Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
C
cas
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
陈天仲
cas
Commits
ab2ffd21
Commit
ab2ffd21
authored
Nov 13, 2022
by
chentianzhong
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
开启redis存取tgt和session。
关闭单点登出,避免登出时候httpclient线程池溢出
parent
a0d26759
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
59 additions
and
138 deletions
+59
-138
pom.xml
+10
-10
src/main/java/org/apereo/cas/web/support/DefaultCasCookieValueManager.java
+0
-84
src/main/resources/application.properties
+44
-39
src/main/resources/application.yml
+1
-1
src/main/resources/log4j2.xml
+4
-4
No files found.
pom.xml
View file @
ab2ffd21
...
...
@@ -164,18 +164,18 @@
</dependency>
<!--redis存储ticket-->
<!-- <dependency>--
>
<!-- <groupId>org.apereo.cas</groupId>--
>
<!-- <artifactId>cas-server-support-redis-ticket-registry</artifactId>--
>
<!-- <version>${cas.version}</version>--
>
<!-- </dependency>--
>
<dependency
>
<groupId>
org.apereo.cas
</groupId
>
<artifactId>
cas-server-support-redis-ticket-registry
</artifactId
>
<version>
${cas.version}
</version
>
</dependency
>
<!--session存入redis-->
<!-- <dependency>--
>
<!-- <groupId>org.apereo.cas</groupId>--
>
<!-- <artifactId>cas-server-webapp-session-redis</artifactId>--
>
<!-- <version>${cas.version}</version>--
>
<!-- </dependency>--
>
<dependency
>
<groupId>
org.apereo.cas
</groupId
>
<artifactId>
cas-server-webapp-session-redis
</artifactId
>
<version>
${cas.version}
</version
>
</dependency
>
<!--连接池 -->
...
...
src/main/java/org/apereo/cas/web/support/DefaultCasCookieValueManager.java
deleted
100644 → 0
View file @
a0d26759
package
org
.
apereo
.
cas
.
web
.
support
;
import
com.google.common.base.Splitter
;
import
lombok.Generated
;
import
org.apache.commons.lang3.StringUtils
;
import
org.apereo.cas.CipherExecutor
;
import
org.apereo.inspektr.common.web.ClientInfo
;
import
org.apereo.inspektr.common.web.ClientInfoHolder
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
javax.servlet.http.HttpServletRequest
;
import
java.io.Serializable
;
import
java.util.List
;
public
class
DefaultCasCookieValueManager
extends
EncryptedCookieValueManager
{
@Generated
private
static
final
Logger
LOGGER
=
LoggerFactory
.
getLogger
(
DefaultCasCookieValueManager
.
class
);
private
static
final
char
COOKIE_FIELD_SEPARATOR
=
'@'
;
private
static
final
int
COOKIE_FIELDS_LENGTH
=
3
;
public
DefaultCasCookieValueManager
(
final
CipherExecutor
<
Serializable
,
Serializable
>
cipherExecutor
)
{
super
(
cipherExecutor
);
}
protected
String
buildCompoundCookieValue
(
final
String
givenCookieValue
,
final
HttpServletRequest
request
)
{
ClientInfo
clientInfo
=
ClientInfoHolder
.
getClientInfo
();
StringBuilder
builder
=
(
new
StringBuilder
(
givenCookieValue
)).
append
(
'@'
).
append
(
clientInfo
.
getClientIpAddress
());
String
userAgent
=
getHttpServletRequestUserAgent
(
request
);
if
(
StringUtils
.
isBlank
(
userAgent
))
{
throw
new
IllegalStateException
(
"Request does not specify a user-agent"
);
}
else
{
builder
.
append
(
'@'
).
append
(
userAgent
);
return
builder
.
toString
();
}
}
protected
String
obtainValueFromCompoundCookie
(
final
String
cookieValue
,
final
HttpServletRequest
request
)
{
List
<
String
>
cookieParts
=
Splitter
.
on
(
String
.
valueOf
(
'@'
)).
splitToList
(
cookieValue
);
if
(
cookieParts
.
size
()
!=
3
)
{
throw
new
IllegalStateException
(
"Invalid cookie. Required fields are missing"
);
}
else
{
String
value
=
(
String
)
cookieParts
.
get
(
0
);
String
remoteAddr
=
(
String
)
cookieParts
.
get
(
1
);
String
userAgent
=
(
String
)
cookieParts
.
get
(
2
);
if
(!
StringUtils
.
isBlank
(
value
)
&&
!
StringUtils
.
isBlank
(
remoteAddr
)
&&
!
StringUtils
.
isBlank
(
userAgent
))
{
ClientInfo
clientInfo
=
ClientInfoHolder
.
getClientInfo
();
if
(!
remoteAddr
.
equals
(
clientInfo
.
getClientIpAddress
()))
{
throw
new
IllegalStateException
(
"Invalid cookie. Required remote address "
+
remoteAddr
+
" does not match "
+
clientInfo
.
getClientIpAddress
());
}
else
{
String
agent
=
getHttpServletRequestUserAgent
(
request
);
String
agent1
=
""
;
String
userAgent1
=
""
;
try
{
agent1
=
agent
.
split
(
";"
)[
0
];
userAgent1
=
userAgent
.
split
(
";"
)[
0
];
}
catch
(
Exception
e
){
e
.
printStackTrace
();
}
if
(!
userAgent1
.
equals
(
agent1
))
{
throw
new
IllegalStateException
(
"Invalid cookie. Required user-agent "
+
userAgent
+
" does not match "
+
agent
);
}
return
value
;
// if (!userAgent.equals(agent)) {
// throw new IllegalStateException("Invalid cookie. Required user-agent " + userAgent + " does not match " + agent);
// } else {
// return value;
// }
}
}
else
{
throw
new
IllegalStateException
(
"Invalid cookie. Required fields are empty"
);
}
}
}
public
static
String
getHttpServletRequestUserAgent
(
final
HttpServletRequest
request
)
{
return
request
!=
null
?
request
.
getHeader
(
"user-agent"
)
:
null
;
}
}
src/main/resources/application.properties
View file @
ab2ffd21
...
...
@@ -125,6 +125,11 @@ cas.serviceRegistry.schedule.startDelay=15000
cas.serviceRegistry.managementType
=
DEFAULT
cas.serviceRegistry.json.location
=
classpath:/services
##关闭单点登出:
cas.slo.disabled
=
true
cas.slo.asynchronous
=
true
##开启rest认证
#cas.authn.rest.uri=http://localhost:8080/cas/login
##如果密码有加密,打开下面配置,我的是明文
...
...
@@ -137,66 +142,66 @@ cas.serviceRegistry.json.location=classpath:/services
cas.logout.followServiceRedirects
=
true
cas.logout.redirectParameter
=
service
cas.logout.confirmLogout
=
false
cas.logout.removeDescendantTickets
=
true
#默认主题配置
cas.theme.defaultThemeName
=
app
#自定义错误信息
cas.authn.exceptions.exceptions
=
com.zq.cas.exception.LoginModeException,com.zq.cas.exception.PasswordErrorException,com.zq.cas.exception.NoLoginModeException
#TGT的最大生存时间,
28800秒,8
小时
#TGT的最大生存时间,
43200,12
小时
cas.ticket.tgt.maxTimeToLiveInSeconds
=
43200
#用户没有对系统进行任何操作的情况下,7200秒(2小时)之后TGT会过期
cas.ticket.tgt.timeToKillInSeconds
=
288
00
cas.ticket.tgt.timeToKillInSeconds
=
72
00
#cas.ticket.tgt.timeoutExpirationPolicy=28800
#ST可以用几次才过期
cas.ticket.st.numberOfUses
=
2
cas.ticket.st.numberOfUses
=
1
#ST过期设置,默认是10秒 ms
cas.ticket.st.timeToKillInSeconds
=
1000
0
cas.ticket.st.timeToKillInSeconds
=
6
0
#配置redis存储ticket
#
cas.ticket.registry.redis.host=127.0.0.1
#
cas.ticket.registry.redis.database=0
#
cas.ticket.registry.redis.port=6379
#
cas.ticket.registry.redis.password=
#
cas.ticket.registry.redis.timeout=2000
#
cas.ticket.registry.redis.useSsl=false
#
cas.ticket.registry.redis.usePool=true
#
cas.ticket.registry.redis.pool.max-active=20
#
cas.ticket.registry.redis.pool.maxIdle=8
#
cas.ticket.registry.redis.pool.minIdle=0
#
cas.ticket.registry.redis.pool.maxActive=8
#
cas.ticket.registry.redis.pool.maxWait=-1
#
cas.ticket.registry.redis.pool.numTestsPerEvictionRun=0
#
cas.ticket.registry.redis.pool.softMinEvictableIdleTimeMillis=0
#
cas.ticket.registry.redis.pool.minEvictableIdleTimeMillis=0
#
cas.ticket.registry.redis.pool.lifo=true
#
cas.ticket.registry.redis.pool.fairness=false
#
cas.ticket.registry.redis.pool.testOnCreate=false
#
cas.ticket.registry.redis.pool.testOnBorrow=false
#
cas.ticket.registry.redis.pool.testOnReturn=false
#
cas.ticket.registry.redis.pool.testWhileIdle=false
cas.ticket.registry.redis.host
=
127.0.0.1
cas.ticket.registry.redis.database
=
0
cas.ticket.registry.redis.port
=
6379
cas.ticket.registry.redis.password
=
cas.ticket.registry.redis.timeout
=
2000
cas.ticket.registry.redis.useSsl
=
false
cas.ticket.registry.redis.usePool
=
true
cas.ticket.registry.redis.pool.max-active
=
20
cas.ticket.registry.redis.pool.maxIdle
=
8
cas.ticket.registry.redis.pool.minIdle
=
0
cas.ticket.registry.redis.pool.maxActive
=
8
cas.ticket.registry.redis.pool.maxWait
=
-1
cas.ticket.registry.redis.pool.numTestsPerEvictionRun
=
0
cas.ticket.registry.redis.pool.softMinEvictableIdleTimeMillis
=
0
cas.ticket.registry.redis.pool.minEvictableIdleTimeMillis
=
0
cas.ticket.registry.redis.pool.lifo
=
true
cas.ticket.registry.redis.pool.fairness
=
false
cas.ticket.registry.redis.pool.testOnCreate
=
false
cas.ticket.registry.redis.pool.testOnBorrow
=
false
cas.ticket.registry.redis.pool.testOnReturn
=
false
cas.ticket.registry.redis.pool.testWhileIdle
=
false
#cas.ticket.registry.redis.sentinel.master=mymaster
#cas.ticket.registry.redis.sentinel.nodes[0]=localhost:26377
#cas.ticket.registry.redis.sentinel.nodes[1]=localhost:26378
#cas.ticket.registry.redis.sentinel.nodes[2]=localhost:26379
#配置redis存储session
#
cas.webflow.autoconfigure=true
#
cas.webflow.alwaysPauseRedirect=false
#
cas.webflow.refresh=true
#
cas.webflow.redirectSameState=false
#
#
cas.webflow.session.lockTimeout=30
#
cas.webflow.session.compress=false
#
cas.webflow.session.maxConversations=5
#
cas.webflow.session.storage=true
#
spring.session.store-type=redis
#
spring.redis.host=127.0.0.1
#
spring.redis.password=
#
spring.redis.port=6379
cas.webflow.autoconfigure
=
true
cas.webflow.alwaysPauseRedirect
=
false
cas.webflow.refresh
=
true
cas.webflow.redirectSameState
=
false
cas.webflow.session.lockTimeout
=
30
cas.webflow.session.compress
=
false
cas.webflow.session.maxConversations
=
5
cas.webflow.session.storage
=
true
spring.session.store-type
=
redis
spring.redis.host
=
127.0.0.1
spring.redis.password
=
spring.redis.port
=
6379
#取消x-frame-options为deny限制,允许外部项目使用iframe嵌入cas-server登录页面
...
...
src/main/resources/application.yml
View file @
ab2ffd21
spring
:
datasource
:
driver-class-name
:
com.kingbase8.Driver
url
:
jdbc:kingbase8://17
2.18.3.137
:54321/GXFY_OA
url
:
jdbc:kingbase8://17
5.178.197.14
:54321/GXFY_OA
type
:
com.alibaba.druid.pool.DruidDataSource
username
:
SYSTEM
password
:
123456
...
...
src/main/resources/log4j2.xml
View file @
ab2ffd21
...
...
@@ -3,7 +3,7 @@
<Configuration
monitorInterval=
"5"
>
<!-- packages="org.zq.cas.logging" -->
<Properties>
<Property
name=
"baseDir"
>
/
usr/cas/log
s
</Property>
<Property
name=
"baseDir"
>
/
data/log/ca
s
</Property>
</Properties>
<Appenders>
<Console
name=
"console"
target=
"SYSTEM_OUT"
>
...
...
@@ -15,7 +15,7 @@
<PatternLayout
pattern=
"%highlight{%d %p [%c] - <%m>}%n"
/>
<Policies>
<OnStartupTriggeringPolicy
/>
<SizeBasedTriggeringPolicy
size=
"
1
0 MB"
/>
<SizeBasedTriggeringPolicy
size=
"
20
0 MB"
/>
<TimeBasedTriggeringPolicy
/>
</Policies>
<DefaultRolloverStrategy
max=
"5"
compressionLevel=
"9"
>
...
...
@@ -30,7 +30,7 @@
<PatternLayout
pattern=
"%d %p [%c] - %m%n"
/>
<Policies>
<OnStartupTriggeringPolicy
/>
<SizeBasedTriggeringPolicy
size=
"
1
0 MB"
/>
<SizeBasedTriggeringPolicy
size=
"
20
0 MB"
/>
<TimeBasedTriggeringPolicy
/>
</Policies>
<DefaultRolloverStrategy
max=
"5"
compressionLevel=
"9"
>
...
...
@@ -46,7 +46,7 @@
<PatternLayout
pattern=
"%m%n"
/>
<Policies>
<OnStartupTriggeringPolicy
/>
<SizeBasedTriggeringPolicy
size=
"
1
0 MB"
/>
<SizeBasedTriggeringPolicy
size=
"
20
0 MB"
/>
<TimeBasedTriggeringPolicy
/>
</Policies>
<DefaultRolloverStrategy
max=
"5"
compressionLevel=
"9"
>
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment