CAS ( Central Authentication Service ) 是 Yale 大学发起的一个企业级的、开源的项目,旨在为 Web 应用系统提供一种可靠的单点登录解决方法(属于 Web SSO )。CAS集群部署首先需要考虑的是ticket票据统一存储的问题,以便于达到每个节点访问的一致性,官方虽然提供了基于memcached方式,但未提供基于Redis方式,项目中需要使用redis,因此仿照memcached方式,新建cas-server-integration-redis工程,来完成工作需求,下面本站素文宅www.yoodb.com就分享一下CAS集群部署基于Redis缓存配置,仅供大家参考学习。
主要特性,具体如下:
1)开源的、多协议的 SSO 解决方案; Protocols : Custom Protocol 、 CAS 、 OAuth 、 OpenID 、 RESTful API 、 SAML1.1 、 SAML2.0 等。
2)支持多种认证机制: Active Directory 、 JAAS 、 JDBC 、 LDAP 、 X.509 Certificates 等;
3)安全策略:使用票据( Ticket )来实现支持的认证协议;
4)支持授权:可以决定哪些服务可以请求和验证服务票据( Service Ticket );
5) 提 供高可用性:通过把认证过的状态数据存储在 TicketRegistry 组件中,这些组件有很多支持分布式环境的实现, 如: BerkleyDB 、 Default 、 EhcacheTicketRegistry 、 JDBCTicketRegistry 、 JBOSS TreeCache 、 JpaTicketRegistry 、 MemcacheTicketRegistry 等;
6)支持多种客户端: Java 、 .Net 、 PHP 、 Perl 、 Apache, uPortal 等。
1、构建cas-server-integration-redis工程
仿照cas-server-integration-memcached工程建立cas-server-integration-redis工程,pom.xml中添加redis的java客户端jar包,去掉memcached中需要的jar,最后依赖包如下:
<!-- ~ Licensed to Jasig under one or more contributor license ~ agreements. See the NOTICE file distributed with this work ~ for additional information regarding copyright ownership. ~ Jasig licenses this file to you under the Apache License, ~ Version 2.0 (the "License"); you may not use this file ~ except in compliance with the License. You may obtain a ~ copy of the License at the following location: ~ ~ http://www.apache.org/licenses/LICENSE-2.0 ~ ~ Unless required by applicable law or agreed to in writing, ~ software distributed under the License is distributed on an ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY ~ KIND, either express or implied. See the License for the ~ specific language governing permissions and limitations ~ under the License. --> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <parent> <groupId>org.jasig.cas</groupId> <artifactId>cas-server</artifactId> <version>3.5.2</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>org.jasig.cas</groupId> <artifactId>cas-server-integration-redis</artifactId> <packaging>jar</packaging> <name>Jasig CAS Redis Integration</name> <dependencies> <dependency> <groupId>org.jasig.cas</groupId> <artifactId>cas-server-core</artifactId> <version>${project.version}</version> </dependency> <dependency> <groupId>redis.clients</groupId> <artifactId>jedis</artifactId> <version>2.8.1</version> </dependency> <!-- Test dependencies --> <dependency> <groupId>org.springframework.data</groupId> <artifactId>spring-data-redis</artifactId> <version>1.7.1.RELEASE</version> </dependency> <dependency> <groupId>org.mockito</groupId> <artifactId>mockito-core</artifactId> <version>1.9.0</version> <scope>test</scope> </dependency> </dependencies> </project>
仿照MemCacheTicketRegistry.java类,定义RedisTicketRegistry.java类,此类是核心,它实现了TicketRegistry接口,具体代码如下:
public class RedisTicketRegistry extends AbstractDistributedTicketRegistry{ @NotNull private final RedisTemplate<String,Object> reidsTemplate; /** * TGT cache entry timeout in seconds. */ @Min(0) private final int tgtTimeout; /** * ST cache entry timeout in seconds. */ @Min(0) private final int stTimeout; public RedisTicketRegistry(RedisTemplate<String,Object> reidsTemplate,int tgtTimeout,int stTimeout){ this.reidsTemplate=reidsTemplate; this.tgtTimeout=tgtTimeout; this.stTimeout=stTimeout; } @Override public void addTicket(Ticket ticket) { logger.debug("Adding ticket {}", ticket); try { reidsTemplate.opsForValue().set(ticket.getId(),ticket, getTimeout(ticket), TimeUnit.SECONDS); } catch (final Exception e) { logger.error("Failed adding {}", ticket, e); } } @Override public Ticket getTicket(String ticketId) { try { final Ticket t = (Ticket) this.reidsTemplate.opsForValue().get(ticketId); if (t != null) { return getProxiedTicketInstance(t); } } catch (final Exception e) { logger.error("Failed fetching {} ", ticketId, e); } return null; } @Override public boolean deleteTicket(String ticketId) { logger.debug("Deleting ticket {}", ticketId); try { this.reidsTemplate.delete(ticketId); return true; } catch (final Exception e) { logger.error("Failed deleting {}", ticketId, e); } return false; } @Override public Collection<Ticket> getTickets() { throw new UnsupportedOperationException("GetTickets not supported."); } @Override protected void updateTicket(Ticket ticket) { logger.debug("Updating ticket {}", ticket); try { this.reidsTemplate.delete(ticket.getId()); reidsTemplate.opsForValue().set(ticket.getId(),ticket, getTimeout(ticket), TimeUnit.SECONDS); } catch (final Exception e) { logger.error("Failed updating {}", ticket, e); } } @Override protected boolean needsCallback() { // TODO Auto-generated method stub return true; } private int getTimeout(final Ticket t) { if (t instanceof TicketGrantingTicket) { return this.tgtTimeout; } else if (t instanceof ServiceTicket) { return this.stTimeout; } throw new IllegalArgumentException("Invalid ticket type"); } }
2、整合cas-server-webapp工程
修改cas-server-webapp工程中ticketRegistry.xml文件,替换掉DefaultTicketRegistry,同时注释掉ticketRegistryCleaner相关所有定义,具体如下:
<bean id="ticketRegistry" class="com.test.cas.ticket.registry.RedisTicketRegistry"> <constructor-arg index="0" ref="redisTemplate" /> <constructor-arg index="1" value="1800" /> <constructor-arg index="2" value="10" /> </bean> <bean id="poolConfig" class="redis.clients.jedis.JedisPoolConfig"> <property name="maxIdle" value="200" /> <property name="testOnBorrow" value="true" /> </bean> <bean id="connectionFactory" class="org.springframework.data.redis.connection.jedis.JedisConnectionFactory" p:host-name="127.0.0.1" p:port="6379" p:pool-config-ref="poolConfig"/> <!—host-name 服务端IP--> <bean id="redisTemplate" class="org.springframework.data.redis.core.RedisTemplate" p:connection-factory-ref="connectionFactory"> </bean>
使用Redis作为ticket票据的存储,需要将原来的配置给注释掉否则启动时报错,具体如下:
<!-- <bean id="ticketRegistry" class="org.jasig.cas.ticket.registry.DefaultTicketRegistry" /> --> <!--Quartz --> <!-- TICKET REGISTRY CLEANER --> <!-- <bean id="ticketRegistryCleaner" class="org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner" --> <!-- p:ticketRegistry-ref="ticketRegistry" /> --> <!-- <bean id="jobDetailTicketRegistryCleaner" class="org.springframework.scheduling.quartz.MethodInvokingJobDetailFactoryBean" --> <!-- p:targetObject-ref="ticketRegistryCleaner" --> <!-- p:targetMethod="clean" /> --> <!-- <bean id="triggerJobDetailTicketRegistryCleaner" class="org.springframework.scheduling.quartz.SimpleTriggerBean" --> <!-- p:jobDetail-ref="jobDetailTicketRegistryCleaner" --> <!-- p:startDelay="20000" --> <!-- p:repeatInterval="5000000" /> -->
在POM.xml中添加cas-server-integration-redis模块:
<dependency> <groupId>org.jasig.cas</groupId> <artifactId>cas-server-integration-redis</artifactId> <version>${project.version}</version> <scope>compile</scope> </dependency>
此时CAS配置完毕,启动所有相关服务器即可使用,下面说说tomcat session集群同步的问题
3、tomcat session集群同步
保证多个实例下,session中的状态以及票据存储状态,是一致的,通过网络上查找资料,实现tomcat session集群同步可以采用开源的tomcat-redis-session-manager,git hub地址为:https://github.com/jcoleman/tomcat-redis-session-manager,注意使用的JDK是JDK1.7,服务器使用的是tomcat7
1)拷贝编译打包之后的tomcat-redis-session-manager-VERSION.jar,jedis-2.7.2.jar,commons-pool2-2.2.jar到tomcat/lib目录下
2)修改Tomcat context.xml (or the context block of the server.xml if applicable.)
<Valve className="com.orangefunction.tomcat.redissessions.RedisSessionHandlerValve"/> <Manager className="com.orangefunction.tomcat.redissessions.RedisSessionManager" host="127.0.0.1" port="6379" database="0" maxInactiveInterval="1800"/>
到此为止,CAS集群部署工作完毕,欢迎大家收藏本站,有什么疑难问题,尽可留言。