一、CAS服务器的搭建 地址:github地址:https://github.com/apereo/cas-overlay-template
1.1 服务部署和测试 clone下来依赖包,下载后的依赖包,需要手动创建src/main/resources 目录,并在该目录下面创建application.properties文件和log4j2.xml文件
等待CAS服务启动之后,通过http://localhost:8080/cas/login
二、配置application.propertis 文件,通过数据库验证 2.1 pom.xml中添加依赖文件 1 2 3 4 5 6 7 8 9 10 11 12 <dependency> <groupId>org.postgresql</groupId> <artifactId>postgresql</artifactId> <version>42.2.18.jre7</version> </dependency> <!-- https://mvnrepository.com/artifact/org.apereo.cas/cas-server-support-jdbc --> <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-jdbc</artifactId> <version>${cas.version}</version> </dependency>
注释掉默认的用户配置:
1 #cas.authn.accept.users=casuser::Mellon
2.2 添加jdbc认证 2.2.1 这是使用数据库连接的配置 1 2 3 4 5 6 7 8 9 cas.authn.jdbc.query[0].driverClass=org.postgresql.Driver cas.authn.jdbc.query[0].url=jdbc:postgresql://127.0.0.1:5432/postgres cas.authn.jdbc.query[0].user=postgres cas.authn.jdbc.query[0].password=password cas.authn.jdbc.query[0].sql=select * from sys_user where username=? # 字段的列明 cas.authn.jdbc.query[0].fieldPassword=password cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=UTF-8
2.2.2 MD5加密配置 如果密码进行加盐配置,需要增加如下配置,这样数据库中存储的事MD5加密的密码,CAS页面输入的密码还是原始的密码就可以登录
1 2 3 cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=MD5 cas.authn.jdbc.query[0].passwordEncoder.type=DEFAULT cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=UTF-8
2.2.3 密码加盐加密 简单的MD5值太简单,需要加盐值的配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 # 加盐配置 #配置数据库连接 cas.authn.jdbc.encode[0].driverClass=org.postgresql.Driver cas.authn.jdbc.encode[0].url=jdbc:postgresql://127.0.0.1:5432/postgres cas.authn.jdbc.encode[0].user=postgres cas.authn.jdbc.encode[0].password=password #加密迭代次数 cas.authn.jdbc.encode[0].numberOfIterations=1024 # 数据库存放的动态盐值的字段列明 cas.authn.jdbc.encode[0].saltFieldName=PasswordSalt cas.authn.jdbc.encode[0].sql=select * from sys_user where username=? cas.authn.jdbc.encode[0].algorithmName=MD5 # 哪个字段作为密码字段 cas.authn.jdbc.encode[0].passwordFieldName=password
application.properties文件的模板如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 ## # CAS Server Context Configuration # server.context-path=/cas server.port=8443 # CAS 的访问需要https证书,在这里配置 server.ssl.key-store=E:/download/tomcat.keystore server.ssl.key-store-password=123456 server.ssl.key-password=123456 server.max-http-header-size=2097152 server.use-forward-headers=true server.connection-timeout=20000 server.error.include-stacktrace=ALWAYS server.compression.enabled=true server.compression.mime-types=application/javascript,application/json,application/xml,text/html,text/xml,text/plain server.tomcat.max-http-post-size=2097152 server.tomcat.basedir=build/tomcat server.tomcat.accesslog.enabled=true server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms) server.tomcat.accesslog.suffix=.log server.tomcat.min-spare-threads=10 server.tomcat.max-threads=200 server.tomcat.port-header=X-Forwarded-Port server.tomcat.protocol-header=X-Forwarded-Proto server.tomcat.protocol-header-https-value=https server.tomcat.remote-ip-header=X-FORWARDED-FOR server.tomcat.uri-encoding=UTF-8 spring.http.encoding.charset=UTF-8 spring.http.encoding.enabled=true spring.http.encoding.force=true ## # CAS Cloud Bus Configuration # spring.cloud.bus.enabled=false # Indicates that systemPropertiesOverride can be used. # Set to false to prevent users from changing the default accidentally. Default true. spring.cloud.config.allow-override=true # External properties should override system properties. spring.cloud.config.override-system-properties=false # When allowOverride is true, external properties should take lowest priority, and not override any # existing property sources (including local config files). spring.cloud.config.override-none=false # spring.cloud.bus.refresh.enabled=true # spring.cloud.bus.env.enabled=true # spring.cloud.bus.destination=CasCloudBus # spring.cloud.bus.ack.enabled=true endpoints.enabled=false endpoints.sensitive=true endpoints.restart.enabled=false endpoints.shutdown.enabled=false # Control the security of the management/actuator endpoints # The 'enabled' flag below here controls the rendering of details for the health endpoint amongst other things. management.security.enabled=true management.security.roles=ACTUATOR,ADMIN management.security.sessions=if_required management.context-path=/status management.add-application-context-header=false # Define a CAS-specific "WARN" status code and its order management.health.status.order=WARN, DOWN, OUT_OF_SERVICE, UNKNOWN, UP # Control the security of the management/actuator endpoints # With basic authentication, assuming Spring Security and/or relevant modules are on the classpath. security.basic.authorize-mode=role security.basic.path=/cas/status/** # security.basic.enabled=true # security.user.name=casuser # security.user.password= ## # CAS Web Application Session Configuration # server.session.timeout=300 server.session.cookie.http-only=true server.session.tracking-modes=COOKIE ## # CAS Thymeleaf View Configuration # spring.thymeleaf.encoding=UTF-8 spring.thymeleaf.cache=true spring.thymeleaf.mode=HTML spring.thymeleaf.template-resolver-order=100 ## # CAS Log4j Configuration # # logging.config=file:/etc/cas/log4j2.xml server.context-parameters.isLog4jAutoInitializationDisabled=true ## # CAS AspectJ Configuration # spring.aop.auto=true spring.aop.proxy-target-class=true ## 添加认证服务 cas.tgc.secure=false cas.serviceRegistry.initFromJson=true ## # CAS Authentication Credentials # # 默认的登录正好和密码 #cas.authn.accept.users=casuser::Mellon # 加盐配置 #配置数据库连接 #cas.authn.jdbc.encode[0].driverClass=org.postgresql.Driver #cas.authn.jdbc.encode[0].url=jdbc:postgresql://127.0.0.1:5432/postgres #cas.authn.jdbc.encode[0].user=postgres #cas.authn.jdbc.encode[0].password=password #加密迭代次数 #cas.authn.jdbc.encode[0].numberOfIterations=1024 # 数据库存放的动态盐值的字段列明 #cas.authn.jdbc.encode[0].saltFieldName=PasswordSalt #cas.authn.jdbc.encode[0].sql=select * from sys_user where username=? #cas.authn.jdbc.encode[0].algorithmName=MD5 # 哪个字段作为密码字段 #cas.authn.jdbc.encode[0].passwordFieldName=password cas.authn.jdbc.query[0].driverClass=org.postgresql.Driver cas.authn.jdbc.query[0].url=jdbc:postgresql://127.0.0.1:5432/postgres cas.authn.jdbc.query[0].user=postgres cas.authn.jdbc.query[0].password=password #cas.authn.jdbc.query[0].numberOfIterations=1024 #cas.authn.jdbc.query[0].saltFieldName=PasswordSalt cas.authn.jdbc.query[0].sql=select * from sys_user where username=? cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=MD5 cas.authn.jdbc.query[0].fieldPassword=password cas.authn.jdbc.query[0].passwordEncoder.type=DEFAULT cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=UTF-8
log4j2.xml文件的模板如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 <?xml version="1.0" encoding="UTF-8" ?> <!-- Specify the refresh internal in seconds. --> <Configuration monitorInterval="5" packages="org.apereo.cas.logging"> <Properties> <Property name="baseDir">D:\device-logs</Property> </Properties> <Appenders> <Console name="console" target="SYSTEM_OUT"> <PatternLayout pattern="%d %p [%c] - <%m>%n"/> </Console> <RollingFile name="file" fileName="${baseDir}/cas.log" append="true" filePattern="${baseDir}/cas-%d{yyyy-MM-dd-HH}-%i.log"> <PatternLayout pattern="%highlight{%d %p [%c] - <%m>}%n"/> <Policies> <OnStartupTriggeringPolicy /> <SizeBasedTriggeringPolicy size="10 MB"/> <TimeBasedTriggeringPolicy /> </Policies> <DefaultRolloverStrategy max="5" compressionLevel="9"> <Delete basePath="${baseDir}" maxDepth="2"> <IfFileName glob="*/*.log.gz" /> <IfLastModified age="7d" /> </Delete> </DefaultRolloverStrategy> </RollingFile> <RollingFile name="auditlogfile" fileName="${baseDir}/cas_audit.log" append="true" filePattern="${baseDir}/cas_audit-%d{yyyy-MM-dd-HH}-%i.log"> <PatternLayout pattern="%d %p [%c] - %m%n"/> <Policies> <OnStartupTriggeringPolicy /> <SizeBasedTriggeringPolicy size="10 MB"/> <TimeBasedTriggeringPolicy /> </Policies> <DefaultRolloverStrategy max="5" compressionLevel="9"> <Delete basePath="${baseDir}" maxDepth="2"> <IfFileName glob="*/*.log.gz" /> <IfLastModified age="7d" /> </Delete> </DefaultRolloverStrategy> </RollingFile> <RollingFile name="perfFileAppender" fileName="${baseDir}/perfStats.log" append="true" filePattern="${baseDir}/perfStats-%d{yyyy-MM-dd-HH}-%i.log"> <PatternLayout pattern="%m%n"/> <Policies> <OnStartupTriggeringPolicy /> <SizeBasedTriggeringPolicy size="10 MB"/> <TimeBasedTriggeringPolicy /> </Policies> <DefaultRolloverStrategy max="5" compressionLevel="9"> <Delete basePath="${baseDir}" maxDepth="2"> <IfFileName glob="*/*.log.gz" /> <IfLastModified age="7d" /> </Delete> </DefaultRolloverStrategy> </RollingFile> <CasAppender name="casAudit"> <AppenderRef ref="auditlogfile" /> </CasAppender> <CasAppender name="casFile"> <AppenderRef ref="file" /> </CasAppender> <CasAppender name="casConsole"> <AppenderRef ref="console" /> </CasAppender> <CasAppender name="casPerf"> <AppenderRef ref="perfFileAppender" /> </CasAppender> </Appenders> <Loggers> <AsyncLogger name="com.couchbase" level="off" additivity="false" includeLocation="true"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.apereo.cas.web.CasWebApplication" level="info" additivity="false" includeLocation="true"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.springframework.security" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.springframework.boot.autoconfigure.security" level="info" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.jasig.cas.client" level="info" additivity="false" includeLocation="true"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.apereo" level="info" additivity="false" includeLocation="true"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.apereo.services.persondir" level="off" additivity="false" includeLocation="true"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.apache" level="error" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.springframework.cloud" level="info" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.springframework.cloud.context" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.springframework.boot" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.springframework" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.springframework.aop" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.springframework.boot.actuate.autoconfigure" level="off" additivity="false"> <AppenderRef ref="casConsole"/> </AsyncLogger> <AsyncLogger name="org.springframework.webflow" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.springframework.session" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.springframework.amqp" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.springframework.integration" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.springframework.messaging" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.springframework.web" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.springframework.orm.jpa" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.springframework.scheduling" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.thymeleaf" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.pac4j" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.opensaml" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="net.sf.ehcache" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="com.ryantenney.metrics" level="off" additivity="false"> <AppenderRef ref="console"/> <AppenderRef ref="file"/> </AsyncLogger> <AsyncLogger name="net.jradius" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.openid4java" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.ldaptive" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="com.hazelcast" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.springframework.context.annotation" level="off" additivity="false" /> <AsyncLogger name="org.springframework.boot.devtools" level="off" additivity="false" /> <AsyncLogger name="org.jasig.spring" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.springframework.web.socket" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.apache.cxf" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.apache.http" level="off" additivity="false"> <AppenderRef ref="casConsole"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="perfStatsLogger" level="info" additivity="false" includeLocation="true"> <AppenderRef ref="casPerf"/> </AsyncLogger> <AsyncLogger name="org.apereo.cas.web.flow" level="info" additivity="true" includeLocation="true"> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncLogger name="org.apereo.inspektr.audit.support" level="info" includeLocation="true"> <AppenderRef ref="casAudit"/> <AppenderRef ref="casFile"/> </AsyncLogger> <AsyncRoot level="error"> <AppenderRef ref="casConsole"/> </AsyncRoot> </Loggers> </Configuration>
