CAS单点登录-Cas-Management(八)

CAS 260 2017-09-30 11:49
<style> body.multimarkdown-preview, body.multimarkdown-wiki-preview { font-size: 11px; } </style>

CAS单点登录-Cas-Management(八)

cas-management也简称为service-management可以理解为服务管理。 cas为我们提供了对service的管理平台,通过UI界面进行操作管理

官方也提供了具体的配置文档

搭建项目

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<!--
  ~ 版权所有.(c)2008-2017. 卡尔科技工作室
  -->

<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <parent>
        <artifactId>sso</artifactId>
        <groupId>com.carl.auth</groupId>
        <version>1.4.0-SNAPSHOT</version>
        <relativePath>../pom.xml</relativePath>
    </parent>
    <modelVersion>4.0.0</modelVersion>

    <artifactId>sso-management</artifactId>
    <packaging>war</packaging>

    <build>
        <plugins>
            <plugin>
                <groupId>com.rimerosolutions.maven.plugins</groupId>
                <artifactId>wrapper-maven-plugin</artifactId>
                <version>0.0.5</version>
                <configuration>
                    <verifyDownload>true</verifyDownload>
                    <checksumAlgorithm>MD5</checksumAlgorithm>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-war-plugin</artifactId>
                <version>3.1.0</version>
                <configuration>
                    <warName>cas-management</warName>
                    <failOnMissingWebXml>false</failOnMissingWebXml>
                    <recompressZippedFiles>false</recompressZippedFiles>
                    <archive>
                        <compress>false</compress>
                        <manifestFile>${project.build.directory}/war/work/org.apereo.cas/cas-management-webapp/META-INF/MANIFEST.MF</manifestFile>
                    </archive>
                    <overlays>
                        <overlay>
                            <groupId>org.apereo.cas</groupId>
                            <artifactId>cas-management-webapp</artifactId>
                            <!--原有的服务不再初始化进去-->
                            <excludes>
                                <exclude>**/services/*</exclude>
                                <exclude>**/application.properties</exclude>
                                <exclude>**/bootstrap.properties</exclude>
                            </excludes>
                        </overlay>
                    </overlays>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.3</version>
            </plugin>
        </plugins>
        <finalName>cas-management</finalName>
    </build>

    <dependencies>
        <!--mongodb存储客户端配置,持久化配置与客户端配置系统配置必须一致-->
        <!--<dependency>
            <groupId>org.apereo.cas</groupId>
            <artifactId>cas-server-support-mongo-service-registry</artifactId>
            <version>${cas.version}</version>
        </dependency>-->
        <dependency>
            <groupId>org.apereo.cas</groupId>
            <artifactId>cas-management-webapp</artifactId>
            <version>${cas.version}</version>
            <type>war</type>
            <scope>runtime</scope>
        </dependency>
    </dependencies>
</project>

核心的内容是对war包的依赖,上面的pom是依赖项目中的结构,也对官网的例子进行细微的调整。

bootstrap.yml

当然还需要对启动的相关配置进行调整

#
# 版权所有.(c)2008-2017. 卡尔科技工作室
#
spring:
  application:
    name: cas-management
  cloud:
    config:
      enable: true
      watch:
        enabled: true
      fail-fast: true
  profiles:
    active: dev
logging:
  file: logs/cas-management.log
info:
  name: 接入管理系统
health:
  config:
    enable: true

# spring cloud config
---
spring:
  profiles: dev
  cloud:
    config:
      uri: http://localhost:8888/config
---

cas-management-dev.properties

另外这个文件是放在与配置中心

#
# 版权所有.(c)2008-2017. 卡尔科技工作室
#


##
# CAS Thymeleaf Views
#
spring.thymeleaf.cache=false
spring.thymeleaf.mode=HTML

##
# Embedded CAS Tomcat Container
#
server.context-path=/cas-management
server.port=8081


#
# CAS 动态认证管理开始
#
cas.server.name=https://passport.sso.com:8443
cas.server.prefix=${cas.server.name}

cas.mgmt.serverName=http://passport.sso.com:8081



# 静态管理认证开始
#通过sso登录后的用户,必须存在该文件下,否则无法登录,当然这些用户可以通过ldap进行动态管理
cas.mgmt.userPropertiesFile=classpath:/user-details.properties
cas.mgmt.defaultLocale=zh_CN
# 静态管理认证结束

##
# CAS Web Application Config
#
server.session.timeout=1800
server.session.cookie.http-only=true
server.session.tracking-modes=COOKIE

##
# CAS Cloud Bus Configuration
# Please leave spring.cloud.bus.enabled set to false
#
spring.cloud.bus.enabled=false

##
# Actuator Endpoint Security Defaults
#
endpoints.enabled=true
endpoints.actuator.enabled=true


# mongo db配置(客户端持久化)
#cas.serviceRegistry.mongo.idleTimeout=30000
#cas.serviceRegistry.mongo.port=27017
#cas.serviceRegistry.mongo.dropCollection=false
#cas.serviceRegistry.mongo.socketKeepAlive=false
#cas.serviceRegistry.mongo.password=123456
#cas.serviceRegistry.mongo.collectionName=cas-service-registry
#cas.serviceRegistry.mongo.databaseName=cas-mongo-database
#cas.serviceRegistry.mongo.timeout=5000
#cas.serviceRegistry.mongo.userId=cas-config
#cas.serviceRegistry.mongo.writeConcern=NORMAL
#cas.serviceRegistry.mongo.host=127.0.0.1
#cas.serviceRegistry.mongo.conns.lifetime=60000
#cas.serviceRegistry.mongo.conns.perHost=10
# mongo db配置(客户端持久化)

management.security.enabled=false


#tomcat配置
server.max-http-header-size=2097152
server.use-forward-headers=true
server.connection-timeout=20000
server.error.include-stacktrace=ALWAYS
server.tomcat.max-http-post-size=2097152
server.tomcat.basedir=build/tomcat
server.tomcat.accesslog.enabled=true
server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms)
server.tomcat.accesslog.suffix=.log
server.tomcat.max-threads=10
server.tomcat.port-header=X-Forwarded-Port
server.tomcat.protocol-header=X-Forwarded-Proto
server.tomcat.protocol-header-https-value=https
server.tomcat.remote-ip-header=X-FORWARDED-FOR
server.tomcat.uri-encoding=UTF-8
spring.http.encoding.charset=UTF-8
spring.http.encoding.enabled=true
spring.http.encoding.force=true

测试

启动步骤:

  1. sso-config
  2. sso-server
  3. sso-management

启动成功后试着访问http://localhost:8081/cas-management

若不成功,你应该看到访问的是https://passport.sso.com:8443/cas/login/xxx,需要看导入https设置hosts文件

若成功,看到的是登录页,提前恭喜你~ 这里写图片描述

输入admin/123登录成功,再次恭喜你~

这里写图片描述

当然了,由于没有对数据持久化,那肯定是没看到列表了,下面马上讲持久化~

持久化配置

持久化配置是为了将service配置加入数据库,动态识别,减轻去修改文件,通过系统进行管理

新增依赖

sso-server/pom.xml以及sso-management/pom.xml 加入依赖(打开注释)

<dependency>
	<groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-mongo-service-registry</artifactId>
    <version>${cas.version}</version>
</dependency>

当然需要设置数据库信息,cas-management-dev.propertiessso-dev.properties

cas.serviceRegistry.mongo.idleTimeout=30000
#数据库端口
cas.serviceRegistry.mongo.port=27017
cas.serviceRegistry.mongo.dropCollection=false
cas.serviceRegistry.mongo.socketKeepAlive=false
#密码
cas.serviceRegistry.mongo.password=123456
#存储service集合
cas.serviceRegistry.mongo.collectionName=cas-service-registry
#数据库名字
cas.serviceRegistry.mongo.databaseName=cas-mongo-database
cas.serviceRegistry.mongo.timeout=5000
#用户名
cas.serviceRegistry.mongo.userId=cas-config
cas.serviceRegistry.mongo.writeConcern=NORMAL
#数据库ip
cas.serviceRegistry.mongo.host=127.0.0.1
cas.serviceRegistry.mongo.conns.lifetime=60000
cas.serviceRegistry.mongo.conns.perHost=10

注意: mongodb的用户必须在所在的用户下添加认证

可以考虑以下配置

mongodb用户配置

要求mongodb版本3.4以上

#启动
>mongod.exe

#登录
>mongo

#切换数据库
>use admin

#新增管理员
>db.createUser({user: "admin",pwd: "123456",roles:[{role:"userAdminAnyDatabase", db: "admin" } ]})

#切换数据库
>use cas-mongo-database

# 新增用户
>db.createUser({user: "cas-config",pwd: "123456",roles: [ { role: "readWrite", db: "cas-mongo-database" }]})

#重启并开启认证
>mongod.exe --auth

下载代码尝试:GitHub 其他版本可以到GitHub或者码云查看

发现一些意外的事情可以考虑翻翻前面的博客进行学习哦

作者联系方式

如果技术的交流或者疑问可以联系或者提出issue。

邮箱:huang.wenbin@foxmail.com

QQ: 756884434 (请注明:SSO-CSDN)

文章评论