退了两个版本了。1.redis保存票据2 开启restful

pom.xml

@@ -164,18 +164,18 @@
         </dependency>
 
         <!--redis存储ticket-->
-        <dependency>
-            <groupId>org.apereo.cas</groupId>
-            <artifactId>cas-server-support-redis-ticket-registry</artifactId>
-            <version>${cas.version}</version>
-        </dependency>
+<!--        <dependency>-->
+<!--            <groupId>org.apereo.cas</groupId>-->
+<!--            <artifactId>cas-server-support-redis-ticket-registry</artifactId>-->
+<!--            <version>${cas.version}</version>-->
+<!--        </dependency>-->
 
         <!--session存入redis-->
-        <dependency>
-            <groupId>org.apereo.cas</groupId>
-            <artifactId>cas-server-webapp-session-redis</artifactId>
-            <version>${cas.version}</version>
-        </dependency>
+<!--        <dependency>-->
+<!--            <groupId>org.apereo.cas</groupId>-->
+<!--            <artifactId>cas-server-webapp-session-redis</artifactId>-->
+<!--            <version>${cas.version}</version>-->
+<!--        </dependency>-->
 
 
         <!--连接池  -->
@@ -220,35 +220,35 @@
             <version>2.5</version>
         </dependency>
         <!-- log4j -->
-        <dependency>
-            <groupId>org.apache.logging.log4j</groupId>
-            <artifactId>log4j-api</artifactId>
-            <version>2.17.1</version>
-        </dependency>
+<!--        <dependency>-->
+<!--            <groupId>org.apache.logging.log4j</groupId>-->
+<!--            <artifactId>log4j-api</artifactId>-->
+<!--            <version>2.17.1</version>-->
+<!--        </dependency>-->
 
-        <dependency>
-            <groupId>org.apache.logging.log4j</groupId>
-            <artifactId>log4j-core</artifactId>
-            <version>2.17.1</version>
-        </dependency>
+<!--        <dependency>-->
+<!--            <groupId>org.apache.logging.log4j</groupId>-->
+<!--            <artifactId>log4j-core</artifactId>-->
+<!--            <version>2.17.1</version>-->
+<!--        </dependency>-->
 
-        <dependency>
-            <groupId>org.apache.logging.log4j</groupId>
-            <artifactId>log4j-jcl</artifactId>
-            <version>2.17.1</version>
-        </dependency>
+<!--        <dependency>-->
+<!--            <groupId>org.apache.logging.log4j</groupId>-->
+<!--            <artifactId>log4j-jcl</artifactId>-->
+<!--            <version>2.17.1</version>-->
+<!--        </dependency>-->
 
-        <dependency>
-            <groupId>org.apache.logging.log4j</groupId>
-            <artifactId>log4j-slf4j-impl</artifactId>
-            <version>2.17.1</version>
-        </dependency>
+<!--        <dependency>-->
+<!--            <groupId>org.apache.logging.log4j</groupId>-->
+<!--            <artifactId>log4j-slf4j-impl</artifactId>-->
+<!--            <version>2.17.1</version>-->
+<!--        </dependency>-->
 
-        <dependency>
-            <groupId>org.apache.logging.log4j</groupId>
-            <artifactId>log4j-web</artifactId>
-            <version>2.17.1</version>
-        </dependency>
+<!--        <dependency>-->
+<!--            <groupId>org.apache.logging.log4j</groupId>-->
+<!--            <artifactId>log4j-web</artifactId>-->
+<!--            <version>2.17.1</version>-->
+<!--        </dependency>-->
 
 
         <dependency>

src/main/java/com/zq/cas/config/MyAuthenticationConfiguration.java

@@ -2,7 +2,6 @@ package com.zq.cas.config;
 
 import cn.org.bjca.client.security.SecurityEngineDeal;
 import com.zq.cas.handler.MyAuthenticationHandler;
-import com.zq.cas.handler.MyUsernameAndPasswordAuthenticationHandler;
 import com.zq.cas.service.ISysUserService;
 import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
 import org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer;
@@ -56,19 +55,19 @@ public class MyAuthenticationConfiguration implements AuthenticationEventExecuti
         return handler;
     }
 
-    @Bean
-    public AuthenticationHandler myUsernameAndPasswordAuthenticationHandler() {
-//        MyAuthenticationHandler handler1 =
-//                new CustomUsernamePasswordAuthentication(MyAuthenticationHandler.class.getSimpleName(),
-//                        servicesManager, new DefaultPrincipalFactory(), 1);
-
-
-        MyUsernameAndPasswordAuthenticationHandler handler =
-                new MyUsernameAndPasswordAuthenticationHandler(MyAuthenticationHandler.class.getSimpleName(),
-                        servicesManager, new DefaultPrincipalFactory(), 9);
-        handler.setSysUserService(sysUserService);
-        return handler;
-    }
+//    @Bean
+//    public AuthenticationHandler myUsernameAndPasswordAuthenticationHandler() {
+////        MyAuthenticationHandler handler1 =
+////                new CustomUsernamePasswordAuthentication(MyAuthenticationHandler.class.getSimpleName(),
+////                        servicesManager, new DefaultPrincipalFactory(), 1);
+//
+//
+//        MyUsernameAndPasswordAuthenticationHandler handler =
+//                new MyUsernameAndPasswordAuthenticationHandler(MyAuthenticationHandler.class.getSimpleName(),
+//                        servicesManager, new DefaultPrincipalFactory(), 9);
+//        handler.setSysUserService(sysUserService);
+//        return handler;
+//    }
 
     /**
      * 注册验证器
@@ -76,7 +75,7 @@ public class MyAuthenticationConfiguration implements AuthenticationEventExecuti
      */
     @Override
     public void configureAuthenticationExecutionPlan(AuthenticationEventExecutionPlan plan) {
-        plan.registerAuthenticationHandler(myUsernameAndPasswordAuthenticationHandler());
+        //plan.registerAuthenticationHandler(myUsernameAndPasswordAuthenticationHandler());
         plan.registerAuthenticationHandler(myAuthenticationHandler());
     }
 }

src/main/java/com/zq/cas/handler/MyUsernameAndPasswordAuthenticationHandler.java

-package com.zq.cas.handler;
-
-import com.zq.cas.entity.SysUser;
-import com.zq.cas.service.ISysUserService;
-import com.zq.cas.util.MD5PasswordEncoderUtil;
-import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
-import org.apereo.cas.authentication.UsernamePasswordCredential;
-import org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
-import org.apereo.cas.authentication.principal.PrincipalFactory;
-import org.apereo.cas.services.ServicesManager;
-
-import javax.security.auth.login.AccountNotFoundException;
-import java.security.GeneralSecurityException;
-import java.util.LinkedHashMap;
-import java.util.Map;
-
-/**
- * 自定义登录验证器(restful)
- */
-public class MyUsernameAndPasswordAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {
-
-    private ISysUserService sysUserService;
-
-    public MyUsernameAndPasswordAuthenticationHandler(String name, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer order) {
-        super(name, servicesManager, principalFactory, order);
-    }
-
-    public ISysUserService getSysUserService() {
-        return sysUserService;
-    }
-
-    public void setSysUserService(ISysUserService sysUserService) {
-        this.sysUserService = sysUserService;
-    }
-
-    @Override
-    protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(UsernamePasswordCredential credential, String originalPassword) throws GeneralSecurityException {
-        String username = credential.getUsername().trim();
-        String password = credential.getPassword().trim();
-        if (!username.contains("@gxfy.com")){
-            username += "@gxfy.com";
-        }
-        password = MD5PasswordEncoderUtil.encode(password);
-
-        SysUser user = sysUserService.findByUsernameAndPwd(username, password);
-        if (user == null){
-            throw new AccountNotFoundException("对象查询失败");
-        }
-        Map<String, Object> message =  new LinkedHashMap<>();
-        message.put("userId", user.getUsername());
-        message.put("rybs", user.getPCode());
-        message.put("fybm", user.getCourtCode());
-
-        return createHandlerResult(credential,
-                    this.principalFactory.createPrincipal(credential.getUsername(), message));
-
-    }
-}
+//package com.zq.cas.handler;
+//
+//import com.zq.cas.entity.SysUser;
+//import com.zq.cas.service.ISysUserService;
+//import com.zq.cas.util.MD5PasswordEncoderUtil;
+//import org.apereo.cas.authentication.AuthenticationHandlerExecutionResult;
+//import org.apereo.cas.authentication.UsernamePasswordCredential;
+//import org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler;
+//import org.apereo.cas.authentication.principal.PrincipalFactory;
+//import org.apereo.cas.services.ServicesManager;
+//
+//import javax.security.auth.login.AccountNotFoundException;
+//import java.security.GeneralSecurityException;
+//import java.util.LinkedHashMap;
+//import java.util.Map;
+//
+///**
+// * 自定义登录验证器(restful)
+// */
+//public class MyUsernameAndPasswordAuthenticationHandler extends AbstractUsernamePasswordAuthenticationHandler {
+//
+//    private ISysUserService sysUserService;
+//
+//    public MyUsernameAndPasswordAuthenticationHandler(String name, ServicesManager servicesManager, PrincipalFactory principalFactory, Integer order) {
+//        super(name, servicesManager, principalFactory, order);
+//    }
+//
+//    public ISysUserService getSysUserService() {
+//        return sysUserService;
+//    }
+//
+//    public void setSysUserService(ISysUserService sysUserService) {
+//        this.sysUserService = sysUserService;
+//    }
+//
+//    @Override
+//    protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(UsernamePasswordCredential credential, String originalPassword) throws GeneralSecurityException {
+//        String username = credential.getUsername().trim();
+//        String password = credential.getPassword().trim();
+//        if (!username.contains("@gxfy.com")){
+//            username += "@gxfy.com";
+//        }
+//        password = MD5PasswordEncoderUtil.encode(password);
+//
+//        SysUser user = sysUserService.findByUsernameAndPwd(username, password);
+//        if (user == null){
+//            throw new AccountNotFoundException("对象查询失败");
+//        }
+//        Map<String, Object> message =  new LinkedHashMap<>();
+//        message.put("userId", user.getUsername());
+//        message.put("rybs", user.getPCode());
+//        message.put("fybm", user.getCourtCode());
+//
+//        return createHandlerResult(credential,
+//                    this.principalFactory.createPrincipal(credential.getUsername(), message));
+//
+//    }
+//}

src/main/java/org/apereo/cas/web/support/DefaultCasCookieValueManager.java

+package org.apereo.cas.web.support;
+
+import com.google.common.base.Splitter;
+import lombok.Generated;
+import org.apache.commons.lang3.StringUtils;
+import org.apereo.cas.CipherExecutor;
+import org.apereo.inspektr.common.web.ClientInfo;
+import org.apereo.inspektr.common.web.ClientInfoHolder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.servlet.http.HttpServletRequest;
+import java.io.Serializable;
+import java.util.List;
+
+public class DefaultCasCookieValueManager extends EncryptedCookieValueManager {
+    @Generated
+    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultCasCookieValueManager.class);
+    private static final char COOKIE_FIELD_SEPARATOR = '@';
+    private static final int COOKIE_FIELDS_LENGTH = 3;
+
+    public DefaultCasCookieValueManager(final CipherExecutor<Serializable, Serializable> cipherExecutor) {
+        super(cipherExecutor);
+    }
+
+    protected String buildCompoundCookieValue(final String givenCookieValue, final HttpServletRequest request) {
+        ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
+        StringBuilder builder = (new StringBuilder(givenCookieValue)).append('@').append(clientInfo.getClientIpAddress());
+        String userAgent = getHttpServletRequestUserAgent(request);
+        if (StringUtils.isBlank(userAgent)) {
+            throw new IllegalStateException("Request does not specify a user-agent");
+        } else {
+            builder.append('@').append(userAgent);
+            return builder.toString();
+        }
+    }
+
+    protected String obtainValueFromCompoundCookie(final String cookieValue, final HttpServletRequest request) {
+        List<String> cookieParts = Splitter.on(String.valueOf('@')).splitToList(cookieValue);
+        if (cookieParts.size() != 3) {
+            throw new IllegalStateException("Invalid cookie. Required fields are missing");
+        } else {
+            String value = (String)cookieParts.get(0);
+            String remoteAddr = (String)cookieParts.get(1);
+            String userAgent = (String)cookieParts.get(2);
+            if (!StringUtils.isBlank(value) && !StringUtils.isBlank(remoteAddr) && !StringUtils.isBlank(userAgent)) {
+                ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
+                if (!remoteAddr.equals(clientInfo.getClientIpAddress())) {
+                    throw new IllegalStateException("Invalid cookie. Required remote address " + remoteAddr + " does not match " + clientInfo.getClientIpAddress());
+                } else {
+                    String agent = getHttpServletRequestUserAgent(request);
+                    String agent1 = "";
+                    String userAgent1 ="";
+                    
+                    try{
+                        agent1 = agent.split(";")[0];
+                        userAgent1 = userAgent.split(";")[0];
+
+                    } catch (Exception e){
+                        e.printStackTrace();
+                    }
+
+                    if (!userAgent1.equals(agent1)) {
+                        throw new IllegalStateException("Invalid cookie. Required user-agent " + userAgent + " does not match " + agent);
+                    }
+                    return value;
+
+
+//                    if (!userAgent.equals(agent)) {
+//                        throw new IllegalStateException("Invalid cookie. Required user-agent " + userAgent + " does not match " + agent);
+//                    } else {
+//                        return value;
+//                    }
+                }
+            } else {
+                throw new IllegalStateException("Invalid cookie. Required fields are empty");
+            }
+        }
+    }
+
+    public static String getHttpServletRequestUserAgent(final HttpServletRequest request) {
+        return request != null ? request.getHeader("user-agent") : null;
+    }
+}

src/main/resources/application.properties

@@ -85,7 +85,7 @@ security.basic.path=/cas/status/**
 ##
 # CAS Web Application Session Configuration
 #
-server.session.timeout=300
+server.session.timeout=28800
 server.session.cookie.http-only=true
 server.session.tracking-modes=COOKIE
 
@@ -110,6 +110,13 @@ spring.aop.proxy-target-class=true
 
 #去掉https
 cas.tgc.secure=false
+#不加密cookie tgc
+cas.tgc.maxAge=-1
+cas.tgc.crypto.enabled=false
+cas.tgc.name=CASPIVACY
+cas.tgc.httpOnly=true
+cas.tgc.rememberMeMaxAge=1209600
+
 #注册service中的json验证
 cas.serviceRegistry.initFromJson=true
 cas.serviceRegistry.watcherEnabled=true
@@ -138,56 +145,58 @@ cas.theme.defaultThemeName=app
 cas.authn.exceptions.exceptions=com.zq.cas.exception.LoginModeException,com.zq.cas.exception.PasswordErrorException,com.zq.cas.exception.NoLoginModeException
 
 #TGT的最大生存时间，28800秒，8小时
-cas.ticket.tgt.maxTimeToLiveInSeconds=28800
+cas.ticket.tgt.maxTimeToLiveInSeconds=43200
 #用户没有对系统进行任何操作的情况下，7200秒(2小时)之后TGT会过期
-cas.ticket.tgt.timeToKillInSeconds=7200
+cas.ticket.tgt.timeToKillInSeconds=28800
+#cas.ticket.tgt.timeoutExpirationPolicy=28800
 
 #ST可以用几次才过期
-cas.ticket.st.numberOfUses=1
-#ST过期设置，默认是10秒
-cas.ticket.st.timeToKillInSeconds=6000
+cas.ticket.st.numberOfUses=2
+#ST过期设置，默认是10秒 ms
+cas.ticket.st.timeToKillInSeconds=10000
+
 
 #配置redis存储ticket
-cas.ticket.registry.redis.host=127.0.0.1
-cas.ticket.registry.redis.database=0
-cas.ticket.registry.redis.port=6379
-cas.ticket.registry.redis.password=
-cas.ticket.registry.redis.timeout=2000
-cas.ticket.registry.redis.useSsl=false
-cas.ticket.registry.redis.usePool=true
-cas.ticket.registry.redis.pool.max-active=20
-cas.ticket.registry.redis.pool.maxIdle=8
-cas.ticket.registry.redis.pool.minIdle=0
-cas.ticket.registry.redis.pool.maxActive=8
-cas.ticket.registry.redis.pool.maxWait=-1
-cas.ticket.registry.redis.pool.numTestsPerEvictionRun=0
-cas.ticket.registry.redis.pool.softMinEvictableIdleTimeMillis=0
-cas.ticket.registry.redis.pool.minEvictableIdleTimeMillis=0
-cas.ticket.registry.redis.pool.lifo=true
-cas.ticket.registry.redis.pool.fairness=false
-cas.ticket.registry.redis.pool.testOnCreate=false
-cas.ticket.registry.redis.pool.testOnBorrow=false
-cas.ticket.registry.redis.pool.testOnReturn=false
-cas.ticket.registry.redis.pool.testWhileIdle=false
+#cas.ticket.registry.redis.host=127.0.0.1
+#cas.ticket.registry.redis.database=0
+#cas.ticket.registry.redis.port=6379
+#cas.ticket.registry.redis.password=
+#cas.ticket.registry.redis.timeout=2000
+#cas.ticket.registry.redis.useSsl=false
+#cas.ticket.registry.redis.usePool=true
+#cas.ticket.registry.redis.pool.max-active=20
+#cas.ticket.registry.redis.pool.maxIdle=8
+#cas.ticket.registry.redis.pool.minIdle=0
+#cas.ticket.registry.redis.pool.maxActive=8
+#cas.ticket.registry.redis.pool.maxWait=-1
+#cas.ticket.registry.redis.pool.numTestsPerEvictionRun=0
+#cas.ticket.registry.redis.pool.softMinEvictableIdleTimeMillis=0
+#cas.ticket.registry.redis.pool.minEvictableIdleTimeMillis=0
+#cas.ticket.registry.redis.pool.lifo=true
+#cas.ticket.registry.redis.pool.fairness=false
+#cas.ticket.registry.redis.pool.testOnCreate=false
+#cas.ticket.registry.redis.pool.testOnBorrow=false
+#cas.ticket.registry.redis.pool.testOnReturn=false
+#cas.ticket.registry.redis.pool.testWhileIdle=false
 #cas.ticket.registry.redis.sentinel.master=mymaster
 #cas.ticket.registry.redis.sentinel.nodes[0]=localhost:26377
 #cas.ticket.registry.redis.sentinel.nodes[1]=localhost:26378
 #cas.ticket.registry.redis.sentinel.nodes[2]=localhost:26379
 
 #配置redis存储session
-cas.webflow.autoconfigure=true
-cas.webflow.alwaysPauseRedirect=false
-cas.webflow.refresh=true
-cas.webflow.redirectSameState=false
-
-cas.webflow.session.lockTimeout=30
-cas.webflow.session.compress=false
-cas.webflow.session.maxConversations=5
-cas.webflow.session.storage=true
-spring.session.store-type=redis
-spring.redis.host=127.0.0.1
-spring.redis.password=
-spring.redis.port=6379
+#cas.webflow.autoconfigure=true
+#cas.webflow.alwaysPauseRedirect=false
+#cas.webflow.refresh=true
+#cas.webflow.redirectSameState=false
+#
+#cas.webflow.session.lockTimeout=30
+#cas.webflow.session.compress=false
+#cas.webflow.session.maxConversations=5
+#cas.webflow.session.storage=true
+#spring.session.store-type=redis
+#spring.redis.host=127.0.0.1
+#spring.redis.password=
+#spring.redis.port=6379
 
 
 #取消x-frame-options为deny限制，允许外部项目使用iframe嵌入cas-server登录页面

src/main/resources/application.yml

@@ -33,7 +33,7 @@ spring:
         stat:
           enabled: true
           log-slow-sql: true
-          slow-sql-millis: 1000
+          slow-sql-millis: 10000
           merge-sql: true
         wall:
           enabled: false

src/main/resources/templates/app/casLoginView.html

@@ -2,8 +2,8 @@
 <html xmlns:th="http://www.thymeleaf.org">
 <head>
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"/>
     <meta name="renderer" content="webkit">
-    <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/>
     <title>登录入口</title>
     <link href="./app/css/pintuer.css" rel="stylesheet"/>
@@ -194,7 +194,7 @@
 <script src="./app/layui/layui.js"></script>
 <script type="text/javascript" src="./app/js/myself/messenger.js"></script>
 <script type="text/javascript" src="./app/js/myself/SelectGXFYUsers.js"></script>
-<script type="text/javascript" src="./app/js/ca/XTXSAB.js"></script>
+<!--<script type="text/javascript" src="./app/js/ca/XTXSAB.js"></script>-->
 <script type="text/javascript" src="./app/js/myself/login.js"></script>
 <script type="text/javascript">