Skip to content

C
cas
Commit ab2ffd21 by chentianzhong
Options

开启redis存取tgt和session。 

关闭单点登出,避免登出时候httpclient线程池溢出
parent a0d26759
Showing with 59 additions and 138 deletions
pom.xml
......@@ -164,18 +164,18 @@
</dependency>
<!--redis存储ticket-->
<!-- <dependency>-->
<!-- <groupId>org.apereo.cas</groupId>-->
<!-- <artifactId>cas-server-support-redis-ticket-registry</artifactId>-->
<!-- <version>${cas.version}</version>-->
<!-- </dependency>-->
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-redis-ticket-registry</artifactId>
<version>${cas.version}</version>
</dependency>
<!--session存入redis-->
<!-- <dependency>-->
<!-- <groupId>org.apereo.cas</groupId>-->
<!-- <artifactId>cas-server-webapp-session-redis</artifactId>-->
<!-- <version>${cas.version}</version>-->
<!-- </dependency>-->
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp-session-redis</artifactId>
<version>${cas.version}</version>
</dependency>
<!--连接池 -->
......
src/main/java/org/apereo/cas/web/support/DefaultCasCookieValueManager.java deleted 100644 → 0
package org.apereo.cas.web.support;
import com.google.common.base.Splitter;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CipherExecutor;
import org.apereo.inspektr.common.web.ClientInfo;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.servlet.http.HttpServletRequest;
import java.io.Serializable;
import java.util.List;
public class DefaultCasCookieValueManager extends EncryptedCookieValueManager {
@Generated
private static final Logger LOGGER = LoggerFactory.getLogger(DefaultCasCookieValueManager.class);
private static final char COOKIE_FIELD_SEPARATOR = '@';
private static final int COOKIE_FIELDS_LENGTH = 3;
public DefaultCasCookieValueManager(final CipherExecutor<Serializable, Serializable> cipherExecutor) {
super(cipherExecutor);
}
protected String buildCompoundCookieValue(final String givenCookieValue, final HttpServletRequest request) {
ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
StringBuilder builder = (new StringBuilder(givenCookieValue)).append('@').append(clientInfo.getClientIpAddress());
String userAgent = getHttpServletRequestUserAgent(request);
if (StringUtils.isBlank(userAgent)) {
throw new IllegalStateException("Request does not specify a user-agent");
} else {
builder.append('@').append(userAgent);
return builder.toString();
}
}
protected String obtainValueFromCompoundCookie(final String cookieValue, final HttpServletRequest request) {
List<String> cookieParts = Splitter.on(String.valueOf('@')).splitToList(cookieValue);
if (cookieParts.size() != 3) {
throw new IllegalStateException("Invalid cookie. Required fields are missing");
} else {
String value = (String)cookieParts.get(0);
String remoteAddr = (String)cookieParts.get(1);
String userAgent = (String)cookieParts.get(2);
if (!StringUtils.isBlank(value) && !StringUtils.isBlank(remoteAddr) && !StringUtils.isBlank(userAgent)) {
ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
if (!remoteAddr.equals(clientInfo.getClientIpAddress())) {
throw new IllegalStateException("Invalid cookie. Required remote address " + remoteAddr + " does not match " + clientInfo.getClientIpAddress());
} else {
String agent = getHttpServletRequestUserAgent(request);
String agent1 = "";
String userAgent1 ="";
try{
agent1 = agent.split(";")[0];
userAgent1 = userAgent.split(";")[0];
} catch (Exception e){
e.printStackTrace();
}
if (!userAgent1.equals(agent1)) {
throw new IllegalStateException("Invalid cookie. Required user-agent " + userAgent + " does not match " + agent);
}
return value;
// if (!userAgent.equals(agent)) {
// throw new IllegalStateException("Invalid cookie. Required user-agent " + userAgent + " does not match " + agent);
// } else {
// return value;
// }
}
} else {
throw new IllegalStateException("Invalid cookie. Required fields are empty");
}
}
}
public static String getHttpServletRequestUserAgent(final HttpServletRequest request) {
return request != null ? request.getHeader("user-agent") : null;
}
}
src/main/resources/application.properties
......@@ -125,6 +125,11 @@ cas.serviceRegistry.schedule.startDelay=15000
cas.serviceRegistry.managementType=DEFAULT
cas.serviceRegistry.json.location=classpath:/services
##关闭单点登出:
cas.slo.disabled=true
cas.slo.asynchronous=true
##开启rest认证
#cas.authn.rest.uri=http://localhost:8080/cas/login
##如果密码有加密,打开下面配置,我的是明文
......@@ -137,66 +142,66 @@ cas.serviceRegistry.json.location=classpath:/services
cas.logout.followServiceRedirects=true
cas.logout.redirectParameter=service
cas.logout.confirmLogout=false
cas.logout.removeDescendantTickets=true
#默认主题配置
cas.theme.defaultThemeName=app
#自定义错误信息
cas.authn.exceptions.exceptions=com.zq.cas.exception.LoginModeException,com.zq.cas.exception.PasswordErrorException,com.zq.cas.exception.NoLoginModeException
#TGT的最大生存时间,28800秒,8小时
#TGT的最大生存时间,43200,12小时
cas.ticket.tgt.maxTimeToLiveInSeconds=43200
#用户没有对系统进行任何操作的情况下,7200秒(2小时)之后TGT会过期
cas.ticket.tgt.timeToKillInSeconds=28800
cas.ticket.tgt.timeToKillInSeconds=7200
#cas.ticket.tgt.timeoutExpirationPolicy=28800
#ST可以用几次才过期
cas.ticket.st.numberOfUses=2
cas.ticket.st.numberOfUses=1
#ST过期设置,默认是10秒 ms
cas.ticket.st.timeToKillInSeconds=10000
cas.ticket.st.timeToKillInSeconds=60
#配置redis存储ticket
#cas.ticket.registry.redis.host=127.0.0.1
#cas.ticket.registry.redis.database=0
#cas.ticket.registry.redis.port=6379
#cas.ticket.registry.redis.password=
#cas.ticket.registry.redis.timeout=2000
#cas.ticket.registry.redis.useSsl=false
#cas.ticket.registry.redis.usePool=true
#cas.ticket.registry.redis.pool.max-active=20
#cas.ticket.registry.redis.pool.maxIdle=8
#cas.ticket.registry.redis.pool.minIdle=0
#cas.ticket.registry.redis.pool.maxActive=8
#cas.ticket.registry.redis.pool.maxWait=-1
#cas.ticket.registry.redis.pool.numTestsPerEvictionRun=0
#cas.ticket.registry.redis.pool.softMinEvictableIdleTimeMillis=0
#cas.ticket.registry.redis.pool.minEvictableIdleTimeMillis=0
#cas.ticket.registry.redis.pool.lifo=true
#cas.ticket.registry.redis.pool.fairness=false
#cas.ticket.registry.redis.pool.testOnCreate=false
#cas.ticket.registry.redis.pool.testOnBorrow=false
#cas.ticket.registry.redis.pool.testOnReturn=false
#cas.ticket.registry.redis.pool.testWhileIdle=false
cas.ticket.registry.redis.host=127.0.0.1
cas.ticket.registry.redis.database=0
cas.ticket.registry.redis.port=6379
cas.ticket.registry.redis.password=
cas.ticket.registry.redis.timeout=2000
cas.ticket.registry.redis.useSsl=false
cas.ticket.registry.redis.usePool=true
cas.ticket.registry.redis.pool.max-active=20
cas.ticket.registry.redis.pool.maxIdle=8
cas.ticket.registry.redis.pool.minIdle=0
cas.ticket.registry.redis.pool.maxActive=8
cas.ticket.registry.redis.pool.maxWait=-1
cas.ticket.registry.redis.pool.numTestsPerEvictionRun=0
cas.ticket.registry.redis.pool.softMinEvictableIdleTimeMillis=0
cas.ticket.registry.redis.pool.minEvictableIdleTimeMillis=0
cas.ticket.registry.redis.pool.lifo=true
cas.ticket.registry.redis.pool.fairness=false
cas.ticket.registry.redis.pool.testOnCreate=false
cas.ticket.registry.redis.pool.testOnBorrow=false
cas.ticket.registry.redis.pool.testOnReturn=false
cas.ticket.registry.redis.pool.testWhileIdle=false
#cas.ticket.registry.redis.sentinel.master=mymaster
#cas.ticket.registry.redis.sentinel.nodes[0]=localhost:26377
#cas.ticket.registry.redis.sentinel.nodes[1]=localhost:26378
#cas.ticket.registry.redis.sentinel.nodes[2]=localhost:26379
#配置redis存储session
#cas.webflow.autoconfigure=true
#cas.webflow.alwaysPauseRedirect=false
#cas.webflow.refresh=true
#cas.webflow.redirectSameState=false
#
#cas.webflow.session.lockTimeout=30
#cas.webflow.session.compress=false
#cas.webflow.session.maxConversations=5
#cas.webflow.session.storage=true
#spring.session.store-type=redis
#spring.redis.host=127.0.0.1
#spring.redis.password=
#spring.redis.port=6379
cas.webflow.autoconfigure=true
cas.webflow.alwaysPauseRedirect=false
cas.webflow.refresh=true
cas.webflow.redirectSameState=false
cas.webflow.session.lockTimeout=30
cas.webflow.session.compress=false
cas.webflow.session.maxConversations=5
cas.webflow.session.storage=true
spring.session.store-type=redis
spring.redis.host=127.0.0.1
spring.redis.password=
spring.redis.port=6379
#取消x-frame-options为deny限制,允许外部项目使用iframe嵌入cas-server登录页面
......
src/main/resources/application.yml
spring:
datasource:
driver-class-name: com.kingbase8.Driver
url: jdbc:kingbase8://172.18.3.137:54321/GXFY_OA
url: jdbc:kingbase8://175.178.197.14:54321/GXFY_OA
type: com.alibaba.druid.pool.DruidDataSource
username: SYSTEM
password: 123456
......
src/main/resources/log4j2.xml
......@@ -3,7 +3,7 @@
<Configuration monitorInterval="5" >
<!-- packages="org.zq.cas.logging" -->
<Properties>
<Property name="baseDir">/usr/cas/logs</Property>
<Property name="baseDir">/data/log/cas</Property>
</Properties>
<Appenders>
<Console name="console" target="SYSTEM_OUT">
......@@ -15,7 +15,7 @@
<PatternLayout pattern="%highlight{%d %p [%c] - &lt;%m&gt;}%n"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10 MB"/>
<SizeBasedTriggeringPolicy size="200 MB"/>
<TimeBasedTriggeringPolicy />
</Policies>
<DefaultRolloverStrategy max="5" compressionLevel="9">
......@@ -30,7 +30,7 @@
<PatternLayout pattern="%d %p [%c] - %m%n"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10 MB"/>
<SizeBasedTriggeringPolicy size="200 MB"/>
<TimeBasedTriggeringPolicy />
</Policies>
<DefaultRolloverStrategy max="5" compressionLevel="9">
......@@ -46,7 +46,7 @@
<PatternLayout pattern="%m%n"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10 MB"/>
<SizeBasedTriggeringPolicy size="200 MB"/>
<TimeBasedTriggeringPolicy />
</Policies>
<DefaultRolloverStrategy max="5" compressionLevel="9">
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment