CAS5.X 集群配置 初版

基础版

cas-overlay  pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd ">
<modelVersion>4.0.0</modelVersion>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-overlay</artifactId>
<packaging>war</packaging>
<version>1.0</version> <dependencies>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>${mysql.driver.version}</version>
<scope>runtime</scope>
</dependency> <dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp-tomcat</artifactId>
<version>${cas.version}</version>
<type>war</type>
<scope>runtime</scope>
</dependency> <dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-jdbc</artifactId>
<version>${cas.version}</version>
</dependency> <dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-oauth-webflow</artifactId>
<version>${cas.version}</version>
</dependency> <dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-redis-ticket-registry</artifactId>
<version>${cas.version}</version>
</dependency> <dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp-session-redis</artifactId>
<version>${cas.version}</version>
</dependency> <dependency>
<groupId>com.thetransactioncompany</groupId>
<artifactId>java-property-utils</artifactId>
<version>1.9.1</version>
</dependency> <dependency>
<groupId>com.thetransactioncompany</groupId>
<artifactId>cors-filter</artifactId>
<version>2.5</version>
</dependency> <dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>2.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency> </dependencies> <properties>
<cas.version>5.1.1</cas.version>
<springboot.version>1.4.2.RELEASE</springboot.version>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<mysql.driver.version>6.0.6</mysql.driver.version>
</properties> <build>
<plugins>
<plugin>
<groupId>com.rimerosolutions.maven.plugins</groupId>
<artifactId>wrapper-maven-plugin</artifactId>
<version>0.0.4</version>
<configuration>
<verifyDownload>true</verifyDownload>
<checksumAlgorithm>MD5</checksumAlgorithm>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>${springboot.version}</version>
<configuration>
<mainClass>org.springframework.boot.loader.WarLauncher</mainClass>
<addResources>true</addResources>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>2.6</version>
<configuration>
<warName>cas</warName>
<failOnMissingWebXml>false</failOnMissingWebXml>
<recompressZippedFiles>false</recompressZippedFiles>
<archive>
<compress>false</compress>
<manifestFile>${project.build.directory}/war/work/org.apereo.cas/cas-server-webapp-tomcat/META-INF/MANIFEST.MF
</manifestFile>
</archive>
<overlays>
<overlay>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp-tomcat</artifactId>
</overlay>
</overlays>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.3</version>
</plugin>
</plugins>
<finalName>cas</finalName>
</build> <repositories>
<repository>
<id>public</id>
<name>Public Repositories</name>
<url>http://192.168.1.21:8083/nexus/content/groups/public</url> <snapshots>
<enabled>true</enabled>
</snapshots>
<releases>
<enabled>true</enabled>
</releases>
</repository> <repository>
<id>sonatype-releases</id>
<url>http://oss.sonatype.org/content/repositories/releases/</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
<releases>
<enabled>true</enabled>
</releases>
</repository>
<repository>
<id>sonatype-snapshots</id>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
<releases>
<enabled>false</enabled>
</releases>
</repository>
<repository>
<id>shibboleth-releases</id>
<url>https://build.shibboleth.net/nexus/content/repositories/releases</url>
</repository>
<repository>
<id>spring-milestones</id>
<url>https://repo.spring.io/milestone</url>
</repository>
</repositories> <profiles>
<profile>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<id>pgp</id>
<build>
<plugins>
<plugin>
<groupId>com.github.s4u.plugins</groupId>
<artifactId>pgpverify-maven-plugin</artifactId>
<version>1.1.0</version>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
<configuration>
<pgpKeyServer>hkp://pool.sks-keyservers.net</pgpKeyServer>
<pgpKeysCachePath>${settings.localRepository}/pgpkeys-cache</pgpKeysCachePath>
<scope>test</scope>
<verifyPomFiles>true</verifyPomFiles>
<failNoSignature>false</failNoSignature>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>

配置文件

application.properties

##
# CAS Server Context Configuration
#
server.context-path=/cas
server.port= cas.server.name=http://192.168.20.119:80
cas.server.prefix=http://192.168.20.119:80/cas
cas.host.name=tusheng.cnblogs.com server.ssl.key-store=file:/etc/cas/thekeystore
server.ssl.key-store-password=changeit
server.ssl.key-password=changeit
# server.ssl.ciphers=
# server.ssl.client-auth=
# server.ssl.enabled=
# server.ssl.key-alias=
# server.ssl.key-store-provider=
# server.ssl.key-store-type=
# server.ssl.protocol=
# server.ssl.trust-store=
# server.ssl.trust-store-password=
# server.ssl.trust-store-provider=
# server.ssl.trust-store-type= server.max-http-header-size=
server.use-forward-headers=true
server.connection-timeout=
server.error.include-stacktrace=ALWAYS server.tomcat.max-http-post-size=
server.tomcat.basedir=build/tomcat
server.tomcat.accesslog.enabled=true
server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms)
server.tomcat.accesslog.suffix=.log
server.tomcat.max-threads=
server.tomcat.port-header=X-Forwarded-Port
server.tomcat.protocol-header=X-Forwarded-Proto
server.tomcat.protocol-header-https-value=https
server.tomcat.remote-ip-header=X-FORWARDED-FOR
server.tomcat.uri-encoding=UTF- spring.http.encoding.charset=UTF-
spring.http.encoding.enabled=true
spring.http.encoding.force=true ##
# CAS Cloud Bus Configuration
#
spring.cloud.bus.enabled=false
# spring.cloud.bus.refresh.enabled=true
# spring.cloud.bus.env.enabled=true
# spring.cloud.bus.destination=CasCloudBus
# spring.cloud.bus.ack.enabled=true endpoints.enabled=false
endpoints.sensitive=true endpoints.restart.enabled=false
endpoints.shutdown.enabled=false management.security.enabled=true
management.security.roles=ACTUATOR,ADMIN
management.security.sessions=if_required
management.context-path=/status
management.add-application-context-header=false security.basic.authorize-mode=role
security.basic.enabled=false
security.basic.path=/cas/status/** ##
# CAS Web Application Session Configuration
#
server.session.timeout=300
server.session.cookie.http-only=true
server.session.tracking-modes=COOKIE ##
# CAS Thymeleaf View Configuration
#
spring.thymeleaf.encoding=UTF-8
spring.thymeleaf.cache=true
spring.thymeleaf.mode=HTML
##
# CAS Log4j Configuration
#
# logging.config=file:/etc/cas/log4j2.xml
server.context-parameters.isLog4jAutoInitializationDisabled=true ##
# CAS AspectJ Configuration
#
spring.aop.auto=true
spring.aop.proxy-target-class=true ##
# CAS Authentication Credentials
#
#cas.authn.accept.users=casuser::Mellon #############jdbc authentication##################
cas.authn.jdbc.query[0].sql=SELECT password,salt FROM sys_user WHERE login_name=?
cas.authn.jdbc.query[0].healthQuery=SELECT 1
cas.authn.jdbc.query[0].isolateInternalQueries=false
cas.authn.jdbc.query[0].url=jdbc:mysql://192.168.20.119:3306/cas-local?useUnicode=true&useSSL=false&characterEncoding=utf-8&serverTimezone=GMT%2B8
cas.authn.jdbc.query[0].failFast=true
cas.authn.jdbc.query[0].isolationLevelName=ISOLATION_READ_COMMITTED
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect
cas.authn.jdbc.query[0].leakThreshold=10
cas.authn.jdbc.query[0].propagationBehaviorName=PROPAGATION_REQUIRED
cas.authn.jdbc.query[0].batchSize=1
cas.authn.jdbc.query[0].user=root
cas.authn.jdbc.query[0].ddlAuto=validate
cas.authn.jdbc.query[0].maxAgeDays=180
cas.authn.jdbc.query[0].password=tusheng
cas.authn.jdbc.query[0].autocommit=false
cas.authn.jdbc.query[0].driverClass=com.mysql.cj.jdbc.Driver
cas.authn.jdbc.query[0].idleTimeout=5000
cas.authn.jdbc.query[0].credentialCriteria= cas.authn.jdbc.query[0].pool.minSize=10
cas.authn.jdbc.query[0].pool.maxSize=100
#密码字段
cas.authn.jdbc.query[0].fieldPassword=password
cas.authn.jdbc.query[0].fieldExpired=
cas.authn.jdbc.query[0].fieldDisabled=
#cas.authn.jdbc.query[0].principalAttributeList=sn,cn:commonName,givenName cas.authn.jdbc.query[0].passwordEncoder.type=DEFAULT
#加密方式
cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=MD5 # cas.authn.attributeRepository.jdbc[0].attributes.test_name=test_name
# cas.authn.attributeRepository.jdbc[0].attributes.salt=salt
# cas.authn.attributeRepository.jdbc[0].attributes.cn=commonName
# cas.authn.attributeRepository.jdbc[0].attributes.affiliation=groupMembership cas.authn.attributeRepository.jdbc[0].singleRow=true
# cas.authn.attributeRepository.jdbc[0].order=0
cas.authn.attributeRepository.jdbc[0].requireAllAttributes=true
cas.authn.attributeRepository.jdbc[0].caseCanonicalization=LOWER
cas.authn.attributeRepository.jdbc[0].queryType=OR # Used only when there is a mapping of many rows to one user
# cas.authn.attributeRepository.jdbc[0].columnMappings.columnAttrName1=columnAttrValue1
# cas.authn.attributeRepository.jdbc[0].columnMappings.columnAttrName2=columnAttrValue2
# cas.authn.attributeRepository.jdbc[0].columnMappings.columnAttrName3=columnAttrValue3 cas.authn.attributeRepository.jdbc[0].sql=SELECT * FROM sys_user WHERE {0}
cas.authn.attributeRepository.jdbc[0].username=login_name
cas.authn.attributeRepository.jdbc[0].healthQuery=SELECT 1
# cas.authn.attributeRepository.jdbc[0].isolateInternalQueries=false
cas.authn.attributeRepository.jdbc[0].url=jdbc:mysql://192.168.20.119:3306/cas-local?useUnicode=true&useSSL=false&characterEncoding=utf-8&serverTimezone=GMT%2B8
# cas.authn.attributeRepository.jdbc[0].failFast=true
# cas.authn.attributeRepository.jdbc[0].isolationLevelName=ISOLATION_READ_COMMITTED
cas.authn.attributeRepository.jdbc[0].dialect=org.hibernate.dialect.MySQLDialect
# cas.authn.attributeRepository.jdbc[0].leakThreshold=10
# cas.authn.attributeRepository.jdbc[0].propagationBehaviorName=PROPAGATION_REQUIRED
# cas.authn.attributeRepository.jdbc[0].batchSize=1
cas.authn.attributeRepository.jdbc[0].user=root
cas.authn.attributeRepository.jdbc[0].ddlAuto=validate
cas.authn.attributeRepository.jdbc[0].password=tusheng
# cas.authn.attributeRepository.jdbc[0].autocommit=false
cas.authn.attributeRepository.jdbc[0].driverClass=com.mysql.cj.jdbc.Driver
# cas.authn.attributeRepository.jdbc[0].idleTimeout=5000
# cas.authn.attributeRepository.jdbc[0].pool.suspension=false
# cas.authn.attributeRepository.jdbc[0].pool.minSize=6
# cas.authn.attributeRepository.jdbc[0].pool.maxSize=18
# cas.authn.attributeRepository.jdbc[0].pool.maxWait=2000
# cas.authn.attributeRepository.jdbc[0].dataSourceName=
# cas.authn.attributeRepository.jdbc[0].dataSourceProxy=false cas.authn.attributeRepository.defaultAttributesToRelease=test_name,salt

#tgc的生存周期,-1 永不过期
cas.tgc.maxAge=-1
#默认为true,使用https,如果只需要http,修改为false即可
cas.tgc.secure=false
#随便搞的一串数字 个数必须超过 256/8/2=16
# The encryption secret key. By default, must be a octet string of size 256.
cas.tgc.encryptionKey=nXL-DN7Xbt3HsY_Wwp9zVAUP-r4sFkZOIfAstCfpCXI
#随便搞的一串数字 个数必须超过 512/8/2=32
# The signing secret key. By default, must be a octet string of size 512
cas.tgc.signingKey=tushengN7Xbt3HsY_Wwp9zVAUP-r4sFkZOIfAstCfpCXItushengN7Xbt3HsY_Wwp9zVAUP-r4sFkZOIfAstCfpCXI
cas.tgc.cipherEnabled=true #cas.googleRecaptcha.verifyUrl=https://www.google.com/recaptcha/api/siteverify
#cas.googleRecaptcha.siteKey=123456
#cas.googleRecaptcha.secret=111111 # Redis server host.
cas.ticket.registry.redis.host=192.168.20.186
#
#Database index used by the connection factory.
cas.ticket.registry.redis.database=0
#
## Redis server port.
cas.ticket.registry.redis.port=6379
#
## Login password of the redis server.
cas.ticket.registry.redis.password=lucheng
#
## Connection timeout in milliseconds
cas.ticket.registry.redis.timeout=30
#
##
cas.ticket.registry.redis.pool.max-active=20
#
# Max number of "idle" connections in the pool. Use a negative value to indicate an unlimited number of idle connections.
cas.ticket.registry.redis.pool.maxIdle=8
#
# Target for the minimum number of idle connections to maintain in the pool. This setting only has an effect if it is positive.
cas.ticket.registry.redis.pool.minIdle=0
#
# Max number of connections that can be allocated by the pool at a given time. Use a negative value for no limit.
cas.ticket.registry.redis.pool.maxActive=8
#
# Maximum amount of time (in milliseconds) a connection allocation should block
# before throwing an exception when the pool is exhausted. Use a negative value to block indefinitely.
cas.ticket.registry.redis.pool.maxWait=-1 cas.ticket.registry.redis.crypto.signing.key=
cas.ticket.registry.redis.crypto.signing.keySize=512
cas.ticket.registry.redis.crypto.encryption.key=
cas.ticket.registry.redis.crypto.encryption.keySize=16
cas.ticket.registry.redis.crypto.alg=AES cas.webflow.autoconfigure=true
cas.webflow.alwaysPauseRedirect=false
cas.webflow.refresh=true
cas.webflow.redirectSameState=false cas.webflow.session.lockTimeout=30
cas.webflow.session.compress=false
cas.webflow.session.maxConversations=5
cas.webflow.session.storage=true # Manage session storage via Redis
spring.session.store-type=redis
spring.redis.host=192.168.20.186
spring.redis.password=tusheng
spring.redis.port=6379 #cas.webflow.signing.key=tusheng
#cas.webflow.signing.keySize=512
#cas.webflow.encryption.keySize=16
#cas.webflow.encryption.key=
#cas.webflow.alg=AES
上一篇:人生苦短,我用Python(1)


下一篇:linux之测试硬盘速度篇