kawhii / sso Goto Github PK

View Code? Open in Web Editor NEW

931.0 88.0 428.0 445 KB

cas单点登录系统，其中包括cas认证服务，配置中心，监控平台，服务管理的高可用项目

Home Page: https://kawhii.github.io/sso

License: MIT License

Batchfile 11.20% Shell 2.74% Java 79.27% HTML 6.72% CSS 0.07%

sso tutorial spring-cloud cas java github spring-boot authorization oauth2 sso-login

sso's People

Contributors

Stargazers

Watchers

Forkers

rucky2013 a4208xiaojin geekspring eggbucket hackboy panjian1 louisliaoxh1989 zhanght86 qianshihua michaelbstek dreamzoom romantictravel jianchaosunny bondy123 minlingchao1 hujinxin1209 kfandroid jimlee1982 thushear line521356 cderfdsa hsj-xiaokang sky24987 huokedu yellowcong narci2010 qiush520 zanjs liononon vimx86 chengwuone jenior zhangjingpu torreszheng xp13910818313 91geek heli-boop lichengdong cherrishccl eastxiang menterleo developersunny bowenchaoyue cxcco luzhu123 qiankunshe chenshijun007 eamonsec eatongliu zjblog hard-stone zzms roonyli fokinghsu getwingm itnerd clearripples vincent2015 longxian435 axin3651688 songyang666 grissomsh xiaochao321 zhaoxnshow andrew8981 noahsarkzhang-ts dwj1979 ityc xdwangln fingerchou wj1369884616 uuace webvul deanwei 347154468 looser098 ht333 spring110 zhangzh56 csy512889371 sunboyoung fullyfang yanhaizhe gandophsmida gemni sky-silence dukexia honestyallan sixd chyuch-github liaotuo syangunique wujianming wjm0729 zll0222 ulimit65535 lucklarry zhldt2008 zknyy soxueren

sso's Issues

关于使用Pac4j集成shiro cas,需要过滤一些不需要登录的路径，需要怎么实现

自定义属性存放

Audit Events https://apereo.github.io/cas/5.1.x/installation/Audits.html

登录时传入部分信息，登录成功需要记录相关信息
ip信息，传入参数信息

1.3.1文档补充

新增博客教程，包括

shiro的配置方案
rest的配置方案
rest client的注意事项

.\build.cmd init

[INFO] -------------------------------------------------------------
[ERROR] COMPILATION ERROR :
[INFO] -------------------------------------------------------------
[ERROR] No compiler is provided in this environment. Perhaps you are running on a JRE rather than a JDK?
[INFO] 1 error
[INFO] -------------------------------------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] sso-spring-dependencies ............................ SUCCESS [  0.402 s]
[INFO] sso-support ........................................ SUCCESS [  0.035 s]
[INFO] sso-support-custom-auth ............................ FAILURE [  1.914 s]
[INFO] sso-support-single-login ........................... SKIPPED
[INFO] sso-support-captcha ................................ SKIPPED
[INFO] sso ................................................ SKIPPED
[INFO] sso-server ......................................... SKIPPED
[INFO] sso-config ......................................... SKIPPED
[INFO] sso-management ..................................... SKIPPED
[INFO] sso-client-demo .................................... SKIPPED
[INFO] sso-cas-client-demo ................................ SKIPPED
[INFO] sso-client-shiro-demo .............................. SKIPPED
[INFO] sso-client-proxy-demo .............................. SKIPPED
[INFO] sso-support-validate ............................... SKIPPED
[INFO] sso-monitor ........................................ SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 3.245 s
[INFO] Finished at: 2017-12-18T17:57:15+08:00
[INFO] Final Memory: 41M/452M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.1:compile (default-compile) on project sso-support-custom-auth: Compilation failure
[ERROR] No compiler is provided in this environment. Perhaps you are running on a JRE rather than a JDK?
[ERROR]
[ERROR] -> [Help 1]

文档补充

嵌入式数据库问题，cas的默认数据库问题
嵌入数据库开发时需要注意的问题，默认是cas-hsql-database
提供mysql的版本说明

remember me功能

#记住我功能
cas.ticket.tgt.rememberMe.enabled = true
cas.ticket.tgt.rememberMe.timeToKillInSeconds = 28800
记住我功能开启，但是不生效问题

关于jwt执行完成后登陆shiro的问题

我在配置中增加了jwt的client,SecurityFilter执行完成client后,是在哪里进行登陆shiro的,我计划改造shiro为stateless,无法下手.希望能提供具体的位置,万分感谢

密码管理功能教程

根据文档跑通正常流程
输出教程到CSDN

打开重置密码
发送邮件
打开链接
回答问题
修改密码

调用单点注销地址，能否注销掉业务系统的session?

麻烦问下，我直接调用单点的注销地址（https://*****/cas/logout），能否有办法注销掉业务系统的session?我发现如果业务系统的session不注销，仍然会进入业务系统。

验证码支持

支撑验证码

访问输出验证码
支撑验证码库更换
支持接口获取校验码
支持接口校验码自动删除

关于问题报告

当您有需求或者遇到棘手的问题甚至项目无法启动时，请打开博客看是否能找到解决方案

提出问题

需求

提出需求时请囊括以下要素：

业务场景
在使用的过程中，我发现，在配置业务系统的登出url时，默认时通过Post请求发送的，我在想，是否可以修改这个发送的请求方法，比如修改成Get请求
目前使用sso情况
正在学习
是否对外开放
否
Cas版本
5.1.6
集成客户端SDK(pac4j/cas-client)
pac4j/cas-client

HSQLDB数据库认证

HSQLDB文件数据库存储在sso-server进行加载用户数据
密码策略为MD5+盐进行测试
新增单元测试对数据库进行测试

HDSQL集成验证，数据初始化用sql文件，并且存在内存

系统间安全

测试环境需要增加以下安全

cas服务仪表增加用户鉴权
admin-server接入用户鉴权
admin-server登录授权

看到blog里面有配置jwt的，没有明白jwt client为什么要注入到cas里面，按照理解jwt无非就是将cas的结果（casRestFormClient）生成token 返回到用户端

关于问题报告

当您有需求或者遇到棘手的问题甚至项目无法启动时，请打开博客看是否能找到解决方案

提出问题

需求

提出需求时请囊括以下要素：

业务场景
目前使用sso情况
是否对外开放
Cas版本
集成客户端SDK(pac4j/cas-client)

Bug

若是bug问题，请包括以下要素：

bug出现场景
配置文件源码
Cas版本
bug紧急情况

加入自定义认证后，任一用户名可登陆

加入自定义认证后，任一用户名可登陆
我去掉了改判断
if ("admin".equals(sysCredential.getUsername())){// && "sso".equals(sysCredential.getSystem())) {

QQ登录集成

http://wiki.connect.qq.com/%E5%BC%80%E5%8F%91%E6%94%BB%E7%95%A5_server-side

由于qq登录是返回json而目前cas不支持改方式配置需要做一些特殊的处理

Docker构建

项目支持Docker构建，上传到docker hub

各服务可以配置指定端口进行访问
package之后采用Dockerfile进行build
自定义端口
发布到docker hub

初始化ValidateWebflowConfiguation时出现空指针异常

java.lang.NullPointerException: null
        at org.apereo.cas.web.flow.AbstractCasWebflowConfigurer.initialize(AbstractCasWebflowConfigurer.java:116) ~[cas-server-core-webflow-5.1.5.jar!/:5.1.5]
        at com.carl.sso.support.captcha.config.ValidateWebflowConfiguation.validateWebflowConfigurer(ValidateWebflowConfiguation.java:60) ~[sso-support-captcha-1.6.0-RC4-SNAPSHOT.jar!/:1.6.0-RC4-SNAPSHOT]
        at com.carl.sso.support.captcha.config.ValidateWebflowConfiguation$$EnhancerBySpringCGLIB$$bf33f3ec.CGLIB$validateWebflowConfigurer$2(<generated>) ~[sso-support-captcha-1.6.0-RC4-SNAPSHOT.jar!/:1.6.0-RC4-SNAPSHOT]
        at com.carl.sso.support.captcha.config.ValidateWebflowConfiguation$$EnhancerBySpringCGLIB$$bf33f3ec$$FastClassBySpringCGLIB$$ae0bdbcb.invoke(<generated>) ~[sso-support-captcha-1.6.0-RC4-SNAPSHOT.jar!/:1.6.0-RC4-SNAPSHOT]

        at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228) ~[spring-core-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:358) ~[spring-context-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at com.carl.sso.support.captcha.config.ValidateWebflowConfiguation$$EnhancerBySpringCGLIB$$bf33f3ec.validateWebflowConfigurer(<generated>) ~[sso-support-captcha-1.6.0-RC4-SNAPSHOT.jar!/:1.6.0-RC4-SNAPSHOT]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_144]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_144]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_144]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_144]
        at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162) ~[spring-beans-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588) ~[spring-beans-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1173) ~[spring-beans-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1067) ~[spring-beans-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:513) ~[spring-beans-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483) ~[spring-beans-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at org.springframework.beans.factory.support.AbstractBeanFactory$2.getObject(AbstractBeanFactory.java:345) ~[spring-beans-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at org.springframework.cloud.context.scope.GenericScope$BeanLifecycleWrapper.getBean(GenericScope.java:359) ~[spring-cloud-context-1.2.0.RELEASE.jar!/:1.2.0.RELEASE]
        at org.springframework.cloud.context.scope.GenericScope.get(GenericScope.java:176) ~[spring-cloud-context-1.2.0.RELEASE.jar!/:1.2.0.RELEASE]
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:340) ~[spring-beans-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) ~[spring-beans-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1078) ~[spring-context-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at org.springframework.cloud.context.scope.refresh.RefreshScope.start(RefreshScope.java:121) ~[spring-cloud-context-1.2.0.RELEASE.jar!/:1.2.0.RELEASE]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_144]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_144]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_144]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_144]
        at org.springframework.context.event.ApplicationListenerMethodAdapter.doInvoke(ApplicationListenerMethodAdapter.java:256) ~[spring-context-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at org.springframework.context.event.ApplicationListenerMethodAdapter.processEvent(ApplicationListenerMethodAdapter.java:177) ~[spring-context-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at org.springframework.context.event.ApplicationListenerMethodAdapter.onApplicationEvent(ApplicationListenerMethodAdapter.java:140) ~[spring-context-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172) ~[spring-context-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165) ~[spring-context-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139) ~[spring-context-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:393) ~[spring-context-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:347) ~[spring-context-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:883) ~[spring-context-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.finishRefresh(EmbeddedWebApplicationContext.java:144) ~[spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE]
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:546) ~[spring-context-4.3.11.RELEASE.jar!/:4.3.11.RELEASE]
        at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:122) ~[spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE]
        at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:737) ~[spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE]
        at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:370) ~[spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE]
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:314) ~[spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE]
        at org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:134) ~[spring-boot-1.5.3.RELEASE.jar!/:1.5.3.RELEASE]
        at org.apereo.cas.web.CasWebApplication.main(CasWebApplication.java:77) ~[cas-server-webapp-init-5.1.5.jar!/:5.1.5]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_144]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_144]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_144]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_144]
        at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) ~[cas.war:5.1.5]
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) ~[cas.war:5.1.5]
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) ~[cas.war:5.1.5]
        at org.springframework.boot.loader.WarLauncher.main(WarLauncher.java:59) ~[cas.war:5.1.5]
2017-11-06 13:28:05,430 ERROR [org.apereo.cas.web.flow.AbstractCasWebflowConfigurer] - <null>
java.lang.NullPointerException: null

还是AuthenticationHandler的顺序问题

我这里只是改了下数据库为mysql,测试时发现先到QueryDatabaseAuthenticationHandler去验证，通过了就没有到UsernamePasswordSystemAuthenticationHandler，这是正常的吗？

验证码

将验证码添加到loginform，会显示图片，但是不会验证，空或者错误，正确。均不会拦截。

关于密码修改发送邮件的问题

按照博客上的配置配置好后，无法接收到邮件。
把发送邮箱改成我自己的邮箱后也不行。
请您看到后，帮我解决下可以吗？

登录A系统后，如果A系统页面中访问B系统的接口，接着展示B系统的图片，地址会变成https://**/cas/login?service=https://

登录A系统后，如果A系统页面中访问B系统的接口，接着展示B系统的图片，地址会变成类似于下面的连接
https://****/cas/login?service=https://*****/bas/attach/download/download.do?id=1246
只有浏览器访问过B系统一次之后，才能正常访问，麻烦问下这是怎么回事？

验证模块接口说明文档

信息发送者ISender（主导发送信息对象，例如发送校验码到手机，发送到邮箱）
信息存储IStore（负责存储发送者发出的信息）
信息生成器InformativeGenerator（负责生成发送者需要发送的信息）
信息校验器IValidator（负责对数据进行校验）

流程

信息生成器负责生成数据提供给信息发送者
发送成功保存
校验成功删除

配置

#验证码发送邮箱
sso.validate.mail.enable=true
sso.validate.mail.from=${spring.mail.username}
sso.validate.mail.content=统一门户注册验证码为：%s
sso.validate.mail.subject=统一门户注册

程序发送

@Autowired
private DefaultValidateService validateService;

//验证
@PostMapping
public String registry(Model model, HttpServletRequest request, @Valid RegistryInfoVo registryInfoVo) {
        ValidateResult result = validateService.validate(
                new MailValidateCredential(request.getSession().getId(), registryInfoVo.getEmail(),
                        "registry", registryInfoVo.getValidateCode()));
    if (result == ValidateResult.FAIL) {
        model.addAttribute("validateError", "验证码错误");
    } else if (result == ValidateResult.EXPIRED) {
        model.addAttribute("validateError", "验证码已过期");
    }
    return "registryView";
}


//发送
validateService.send(new MailCredential(request.getSession().getId(), mail, "registry"));

sso-management 模块启动后访问一直返回404页面

问题

按照博客文章 http://blog.csdn.net/u010475041/article/details/78028658 所描述，直接利用工程里面的代码，编译后启动，弹出浏览器后访问报错,一直没法正常使用sso-management
启动顺序
sso-config
sso-server
sso-management

启动完最后一个模块，弹出浏览器，直接定向到地址 http://passport.sso.com:8443/cas/login?service=http%3A%2F%2Flocalhost%3A8081%2Fmanage.html
返回的是404页面

直接访问 http://localhost:8081/cas-management 也是返回此404页面

环境参数
CAS Version: 5.1.6
CAS Commit Id: d10c36f0e326e911082bebe74d288c1af9b946ae
CAS Build Date/Time: 2017-11-19T14:01:38Z
Spring Boot Version: 1.5.3.RELEASE

System Date/Time: 2018-01-05T20:26:00.232
System Temp Directory: /data/apps/opt/tomcat88/temp

Java Home: /Library/Java/JavaVirtualMachines/jdk1.8.0_77.jdk/Contents/Home/jre
Java Vendor: Oracle Corporation
Java Version: 1.8.0_77
JCE Installed: no

OS Architecture: x86_64
OS Name: Mac OS X
OS Version: 10.12.6

求助博主

请教一个问题，测试了下自定义认证UsernamePasswordSystemAuthenticationHandler会在QueryDatabaseAuthenticationHandler 之后，这样的话如果QueryDatabaseAuthenticationHandler 验证通过，就不会到UsernamePasswordSystemAuthenticationHandler 这个有办法处理吗？

自定义登录失败多次出现图形校验码

cas 5.1.4 使用自定义登录认证和和自定义credential的时候怎么做到，当用户连续三次登录失败的时候出现图形校验码或者短信验证码？

kawhii / sso Goto Github PK

sso's People

Contributors

Stargazers

Watchers

Forkers

sso's Issues

.\build.cmd init

关于问题报告

提出问题

需求

关于问题报告

提出问题

需求

Bug

验证模块接口说明文档

流程

配置

程序发送

问题

System Date/Time: 2018-01-05T20:26:00.232 System Temp Directory: /data/apps/opt/tomcat88/temp

Java Home: /Library/Java/JavaVirtualMachines/jdk1.8.0_77.jdk/Contents/Home/jre Java Vendor: Oracle Corporation Java Version: 1.8.0_77 JCE Installed: no

OS Architecture: x86_64 OS Name: Mac OS X OS Version: 10.12.6

Recommend Projects

Recommend Topics

Recommend Org

Jobs

System Date/Time: 2018-01-05T20:26:00.232
System Temp Directory: /data/apps/opt/tomcat88/temp

Java Home: /Library/Java/JavaVirtualMachines/jdk1.8.0_77.jdk/Contents/Home/jre
Java Vendor: Oracle Corporation
Java Version: 1.8.0_77
JCE Installed: no

OS Architecture: x86_64
OS Name: Mac OS X
OS Version: 10.12.6