一个Nginx+两个Tomcat组成的cas server集群,cas server主要配置如下:
ticketRegistry.xml文件:
<bean id="ticketDataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource"
p:driverClass="com.mysql.jdbc.Driver"
p:jdbcUrl="jdbc:mysql://localhost:7999/casticket?useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull"
p:user="root"
p:password="root"
p:initialPoolSize="6"
p:minPoolSize="6"
p:maxPoolSize="20"
p:maxIdleTimeExcessConnections="1000"
p:checkoutTimeout="2000"
p:acquireIncrement="16"
p:acquireRetryAttempts="5"
p:acquireRetryDelay="2000"
p:idleConnectionTestPeriod="30"
p:preferredTestQuery="select 1" />
<!-- Ticket Registry -->
<!-- <bean id="ticketRegistry" class="org.jasig.cas.ticket.registry.DefaultTicketRegistry"/> -->
<bean id="ticketRegistry" class="org.jasig.cas.ticket.registry.JpaTicketRegistry" />
<bean class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor"/>
<util:list id="packagesToScan">
<value>org.jasig.cas.ticket</value>
<value>org.jasig.cas.adaptors.jdbc</value>
</util:list>
<bean id="jpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter"
p:generateDdl="true"
p:showSql="true" />
<bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"
p:dataSource-ref="ticketDataSource"
p:jpaVendorAdapter-ref="jpaVendorAdapter"
p:packagesToScan-ref="packagesToScan">
<property name="persistenceUnitName" value="CasPU"/>
<property name="jpaProperties">
<props>
<prop key="hibernate.dialect">org.hibernate.dialect.MySQL5InnoDBDialect</prop>
<prop key="hibernate.hbm2ddl.auto">update</prop>
</props>
</property>
</bean>
<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager"
p:entityManagerFactory-ref="entityManagerFactory" />
<!-- 使用这个报错 -->
<!-- <tx:annotation-driven transaction-manager="transactionManager" /> -->
<tx:advice id="txRegistryAdvice" transaction-manager="transactionManager">
<tx:attributes>
<tx:method name="deleteTicket" read-only="false" />
<tx:method name="addTicket" read-only="false" />
<tx:method name="updateTicket" read-only="false" />
<tx:method name="getTicket" read-only="true" />
<tx:method name="getTickets" read-only="true" />
<tx:method name="add*" read-only="false"/>
<tx:method name="delete*" read-only="false"/>
<tx:method name="save*" read-only="false"/>
<tx:method name="update*" read-only="false"/>
<tx:method name="get*" read-only="true"/>
<tx:method name="grant*" read-only="false"/>
<tx:method name="validate*" read-only="true"/>
<tx:method name="sessionCount" read-only="true" />
<tx:method name="serviceTicketCount" read-only="true" />
</tx:attributes>
</tx:advice>
<tx:advice id="txRegistryLockingAdvice" transaction-manager="transactionManager">
<tx:attributes>
<tx:method name="getOwner" read-only="true" />
<tx:method name="acquire" read-only="false" />
<tx:method name="release" read-only="false" />
</tx:attributes>
</tx:advice>
<aop:config>
<aop:pointcut id="ticketRegistryOperations" expression="execution(* org.jasig.cas.ticket.registry.JpaTicketRegistry.(..))"/>
<aop:pointcut id="ticketRegistryLockingOperations" expression="execution( org.jasig.cas.ticket.registry.support.JpaLockingStrategy.(..))"/>
<aop:pointcut id="centralAuthenticationServiceOperations" expression="execution( org.jasig.cas.CentralAuthenticationService.(..))"/>
<aop:advisor advice-ref="txRegistryAdvice" pointcut-ref="ticketRegistryOperations"/>
<aop:advisor advice-ref="txRegistryLockingAdvice" pointcut-ref="ticketRegistryLockingOperations"/>
<aop:advisor advice-ref="txRegistryAdvice" pointcut-ref="centralAuthenticationServiceOperations"/>
</aop:config>
<!--Quartz -->
<!-- TICKET REGISTRY CLEANER -->
<bean id="cleanerLock" class="org.jasig.cas.ticket.registry.support.JpaLockingStrategy"
p:uniqueId="${host.name}"
p:applicationId="cas-ticket-registry-cleaner" />
<bean id="ticketRegistryCleaner" class="org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner"
c:centralAuthenticationService-ref="centralAuthenticationService"
c:ticketRegistry-ref="ticketRegistry"
p:lock-ref="cleanerLock"/>
<bean id="jobDetailTicketRegistryCleaner"
class="org.springframework.scheduling.quartz.MethodInvokingJobDetailFactoryBean"
p:targetObject-ref="ticketRegistryCleaner"
p:targetMethod="clean"/>
<bean id="triggerJobDetailTicketRegistryCleaner"
class="org.springframework.scheduling.quartz.SimpleTriggerFactoryBean"
p:jobDetail-ref="jobDetailTicketRegistryCleaner"
p:startDelay="20000"
p:repeatInterval="5000000"/>
Nginx.conf配置文件:
upstream cas {
server 10.0.0.8:8082 weight=1;
server 10.0.0.8:8083 weight=1;
}
server {
listen 8080;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
#proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header Referer $http_referer;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://cas;
}
两个tomcat使用memcached-session-manager实现session共享:
<Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager"
memcachedNodes="n1:localhost:11211"
sticky="false"
sessionBackupAsync="false"
lockingMode="auto"
requestUriIgnorePattern="..(ico|png|gif|jpg|css|js)$"
transcoderFactoryClass="de.javakaffee.web.msm.serializer.kryo.KryoTranscoderFactory" />
客户端SpringMVC项目web.xml文件:
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://h4:8080/cas</param-value>
</init-param>
</filter>
<!-- 该过滤器负责用户的认证工作,必须启用它 -->
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<!-- 下面的URL是Cas服务器的登录地址 -->
<param-value>http://h4:8080/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8888</param-value>
</init-param>
</filter>
<!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<!-- 下面的URL是Cas服务器的认证地址 -->
<param-value>http://h4:8080/cas</param-value><!-- /login -->
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8888</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>useSession</param-name>
<param-value>true</param-value>
</init-param>
<!--<init-param>-->
<!--<param-name>renew</param-name>-->
<!--<param-value>false</param-value>-->
<!--</init-param>-->
<!--<init-param>-->
<!--<param-name>gateway</param-name>-->
<!--<param-value>false</param-value>-->
<!--</init-param>-->
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<!--
该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。
比如AssertionHolder.getAssertion().getPrincipal().getName()。
-->
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>
<filter>
<filter-name>CasForInvokeContextFilter</filter-name>
<filter-class>javacommon.filter.LoginFilter</filter-class>
</filter>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
各个<filter-mapping>省略
客户端项目退出时报错:
2016-10-18 10:58:35,558 ERROR [org.springframework.transaction.interceptor.TransactionInterceptor] - Application exception overridden by commit exception
INVALID_TICKET
at org.jasig.cas.CentralAuthenticationServiceImpl.getTicket(CentralAuthenticationServiceImpl.java:520)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
用的4.0 没碰到这个问题INVALID_TICKET这个应该是客户端没配置好的原因 <atarget='_blank'>@JarvisZhu回复<aclass='referer'target='_blank'>@JarvisZhu:你可以发下你的配置文件您好,能不能麻烦您抽空看下我的配置文件有没有问题?或者还有哪些配置文件需要修改?能不能麻烦您抽空看下,谢谢
版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。