); //plan.registerAuthenticationHandler(myUsernameAndPasswordAuthenticationHandler());
plan.registerAuthenticationHandler(myAuthenticationHandler()); plan.registerAuthenticationHandler(myAuthenticationHandler());
} }
} }
src/main/java/com/zq/cas/handler/MyUsernameAndPasswordAuthenticationHandler.java
package com.zq.cas.handler; //package com.zq.cas.handler;
//
import com.zq.cas.entity.SysUser; //import com.zq.cas.entity.SysUser;
import com.zq.cas.service.ISysUserService; //import com.zq.cas.service.ISysUserService;
import com.zq.cas.util.MD5PasswordEncoderUtil; //import com.zq.cas.util.MD5PasswordEncoderUtil;
import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult; //import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
import org.apereo.cas.authentication.UsernamePasswordCredential; //import org.apereo.cas.authentication.UsernamePasswordCredential;
import org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler; //import org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
import org.apereo.cas.authentication.principal.PrincipalFactory; //import org.apereo.cas.authentication.principal.PrincipalFactory;
import org.apereo.cas.services.ServicesManager; //import org.apereo.cas.services.ServicesManager;
//
import javax.security.auth.login.AccountNotFoundException; //import javax.security.auth.login.AccountNotFoundException;
import java.security.GeneralSecurityException; //import java.security.GeneralSecurityException;
import java.util.LinkedHashMap; //import java.util.LinkedHashMap;
import java.util.Map; //import java.util.Map;
//
/** ///**
* 自定义登录验证器(restful) // * 自定义登录验证器(restful)
*/ // */
public class MyUsernameAndPasswordAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler { //public class MyUsernameAndPasswordAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {
//
private ISysUserService sysUserService; // private ISysUserService sysUserService;
//
public MyUsernameAndPasswordAuthenticationHandler(String name, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer order) { // public MyUsernameAndPasswordAuthenticationHandler(String name, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer order) {
super(name, servicesManager, principalFactory, order); // super(name, servicesManager, principalFactory, order);
} // }
//
public ISysUserService getSysUserService() { // public ISysUserService getSysUserService() {
return sysUserService; // return sysUserService;
} // }
//
public void setSysUserService(ISysUserService sysUserService) { // public void setSysUserService(ISysUserService sysUserService) {
this.sysUserService = sysUserService; // this.sysUserService = sysUserService;
} // }
//
@Override // @Override
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(UsernamePasswordCredential credential, String originalPassword) throws GeneralSecurityException { // protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(UsernamePasswordCredential credential, String originalPassword) throws GeneralSecurityException {
String username = credential.getUsername().trim(); // String username = credential.getUsername().trim();
String password = credential.getPassword().trim(); // String password = credential.getPassword().trim();
if (!username.contains("@gxfy.com")){ // if (!username.contains("@gxfy.com")){
username += "@gxfy.com"; // username += "@gxfy.com";
} // }
password = MD5PasswordEncoderUtil.encode(password); // password = MD5PasswordEncoderUtil.encode(password);
//
SysUser user = sysUserService.findByUsernameAndPwd(username, password); // SysUser user = sysUserService.findByUsernameAndPwd(username, password);
if (user == null){ // if (user == null){
throw new AccountNotFoundException("对象查询失败"); // throw new AccountNotFoundException("对象查询失败");
} // }
Map<String, Object> message = new LinkedHashMap<>(); // Map<String, Object> message = new LinkedHashMap<>();
message.put("userId", user.getUsername()); // message.put("userId", user.getUsername());
message.put("rybs", user.getPCode()); // message.put("rybs", user.getPCode());
message.put("fybm", user.getCourtCode()); // message.put("fybm", user.getCourtCode());
//
return createHandlerResult(credential, // return createHandlerResult(credential,
this.principalFactory.createPrincipal(credential.getUsername(), message)); // this.principalFactory.createPrincipal(credential.getUsername(), message));
//
} // }
} //}
src/main/java/org/apereo/cas/web/support/DefaultCasCookieValueManager.java 0 → 100644
package org.apereo.cas.web.support;
import com.google.common.base.Splitter;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CipherExecutor;
import org.apereo.inspektr.common.web.ClientInfo;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.servlet.http.HttpServletRequest;
import java.io.Serializable;
import java.util.List;
public class DefaultCasCookieValueManager extends EncryptedCookieValueManager {
@Generated
private static final Logger LOGGER = LoggerFactory.getLogger(DefaultCasCookieValueManager.class);
private static final char COOKIE_FIELD_SEPARATOR = '@';
private static final int COOKIE_FIELDS_LENGTH = 3;
public DefaultCasCookieValueManager(final CipherExecutor<Serializable, Serializable> cipherExecutor) {
super(cipherExecutor);
}
protected String buildCompoundCookieValue(final String givenCookieValue, final HttpServletRequest request) {
ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
StringBuilder builder = (new StringBuilder(givenCookieValue)).append('@').append(clientInfo.getClientIpAddress());
String userAgent = getHttpServletRequestUserAgent(request);
if (StringUtils.isBlank(userAgent)) {
throw new IllegalStateException("Request does not specify a user-agent");
} else {
builder.append('@').append(userAgent);
return builder.toString();
}
}
protected String obtainValueFromCompoundCookie(final String cookieValue, final HttpServletRequest request) {
List<String> cookieParts = Splitter.on(String.valueOf('@')).splitToList(cookieValue);
if (cookieParts.size() != 3) {
throw new IllegalStateException("Invalid cookie. Required fields are missing");
} else {
String value = (String)cookieParts.get(0);
String remoteAddr = (String)cookieParts.get(1);
String userAgent = (String)cookieParts.get(2);
if (!StringUtils.isBlank(value) && !StringUtils.isBlank(remoteAddr) && !StringUtils.isBlank(userAgent)) {
ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
if (!remoteAddr.equals(clientInfo.getClientIpAddress())) {
throw new IllegalStateException("Invalid cookie. Required remote address " + remoteAddr + " does not match " + clientInfo.getClientIpAddress());
} else {
String agent = getHttpServletRequestUserAgent(request);
String agent1 = "";
String userAgent1 ="";
try{
agent1 = agent.split(";")[0];
userAgent1 = userAgent.split(";")[0];
} catch (Exception e){
e.printStackTrace();
}
if (!userAgent1.equals(agent1)) {
throw new IllegalStateException("Invalid cookie. Required user-agent " + userAgent + " does not match " + agent);
}
return value;
// if (!userAgent.equals(agent)) {
// throw new IllegalStateException("Invalid cookie. Required user-agent " + userAgent + " does not match " + agent);
// } else {
// return value;
// }
}
} else {
throw new IllegalStateException("Invalid cookie. Required fields are empty");
}
}
}
public static String getHttpServletRequestUserAgent(final HttpServletRequest request) {
return request != null ? request.getHeader("user-agent") : null;
}
}
src/main/resources/application.properties
...@@ -85,7 +85,7 @@ security.basic.path=/cas/status/** ...@@ -85,7 +85,7 @@ security.basic.path=/cas/status/**
## ##
# CAS Web Application Session Configuration # CAS Web Application Session Configuration
# #
server.session.timeout=300 server.session.timeout=28800
server.session.cookie.http-only=true server.session.cookie.http-only=true
server.session.tracking-modes=COOKIE server.session.tracking-modes=COOKIE
...@@ -110,6 +110,13 @@ spring.aop.proxy-target-class=true ...@@ -110,6 +110,13 @@ spring.aop.proxy-target-class=true
#去掉https #去掉https
cas.tgc.secure=false cas.tgc.secure=false
#不加密cookie tgc
cas.tgc.maxAge=-1
cas.tgc.crypto.enabled=false
cas.tgc.name=CASPIVACY
cas.tgc.httpOnly=true
cas.tgc.rememberMeMaxAge=1209600
#注册service中的json验证 #注册service中的json验证
cas.serviceRegistry.initFromJson=true cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.watcherEnabled=true cas.serviceRegistry.watcherEnabled=true
...@@ -138,56 +145,58 @@ cas.theme.defaultThemeName=app ...@@ -138,56 +145,58 @@ cas.theme.defaultThemeName=app
cas.authn.exceptions.exceptions=com.zq.cas.exception.LoginModeException,com.zq.cas.exception.PasswordErrorException,com.zq.cas.exception.NoLoginModeException cas.authn.exceptions.exceptions=com.zq.cas.exception.LoginModeException,com.zq.cas.exception.PasswordErrorException,com.zq.cas.exception.NoLoginModeException
#TGT的最大生存时间,28800秒,8小时 #TGT的最大生存时间,28800秒,8小时
cas.ticket.tgt.maxTimeToLiveInSeconds=28800 cas.ticket.tgt.maxTimeToLiveInSeconds=43200
#用户没有对系统进行任何操作的情况下,7200秒(2小时)之后TGT会过期 #用户没有对系统进行任何操作的情况下,7200秒(2小时)之后TGT会过期
cas.ticket.tgt.timeToKillInSeconds=7200 cas.ticket.tgt.timeToKillInSeconds=28800
#cas.ticket.tgt.timeoutExpirationPolicy=28800
#ST可以用几次才过期 #ST可以用几次才过期
cas.ticket.st.numberOfUses=1 cas.ticket.st.numberOfUses=2
#ST过期设置,默认是10秒 #ST过期设置,默认是10秒 ms
cas.ticket.st.timeToKillInSeconds=6000 cas.ticket.st.timeToKillInSeconds=10000
#配置redis存储ticket #配置redis存储ticket
cas.ticket.registry.redis.host=127.0.0.1 #cas.ticket.registry.redis.host=127.0.0.1
cas.ticket.registry.redis.database=0 #cas.ticket.registry.redis.database=0
cas.ticket.registry.redis.port=6379 #cas.ticket.registry.redis.port=6379
cas.ticket.registry.redis.password= #cas.ticket.registry.redis.password=
cas.ticket.registry.redis.timeout=2000 #cas.ticket.registry.redis.timeout=2000
cas.ticket.registry.redis.useSsl=false #cas.ticket.registry.redis.useSsl=false
cas.ticket.registry.redis.usePool=true #cas.ticket.registry.redis.usePool=true
cas.ticket.registry.redis.pool.max-active=20 #cas.ticket.registry.redis.pool.max-active=20
cas.ticket.registry.redis.pool.maxIdle=8 #cas.ticket.registry.redis.pool.maxIdle=8
cas.ticket.registry.redis.pool.minIdle=0 #cas.ticket.registry.redis.pool.minIdle=0
cas.ticket.registry.redis.pool.maxActive=8 #cas.ticket.registry.redis.pool.maxActive=8
cas.ticket.registry.redis.pool.maxWait=-1 #cas.ticket.registry.redis.pool.maxWait=-1
cas.ticket.registry.redis.pool.numTestsPerEvictionRun=0 #cas.ticket.registry.redis.pool.numTestsPerEvictionRun=0
cas.ticket.registry.redis.pool.softMinEvictableIdleTimeMillis=0 #cas.ticket.registry.redis.pool.softMinEvictableIdleTimeMillis=0
cas.ticket.registry.redis.pool.minEvictableIdleTimeMillis=0 #cas.ticket.registry.redis.pool.minEvictableIdleTimeMillis=0
cas.ticket.registry.redis.pool.lifo=true #cas.ticket.registry.redis.pool.lifo=true
cas.ticket.registry.redis.pool.fairness=false #cas.ticket.registry.redis.pool.fairness=false
cas.ticket.registry.redis.pool.testOnCreate=false #cas.ticket.registry.redis.pool.testOnCreate=false
cas.ticket.registry.redis.pool.testOnBorrow=false #cas.ticket.registry.redis.pool.testOnBorrow=false
cas.ticket.registry.redis.pool.testOnReturn=false #cas.ticket.registry.redis.pool.testOnReturn=false
cas.ticket.registry.redis.pool.testWhileIdle=false #cas.ticket.registry.redis.pool.testWhileIdle=false
#cas.ticket.registry.redis.sentinel.master=mymaster #cas.ticket.registry.redis.sentinel.master=mymaster
#cas.ticket.registry.redis.sentinel.nodes[0]=localhost:26377 #cas.ticket.registry.redis.sentinel.nodes[0]=localhost:26377
#cas.ticket.registry.redis.sentinel.nodes[1]=localhost:26378 #cas.ticket.registry.redis.sentinel.nodes[1]=localhost:26378
#cas.ticket.registry.redis.sentinel.nodes[2]=localhost:26379 #cas.ticket.registry.redis.sentinel.nodes[2]=localhost:26379
#配置redis存储session #配置redis存储session
cas.webflow.autoconfigure=true #cas.webflow.autoconfigure=true
cas.webflow.alwaysPauseRedirect=false #cas.webflow.alwaysPauseRedirect=false
cas.webflow.refresh=true #cas.webflow.refresh=true
cas.webflow.redirectSameState=false #cas.webflow.redirectSameState=false
#
cas.webflow.session.lockTimeout=30 #cas.webflow.session.lockTimeout=30
cas.webflow.session.compress=false #cas.webflow.session.compress=false
cas.webflow.session.maxConversations=5 #cas.webflow.session.maxConversations=5
cas.webflow.session.storage=true #cas.webflow.session.storage=true
spring.session.store-type=redis #spring.session.store-type=redis
spring.redis.host=127.0.0.1 #spring.redis.host=127.0.0.1
spring.redis.password= #spring.redis.password=
spring.redis.port=6379 #spring.redis.port=6379
#取消x-frame-options为deny限制,允许外部项目使用iframe嵌入cas-server登录页面 #取消x-frame-options为deny限制,允许外部项目使用iframe嵌入cas-server登录页面
......
src/main/resources/application.yml
...@@ -33,7 +33,7 @@ spring: ...@@ -33,7 +33,7 @@ spring:
stat: stat:
enabled: true enabled: true
log-slow-sql: true log-slow-sql: true
slow-sql-millis: 1000 slow-sql-millis: 10000
merge-sql: true merge-sql: true
wall: wall:
enabled: false enabled: false
......
src/main/resources/templates/app/casLoginView.html
...@@ -2,8 +2,8 @@ ...@@ -2,8 +2,8 @@
<html xmlns:th="http://www.thymeleaf.org"> <html xmlns:th="http://www.thymeleaf.org">
<head> <head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"/>
<meta name="renderer" content="webkit"> <meta name="renderer" content="webkit">
<meta http-equiv="X-UA-Compatible" content="IE=edge"/>
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/>
<title>登录入口</title> <title>登录入口</title>
<link href="./app/css/pintuer.css" rel="stylesheet"/> <link href="./app/css/pintuer.css" rel="stylesheet"/>
...@@ -194,7 +194,7 @@ ...@@ -194,7 +194,7 @@
<script src="./app/layui/layui.js"></script> <script src="./app/layui/layui.js"></script>
<script type="text/javascript" src="./app/js/myself/messenger.js"></script> <script type="text/javascript" src="./app/js/myself/messenger.js"></script>
<script type="text/javascript" src="./app/js/myself/SelectGXFYUsers.js"></script> <script type="text/javascript" src="./app/js/myself/SelectGXFYUsers.js"></script>
<script type="text/javascript" src="./app/js/ca/XTXSAB.js"></script> <!--<script type="text/javascript" src="./app/js/ca/XTXSAB.js"></script>-->
<script type="text/javascript" src="./app/js/myself/login.js"></script> <script type="text/javascript" src="./app/js/myself/login.js"></script>
<script type="text/javascript"> <script type="text/javascript">
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment