参考:https://blog.csdn.net/kunyang199034/article/details/80881118
一、下载CAS5.3
CAS5.3 Server我们下载cas-overlay-template版本
下载地址:https://github.com/apereo/cas-overlay-template
打开网址,点击左上角的Branch master可以选择要下载的版本,这里我们下载最新版。
二、编译CAS5.3
由于cas4.0以上就不再提供release版本,所以需要我们自己编译;我们将下载下来的压缩包放到某个目录下面,通过cmd进入该目录,依据官方文档上的编译方法,我们编译,如下图:
在cmd,运行”build.cmd run”,编译文件,编译时间会比较上,编译完成以后,会在所在目录生成一个target文件夹,如下图:
进入target文件夹,可以看到一个扩展名为.war的文件,如下图:
三、CAS5.3的安装部署
把步骤二生成的.war文件拷贝到webapps目录下面,启动tomcat,会自动解压缩.解压缩完成以后,通过浏览器http://192.168.1.121:8080/cas/login,如下图:
看到上图表示安装成功。
四、去除HTTPS
(1)打开WEB-INF/classess/application.properties,在最下面添加如下代码:
cas.tgc.secure=false
cas.serviceRegistry.initFromJson=true
添加完成以后,如下图:
至此CAS Server5.3配置完成。
五、CAS 5.3测试
(1)、首先通过浏览器访问http://192.168.1.121:8080/cas/login,输入账号、密码(casuser/Mellon);如下图:
至此Cas Server5.3搭建完毕
六、CAS 5.3集群部署
cas-overlay pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd ">
<modelVersion>4.0.0</modelVersion>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-login</artifactId>
<packaging>war</packaging>
<version>1.0</version>
<dependencies>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp${app.server}</artifactId>
<version>${cas.version}</version>
<type>war</type>
<scope>runtime</scope>
</dependency>
<!-- 自定义认证的方式 begin -->
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-jdbc</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-jdbc-drivers</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-redis-ticket-registry</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp-session-redis</artifactId>
<version>${cas.version}</version>
</dependency>
<!-- 数据库驱动 -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.46</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>com.rimerosolutions.maven.plugins</groupId>
<artifactId>wrapper-maven-plugin</artifactId>
<version>0.0.4</version>
<configuration>
<verifyDownload>true</verifyDownload>
<checksumAlgorithm>MD5</checksumAlgorithm>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>${springboot.version}</version>
<configuration>
<mainClass>${mainClassName}</mainClass>
<addResources>true</addResources>
<executable>${isExecutable}</executable>
<layout>WAR</layout>
</configuration>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
</execution>
</executions>
</plugin>
<!-- 添加依赖的插件 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>2.10</version>
<executions>
<execution>
<id>copy-dependencies</id>
<phase>compile</phase>
<goals>
<goal>copy-dependencies</goal>
</goals>
<configuration>
<outputDirectory>${project.build.directory}/${project.build.finalName}/WEB-INF/lib</outputDirectory>
<includeScope>system</includeScope>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>3.1.0</version>
<configuration>
<warName>cas</warName>
<failOnMissingWebXml>false</failOnMissingWebXml>
<recompressZippedFiles>false</recompressZippedFiles>
<archive>
<compress>false</compress>
<manifestFile>${manifestFileToUse}</manifestFile>
</archive>
<overlays>
<overlay>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp${app.server}</artifactId>
</overlay>
</overlays>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.3</version>
</plugin>
</plugins>
<finalName>cas</finalName>
</build>
<properties>
<cas.version>5.3.3</cas.version>
<springboot.version>1.5.14.RELEASE</springboot.version>
<!-- app.server could be -jetty, -undertow, -tomcat, or blank if you plan to provide appserver -->
<app.server>-tomcat</app.server>
<mainClassName>org.springframework.boot.loader.WarLauncher</mainClassName>
<isExecutable>false</isExecutable>
<manifestFileToUse>${project.build.directory}/war/work/org.apereo.cas/cas-server-webapp${app.server}/META-INF/MANIFEST.MF</manifestFileToUse>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<repositories>
<repository>
<id>sonatype-releases</id>
<url>http://oss.sonatype.org/content/repositories/releases/</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
<releases>
<enabled>true</enabled>
</releases>
</repository>
<repository>
<id>sonatype-snapshots</id>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
<releases>
<enabled>false</enabled>
</releases>
</repository>
<repository>
<id>shibboleth-releases</id>
<url>https://build.shibboleth.net/nexus/content/repositories/releases</url>
</repository>
</repositories>
<profiles>
<profile>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<id>exec</id>
<properties>
<mainClassName>org.apereo.cas.web.CasWebApplication</mainClassName>
<isExecutable>true</isExecutable>
<manifestFileToUse></manifestFileToUse>
</properties>
<build>
<plugins>
<plugin>
<groupId>com.soebes.maven.plugins</groupId>
<artifactId>echo-maven-plugin</artifactId>
<version>0.3.0</version>
<executions>
<execution>
<phase>prepare-package</phase>
<goals>
<goal>echo</goal>
</goals>
</execution>
</executions>
<configuration>
<echos>
<echo>Executable profile to make the generated CAS web application executable.</echo>
</echos>
</configuration>
</plugin>
</plugins>
</build>
</profile>
<profile>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<id>bootiful</id>
<properties>
<app.server>-tomcat</app.server>
<isExecutable>false</isExecutable>
</properties>
<dependencies>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp${app.server}</artifactId>
<version>${cas.version}</version>
<type>war</type>
<scope>runtime</scope>
</dependency>
</dependencies>
</profile>
<profile>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<id>pgp</id>
<build>
<plugins>
<plugin>
<groupId>com.github.s4u.plugins</groupId>
<artifactId>pgpverify-maven-plugin</artifactId>
<version>1.1.0</version>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
<configuration>
<pgpKeyServer>hkp://pool.sks-keyservers.net</pgpKeyServer>
<pgpKeysCachePath>${settings.localRepository}/pgpkeys-cache</pgpKeysCachePath>
<scope>test</scope>
<verifyPomFiles>true</verifyPomFiles>
<failNoSignature>false</failNoSignature>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>
配置文件
application.properties
##
# CAS Server Context Configuration
#
server.context-path=/cas
server.port=8082
server.max-http-header-size=2097152
server.use-forward-headers=true
server.connection-timeout=20000
server.error.include-stacktrace=ALWAYS
server.compression.enabled=true
server.compression.mime-types=application/javascript,application/json,application/xml,text/html,text/xml,text/plain
server.tomcat.max-http-post-size=2097152
server.tomcat.basedir=build/tomcat
server.tomcat.accesslog.enabled=true
server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms)
server.tomcat.accesslog.suffix=.log
server.tomcat.min-spare-threads=10
server.tomcat.max-threads=200
server.tomcat.port-header=X-Forwarded-Port
server.tomcat.protocol-header=X-Forwarded-Proto
server.tomcat.protocol-header-https-value=https
server.tomcat.remote-ip-header=X-FORWARDED-FOR
server.tomcat.uri-encoding=UTF-8
spring.http.encoding.charset=UTF-8
spring.http.encoding.enabled=true
spring.http.encoding.force=true
##
# CAS Cloud Bus Configuration
#
spring.cloud.bus.enabled=false
# Indicates that systemPropertiesOverride can be used.
# Set to false to prevent users from changing the default accidentally. Default true.
spring.cloud.config.allow-override=true
# External properties should override system properties.
spring.cloud.config.override-system-properties=false
# When allowOverride is true, external properties should take lowest priority, and not override any
# existing property sources (including local config files).
spring.cloud.config.override-none=false
# spring.cloud.bus.refresh.enabled=true
# spring.cloud.bus.env.enabled=true
# spring.cloud.bus.destination=CasCloudBus
# spring.cloud.bus.ack.enabled=true
endpoints.enabled=false
endpoints.sensitive=true
endpoints.restart.enabled=false
endpoints.shutdown.enabled=false
# Control the security of the management/actuator endpoints
# The 'enabled' flag below here controls the rendering of details for the health endpoint amongst other things.
management.security.enabled=true
management.security.roles=ACTUATOR,ADMIN
management.security.sessions=if_required
management.context-path=/status
management.add-application-context-header=false
# Define a CAS-specific "WARN" status code and its order
management.health.status.order=WARN, DOWN, OUT_OF_SERVICE, UNKNOWN, UP
# Control the security of the management/actuator endpoints
# With basic authentication, assuming Spring Security and/or relevant modules are on the classpath.
security.basic.authorize-mode=role
security.basic.path=/cas/status/**
# security.basic.enabled=true
# security.user.name=casuser
# security.user.password=
##
# CAS Web Application Session Configuration
#
server.session.timeout=300
server.session.cookie.http-only=true
server.session.tracking-modes=COOKIE
##
# CAS Thymeleaf View Configuration
#
spring.thymeleaf.encoding=UTF-8
spring.thymeleaf.cache=true
spring.thymeleaf.mode=HTML
spring.thymeleaf.template-resolver-order=100
##
# CAS Log4j Configuration
#
# logging.config=file:/etc/cas/log4j2.xml
server.context-parameters.isLog4jAutoInitializationDisabled=true
##
# CAS AspectJ Configuration
#
spring.aop.auto=true
spring.aop.proxy-target-class=true
##
# CAS Authentication Credentials
#
#cas.authn.accept.users=casuser::Mellon
cas.tgc.secure=false
cas.serviceRegistry.initFromJson=true
cas.authn.jdbc.query[0].url=jdbc:mysql://127.0.0.1:3306/auth?characterEncoding=UTF-8
cas.authn.jdbc.query[0].user=root
cas.authn.jdbc.query[0].password=root
cas.authn.jdbc.query[0].sql=select password from user where username=?
cas.authn.jdbc.query[0].fieldPassword=password
cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQL5Dialect
#cas.ticket.registry.jpa.url=jdbc:mysql://127.0.0.1:3306/auth?characterEncoding=UTF-8
#cas.ticket.registry.jpa.user=root
#cas.ticket.registry.jpa.password=root
#cas.ticket.registry.jpa.driverClass=com.mysql.jdbc.Driver
#cas.ticket.registry.jpa.dialect=org.hibernate.dialect.MySQL5Dialect
#cas.ticket.registry.jpa.ticketLockType=NONE
#cas.ticket.registry.jpa.ddl-auto=create-drop
#cas.ticket.registry.jpa.autocommit=true
cas.ticket.registry.redis.host=127.0.0.1
cas.ticket.registry.redis.database=0
cas.ticket.registry.redis.port=6379
cas.ticket.registry.redis.timeout=2000
cas.tgc.maxAge=-1
cas.tgc.crypto.enabled=true
cas.tgc.crypto.encryption.key=56DdfbdVtUx_Ybt5SjUv1xFs_capPF8CtqD2nXR9TJc
cas.tgc.crypto.signing.key=FA23BNWzjQryj-w6E3H2Q3eI8J1atcnc15wBzTPEaItYIsdB60KsPp6UKXJCrdMptZaULZUJMsaWvnFRKTokzg
cas.webflow.crypto.alg=AES
cas.webflow.crypto.enabled=true
cas.webflow.crypto.signing.key=z06OdPwHHHarewdoKQ9b4HNuyA3oqJMsxrDTa9xFE8-ezktOtT6rDcYJYeosboOzJ9Djw1uhv8u74E9K0f2OlQ
cas.webflow.crypto.encryption.key=xfRdocIPdDQtMfBl
cas.webflow.session.lockTimeout=30
cas.webflow.session.compress=false
cas.webflow.session.maxConversations=5
cas.webflow.session.storage=true
spring.session.store-type=redis
spring.redis.host=127.0.0.1
spring.redis.port=6379
集群部署问题
1)需解决集群环境下CAS服务集群session共享问题。
2)需解决集群环境下多个CAS服务共用一个ticket库。
3)需解决集群环境和springwebflow框架下CAS登录流程数据加密秘钥统一(或去除登录流程数据加密)
4)需解决集群环境和springwebflow框架下CAS登录票据加密秘钥统一(或去除票据数据加密)
final OctetSequenceJsonWebKey octetKey = OctJwkGenerator.generateJwk(512);
final Map<String, Object> params = octetKey.toParams(org.jose4j.jwk.JsonWebKey.OutputControlLevel.INCLUDE_SYMMETRIC);
String signingKey = params.get("k").toString();
System.out.println("webflow.signing.key:"+signingKey);
String encryptionKey = RandomStringUtils.randomAlphabetic(16);
System.out.println("webflow.encryption.key:"+encryptionKey);
final OctetSequenceJsonWebKey octetKey = OctJwkGenerator.generateJwk(512);
final Map<String, Object> params = octetKey.toParams(org.jose4j.jwk.JsonWebKey.OutputControlLevel.INCLUDE_SYMMETRIC);
String signingKey = params.get("k").toString();
System.out.println("tgc.signing.key:"+signingKey);
final OctetSequenceJsonWebKey octetKey2 = OctJwkGenerator.generateJwk(256);
final Map<String, Object> params2 = octetKey2.toParams(org.jose4j.jwk.JsonWebKey.OutputControlLevel.INCLUDE_SYMMETRIC);
String signingKey2 = params2.get("k").toString();
System.out.println("tgc.encryption.key:"+signingKey2);