CAS5.X 集群配置 初版
基础版
cas-overlay pom.xml
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd "> <modelVersion>4.0.0</modelVersion> <groupId>org.apereo.cas</groupId> <artifactId>cas-overlay</artifactId> <packaging>war</packaging> <version>1.0</version> <dependencies> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>${mysql.driver.version}</version> <scope>runtime</scope> </dependency> <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-webapp-tomcat</artifactId> <version>${cas.version}</version> <type>war</type> <scope>runtime</scope> </dependency> <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-jdbc</artifactId> <version>${cas.version}</version> </dependency> <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-oauth-webflow</artifactId> <version>${cas.version}</version> </dependency> <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-redis-ticket-registry</artifactId> <version>${cas.version}</version> </dependency> <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-webapp-session-redis</artifactId> <version>${cas.version}</version> </dependency> <dependency> <groupId>com.thetransactioncompany</groupId> <artifactId>java-property-utils</artifactId> <version>1.9.1</version> </dependency> <dependency> <groupId>com.thetransactioncompany</groupId> <artifactId>cors-filter</artifactId> <version>2.5</version> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.0.1</version> <scope>provided</scope> </dependency> <dependency> <groupId>javax.servlet.jsp</groupId> <artifactId>jsp-api</artifactId> <version>2.1</version> <scope>provided</scope> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>jstl</artifactId> <version>1.2</version> </dependency> </dependencies> <properties> <cas.version>5.1.1</cas.version> <springboot.version>1.4.2.RELEASE</springboot.version> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <mysql.driver.version>6.0.6</mysql.driver.version> </properties> <build> <plugins> <plugin> <groupId>com.rimerosolutions.maven.plugins</groupId> <artifactId>wrapper-maven-plugin</artifactId> <version>0.0.4</version> <configuration> <verifyDownload>true</verifyDownload> <checksumAlgorithm>MD5</checksumAlgorithm> </configuration> </plugin> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> <version>${springboot.version}</version> <configuration> <mainClass>org.springframework.boot.loader.WarLauncher</mainClass> <addResources>true</addResources> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> <version>2.6</version> <configuration> <warName>cas</warName> <failOnMissingWebXml>false</failOnMissingWebXml> <recompressZippedFiles>false</recompressZippedFiles> <archive> <compress>false</compress> <manifestFile>${project.build.directory}/war/work/org.apereo.cas/cas-server-webapp-tomcat/META-INF/MANIFEST.MF </manifestFile> </archive> <overlays> <overlay> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-webapp-tomcat</artifactId> </overlay> </overlays> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <version>3.3</version> </plugin> </plugins> <finalName>cas</finalName> </build> <repositories> <repository> <id>public</id> <name>Public Repositories</name> <url>http://192.168.1.21:8083/nexus/content/groups/public</url> <snapshots> <enabled>true</enabled> </snapshots> <releases> <enabled>true</enabled> </releases> </repository> <repository> <id>sonatype-releases</id> <url>http://oss.sonatype.org/content/repositories/releases/</url> <snapshots> <enabled>false</enabled> </snapshots> <releases> <enabled>true</enabled> </releases> </repository> <repository> <id>sonatype-snapshots</id> <url>https://oss.sonatype.org/content/repositories/snapshots/</url> <snapshots> <enabled>true</enabled> </snapshots> <releases> <enabled>false</enabled> </releases> </repository> <repository> <id>shibboleth-releases</id> <url>https://build.shibboleth.net/nexus/content/repositories/releases</url> </repository> <repository> <id>spring-milestones</id> <url>https://repo.spring.io/milestone</url> </repository> </repositories> <profiles> <profile> <activation> <activeByDefault>false</activeByDefault> </activation> <id>pgp</id> <build> <plugins> <plugin> <groupId>com.github.s4u.plugins</groupId> <artifactId>pgpverify-maven-plugin</artifactId> <version>1.1.0</version> <executions> <execution> <goals> <goal>check</goal> </goals> </execution> </executions> <configuration> <pgpKeyServer>hkp://pool.sks-keyservers.net</pgpKeyServer> <pgpKeysCachePath>${settings.localRepository}/pgpkeys-cache</pgpKeysCachePath> <scope>test</scope> <verifyPomFiles>true</verifyPomFiles> <failNoSignature>false</failNoSignature> </configuration> </plugin> </plugins> </build> </profile> </profiles> </project>
配置文件
application.properties
## # CAS Server Context Configuration # server.context-path=/cas server.port=80 cas.server.name=http://192.168.20.119:80 cas.server.prefix=http://192.168.20.119:80/cas cas.host.name=tusheng.cnblogs.com server.ssl.key-store=file:/etc/cas/thekeystore server.ssl.key-store-password=changeit server.ssl.key-password=changeit # server.ssl.ciphers= # server.ssl.client-auth= # server.ssl.enabled= # server.ssl.key-alias= # server.ssl.key-store-provider= # server.ssl.key-store-type= # server.ssl.protocol= # server.ssl.trust-store= # server.ssl.trust-store-password= # server.ssl.trust-store-provider= # server.ssl.trust-store-type= server.max-http-header-size=2097152 server.use-forward-headers=true server.connection-timeout=20000 server.error.include-stacktrace=ALWAYS server.tomcat.max-http-post-size=2097152 server.tomcat.basedir=build/tomcat server.tomcat.accesslog.enabled=true server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms) server.tomcat.accesslog.suffix=.log server.tomcat.max-threads=10 server.tomcat.port-header=X-Forwarded-Port server.tomcat.protocol-header=X-Forwarded-Proto server.tomcat.protocol-header-https-value=https server.tomcat.remote-ip-header=X-FORWARDED-FOR server.tomcat.uri-encoding=UTF-8 spring.http.encoding.charset=UTF-8 spring.http.encoding.enabled=true spring.http.encoding.force=true ## # CAS Cloud Bus Configuration # spring.cloud.bus.enabled=false # spring.cloud.bus.refresh.enabled=true # spring.cloud.bus.env.enabled=true # spring.cloud.bus.destination=CasCloudBus # spring.cloud.bus.ack.enabled=true endpoints.enabled=false endpoints.sensitive=true endpoints.restart.enabled=false endpoints.shutdown.enabled=false management.security.enabled=true management.security.roles=ACTUATOR,ADMIN management.security.sessions=if_required management.context-path=/status management.add-application-context-header=false security.basic.authorize-mode=role security.basic.enabled=false security.basic.path=/cas/status/** ## # CAS Web Application Session Configuration # server.session.timeout=300 server.session.cookie.http-only=true server.session.tracking-modes=COOKIE ## # CAS Thymeleaf View Configuration # spring.thymeleaf.encoding=UTF-8 spring.thymeleaf.cache=true spring.thymeleaf.mode=HTML ## # CAS Log4j Configuration # # logging.config=file:/etc/cas/log4j2.xml server.context-parameters.isLog4jAutoInitializationDisabled=true ## # CAS AspectJ Configuration # spring.aop.auto=true spring.aop.proxy-target-class=true ## # CAS Authentication Credentials # #cas.authn.accept.users=casuser::Mellon #############jdbc authentication################## cas.authn.jdbc.query[0].sql=SELECT password,salt FROM sys_user WHERE login_name=? cas.authn.jdbc.query[0].healthQuery=SELECT 1 cas.authn.jdbc.query[0].isolateInternalQueries=false cas.authn.jdbc.query[0].url=jdbc:mysql://192.168.20.119:3306/cas-local?useUnicode=true&useSSL=false&characterEncoding=utf-8&serverTimezone=GMT%2B8 cas.authn.jdbc.query[0].failFast=true cas.authn.jdbc.query[0].isolationLevelName=ISOLATION_READ_COMMITTED cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect cas.authn.jdbc.query[0].leakThreshold=10 cas.authn.jdbc.query[0].propagationBehaviorName=PROPAGATION_REQUIRED cas.authn.jdbc.query[0].batchSize=1 cas.authn.jdbc.query[0].user=root cas.authn.jdbc.query[0].ddlAuto=validate cas.authn.jdbc.query[0].maxAgeDays=180 cas.authn.jdbc.query[0].password=tusheng cas.authn.jdbc.query[0].autocommit=false cas.authn.jdbc.query[0].driverClass=com.mysql.cj.jdbc.Driver cas.authn.jdbc.query[0].idleTimeout=5000 cas.authn.jdbc.query[0].credentialCriteria= cas.authn.jdbc.query[0].pool.minSize=10 cas.authn.jdbc.query[0].pool.maxSize=100 #密码字段 cas.authn.jdbc.query[0].fieldPassword=password cas.authn.jdbc.query[0].fieldExpired= cas.authn.jdbc.query[0].fieldDisabled= #cas.authn.jdbc.query[0].principalAttributeList=sn,cn:commonName,givenName cas.authn.jdbc.query[0].passwordEncoder.type=DEFAULT #加密方式 cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=MD5 # cas.authn.attributeRepository.jdbc[0].attributes.test_name=test_name # cas.authn.attributeRepository.jdbc[0].attributes.salt=salt # cas.authn.attributeRepository.jdbc[0].attributes.cn=commonName # cas.authn.attributeRepository.jdbc[0].attributes.affiliation=groupMembership cas.authn.attributeRepository.jdbc[0].singleRow=true # cas.authn.attributeRepository.jdbc[0].order=0 cas.authn.attributeRepository.jdbc[0].requireAllAttributes=true cas.authn.attributeRepository.jdbc[0].caseCanonicalization=LOWER cas.authn.attributeRepository.jdbc[0].queryType=OR # Used only when there is a mapping of many rows to one user # cas.authn.attributeRepository.jdbc[0].columnMappings.columnAttrName1=columnAttrValue1 # cas.authn.attributeRepository.jdbc[0].columnMappings.columnAttrName2=columnAttrValue2 # cas.authn.attributeRepository.jdbc[0].columnMappings.columnAttrName3=columnAttrValue3 cas.authn.attributeRepository.jdbc[0].sql=SELECT * FROM sys_user WHERE {0} cas.authn.attributeRepository.jdbc[0].username=login_name cas.authn.attributeRepository.jdbc[0].healthQuery=SELECT 1 # cas.authn.attributeRepository.jdbc[0].isolateInternalQueries=false cas.authn.attributeRepository.jdbc[0].url=jdbc:mysql://192.168.20.119:3306/cas-local?useUnicode=true&useSSL=false&characterEncoding=utf-8&serverTimezone=GMT%2B8 # cas.authn.attributeRepository.jdbc[0].failFast=true # cas.authn.attributeRepository.jdbc[0].isolationLevelName=ISOLATION_READ_COMMITTED cas.authn.attributeRepository.jdbc[0].dialect=org.hibernate.dialect.MySQLDialect # cas.authn.attributeRepository.jdbc[0].leakThreshold=10 # cas.authn.attributeRepository.jdbc[0].propagationBehaviorName=PROPAGATION_REQUIRED # cas.authn.attributeRepository.jdbc[0].batchSize=1 cas.authn.attributeRepository.jdbc[0].user=root cas.authn.attributeRepository.jdbc[0].ddlAuto=validate cas.authn.attributeRepository.jdbc[0].password=tusheng # cas.authn.attributeRepository.jdbc[0].autocommit=false cas.authn.attributeRepository.jdbc[0].driverClass=com.mysql.cj.jdbc.Driver # cas.authn.attributeRepository.jdbc[0].idleTimeout=5000 # cas.authn.attributeRepository.jdbc[0].pool.suspension=false # cas.authn.attributeRepository.jdbc[0].pool.minSize=6 # cas.authn.attributeRepository.jdbc[0].pool.maxSize=18 # cas.authn.attributeRepository.jdbc[0].pool.maxWait=2000 # cas.authn.attributeRepository.jdbc[0].dataSourceName= # cas.authn.attributeRepository.jdbc[0].dataSourceProxy=false cas.authn.attributeRepository.defaultAttributesToRelease=test_name,salt
#tgc的生存周期,-1 永不过期
cas.tgc.maxAge=-1 #默认为true,使用https,如果只需要http,修改为false即可 cas.tgc.secure=false #随便搞的一串数字 个数必须超过 256/8/2=16 # The encryption secret key. By default, must be a octet string of size 256. cas.tgc.encryptionKey=nXL-DN7Xbt3HsY_Wwp9zVAUP-r4sFkZOIfAstCfpCXI #随便搞的一串数字 个数必须超过 512/8/2=32 # The signing secret key. By default, must be a octet string of size 512 cas.tgc.signingKey=tushengN7Xbt3HsY_Wwp9zVAUP-r4sFkZOIfAstCfpCXItushengN7Xbt3HsY_Wwp9zVAUP-r4sFkZOIfAstCfpCXI cas.tgc.cipherEnabled=true #cas.googleRecaptcha.verifyUrl=https://www.google.com/recaptcha/api/siteverify #cas.googleRecaptcha.siteKey=123456 #cas.googleRecaptcha.secret=111111 # Redis server host. cas.ticket.registry.redis.host=192.168.20.186 # #Database index used by the connection factory. cas.ticket.registry.redis.database=0 # ## Redis server port. cas.ticket.registry.redis.port=6379 # ## Login password of the redis server. cas.ticket.registry.redis.password=lucheng # ## Connection timeout in milliseconds cas.ticket.registry.redis.timeout=30 # ## cas.ticket.registry.redis.pool.max-active=20 # # Max number of "idle" connections in the pool. Use a negative value to indicate an unlimited number of idle connections. cas.ticket.registry.redis.pool.maxIdle=8 # # Target for the minimum number of idle connections to maintain in the pool. This setting only has an effect if it is positive. cas.ticket.registry.redis.pool.minIdle=0 # # Max number of connections that can be allocated by the pool at a given time. Use a negative value for no limit. cas.ticket.registry.redis.pool.maxActive=8 # # Maximum amount of time (in milliseconds) a connection allocation should block # before throwing an exception when the pool is exhausted. Use a negative value to block indefinitely. cas.ticket.registry.redis.pool.maxWait=-1 cas.ticket.registry.redis.crypto.signing.key= cas.ticket.registry.redis.crypto.signing.keySize=512 cas.ticket.registry.redis.crypto.encryption.key= cas.ticket.registry.redis.crypto.encryption.keySize=16 cas.ticket.registry.redis.crypto.alg=AES cas.webflow.autoconfigure=true cas.webflow.alwaysPauseRedirect=false cas.webflow.refresh=true cas.webflow.redirectSameState=false cas.webflow.session.lockTimeout=30 cas.webflow.session.compress=false cas.webflow.session.maxConversations=5 cas.webflow.session.storage=true # Manage session storage via Redis spring.session.store-type=redis spring.redis.host=192.168.20.186 spring.redis.password=tusheng spring.redis.port=6379 #cas.webflow.signing.key=tusheng #cas.webflow.signing.keySize=512 #cas.webflow.encryption.keySize=16 #cas.webflow.encryption.key= #cas.webflow.alg=AES