FreeCMS商业版

功能强大、开源、代码通俗易懂、注释详细、面向二次开发友好!

承接网站建设、软件开发、微信开发项目,价格从优,欢迎咨询合作!

FreeCMS商业版V2.8已发布!购买请联系客服QQ 124812878 查看更新日志



在线演示 立即购买 下载免费版 下载商业版用户手册
客服QQ: 124812878 联系电话: 18339991503 Email: freeteam@foxmail.com

关于CAS 负载均衡 无状态部署改造点。 - me - ITeye博客

加入收藏夹】     【打印】     【关闭】 来源: 日期:2018-04-23 22:00:04 点击量: 收藏

废话不多说,直接进入正题

CAS 版本:5.2.x 采用overlay的方式建的项目。

无状态多节点部署改造主要涉及到两点:

1. 持久化CAS TICKET到共享区域(如数据库、redis等官方提供很多种存储就不一一说明了)
2. 持久化CAS Session (经过验证,可以不做这一步,但是由于我这边的验证码存放到了session中所以还是做了持久化)

参考官方文档我们先做第一点(需准备好redis):
a. 引入mavne依赖包
<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-redis-ticket-registry</artifactId>
    <version>${cas.version}</version>
</dependency>

b. 配置application.properties文件
cas.ticket.registry.redis.host=localhost
cas.ticket.registry.redis.database=0
cas.ticket.registry.redis.port=6379
cas.ticket.registry.redis.password=111111
cas.ticket.registry.redis.timeout=2000
cas.ticket.registry.redis.useSsl=false
cas.ticket.registry.redis.usePool=true
cas.ticket.registry.redis.pool.max-active=20
cas.ticket.registry.redis.pool.maxIdle=8
cas.ticket.registry.redis.pool.minIdle=0
cas.ticket.registry.redis.pool.maxActive=8
cas.ticket.registry.redis.pool.maxWait=-1
cas.ticket.registry.redis.pool.numTestsPerEvictionRun=0
cas.ticket.registry.redis.pool.softMinEvictableIdleTimeMillis=0
cas.ticket.registry.redis.pool.minEvictableIdleTimeMillis=0
cas.ticket.registry.redis.pool.lifo=true
cas.ticket.registry.redis.pool.fairness=false
cas.ticket.registry.redis.pool.testOnCreate=false
cas.ticket.registry.redis.pool.testOnBorrow=false
cas.ticket.registry.redis.pool.testOnReturn=false
cas.ticket.registry.redis.pool.testWhileIdle=false
#cas.ticket.registry.redis.sentinel.master=mymaster
#cas.ticket.registry.redis.sentinel.nodes[0]=localhost:26377
#cas.ticket.registry.redis.sentinel.nodes[1]=localhost:26378
#cas.ticket.registry.redis.sentinel.nodes[2]=localhost:26379

配置结束。

重启cas 登录之后测试一下,查看redis 里面是不是有CAS_TICKET了。

session存入redis的步骤这里也说一下,跟上面的一个套路。
a. 引入mavne依赖包(spring-session-data-redis和redis.clients.jedis CAS 本身已经有依赖过了不用添加,但是还是检查一下吧-0-)
<dependency>
  <groupId>org.apereo.cas</groupId>
  <artifactId>cas-server-webapp-session-redis</artifactId>
  <version>${cas.version}</version>
</dependency>

b. 配置application.properties文件
spring.session.store-type=redis
spring.redis.host=localhost
spring.redis.password=111111
spring.redis.port=6379

配置结束。

重启服务,进入登录页面,进行登录。然后查看redis 就会看到spring session等信息(这些就是session信息)。

开始测试负载均衡,模拟测试其实很简单,登录之后,重新开个浏览器选项卡 输入地址:
localhost:8081/cas 一直刷新,这个时候应该一直是登录状态。然后把服务器重启一下,
等重启好了之后 再次刷新,如果还是登录状态说明 ok 了。

但是..........楼主碰到鬼了,再次刷新竟然回到了登录界面,崩溃....

官网也是这么说的,网上一堆文章都是这么说的,难道还漏了啥步骤?然后楼主找呀找,找呀找 找到一篇文章,得到了一些线索,就去调试源码找到了关键信息(验证Cookie里面的TGC出问题了),就去调试源码,发现果然在解密TGC的时候出错了,然后就琢磨着,突然看到CAS 启动日志里面的关键信息

日志信息

2018-04-19 17:56:52,904 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Secret key for encryption is not defined for [Ticket-granting Cookie]; CAS will attempt to auto-generate the encryption key>
2018-04-19 17:56:52,922 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Generated encryption key [ycQ1-H0PyREa_j53zPz3P_Vem9HHmu5SX7cF4TKZ1RI] of size [256] for [Ticket-granting Cookie]. The generated key MUST be added to CAS settings under setting [cas.tgc.crypto.encryption.key].>
2018-04-19 17:56:52,926 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Secret key for signing is not defined for [Ticket-granting Cookie]. CAS will attempt to auto-generate the signing key>
2018-04-19 17:56:52,927 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Generated signing key [AhSCrTVH_TS5MhsKIvG8pd0JCEbaZpIkS0w_KjO7FB7L19ZiqKRxxng1FITZYQ94hp6waNN__2gle1qTLAaXEA] of size [512] for [Ticket-granting Cookie]. The generated key MUST be added to CAS settings under setting [cas.tgc.crypto.signing.key].>
2018-04-19 17:56:53,573 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Secret key for signing is not defined under [cas.webflow.crypto.signing.key]. CAS will attempt to auto-generate the signing key>
2018-04-19 17:56:53,574 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Generated signing key [OV9YGw8MvAsY-P1ITGEuR8WONzn_nFE8UoNrEp7AAlqoif7exOH6DZyty5zdQtQqQg5uWp8jESMXTF3MJ8aCfw] of size [512]. The generated key MUST be added to CAS settings under setting [cas.webflow.crypto.signing.key].>
2018-04-19 17:56:53,574 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Secret key for encryption is not defined under [cas.webflow.crypto.encryption.key]. CAS will attempt to auto-generate the encryption key>
2018-04-19 17:56:53,585 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Generated encryption key [pS0xhWBFegHsZ4zszYYAng] of size [16]. The generated key MUST be added to CAS settings under setting [cas.webflow.crypto.encryption.key].>


可看到有加解密key,如果不配置的话就会随机生成,这样就造成解密TGC不通过。然后就跑到官网一顿乱搜,找到了配置信息。

application.properties文件再增加下面配置信息
###########
#cas.tgc.path=
#cas.tgc.maxAge=-1
#cas.tgc.domain=
#cas.tgc.name=TGC
#cas.tgc.secure=true
#cas.tgc.httpOnly=true
#cas.tgc.rememberMeMaxAge=1209600
cas.tgc.crypto.encryption.key=hWbbMq5UXmw1_2cpyZwOLe7xKDpd8ele9bnsCTxyvDw
cas.tgc.crypto.signing.key=tB5IaWspGdM7lEUAuaChs8LRwOoPBagR8MHyHafwmz1NMkAWTZBS-ojg3v8WbHaCkSFi9zm5tZFjFB_ayOpZQA
cas.tgc.crypto.enabled=true

##########
cas.webflow.crypto.enabled=true
cas.webflow.crypto.signing.key=vaG3YDd2_G0xKLg6M7hHm77vHofIwqtyYNrNhXI5QImc94q7N3xxu0fSoAEVZEO7a_cZNuaNfb-DKivpXbZNGw
cas.webflow.crypto.signing.keySize=512
cas.webflow.crypto.encryption.key=x9qviFJ4n_cnRHGfPy_MeQ
cas.webflow.crypto.encryption.keySize=16
cas.webflow.crypto.alg=AES


重启。再次验证,问题得到解决。

相关链接:

    https://blog.csdn.net/cn_yh/article/details/77962467

    官方:
    https://apereo.github.io/cas/5.2.x/installation/Webflow-Customization-Sessions.html
    https://apereo.github.io/cas/5.2.x/installation/Redis-Ticket-Registry.html

    学习CAS 5.x版本相关文章推荐:
    https://blog.csdn.net/u010475041/article/category/7156505
    https://blog.csdn.net/column/details/19553.html






上一条

下一条

相关新闻
自定义表单
本例固定链接: 分享到:
更多