cas 4.2.7 和 Nginx 整合遇到的問題登入一會可以一會不可以

阿新 • • 發佈：2019-01-06

cas與Nginx整合遇到了登入成功後又自動退出，一刷新發現又登入成功的，在重新整理還是未登入，不是很穩定，剛剛開始以為是瀏覽器快取了登入頁面的html沒有去請求後臺，經過除錯發現還請求了後臺，最後吧cas的日誌開啟，發現了問題所在。

經過Nginx代理後，request.getremoteaddr 方法經過Nginx代理後變成了127.0.0.1 而不是真實的ip，cas有一個校驗，如果發現下發cookie的時候，和這個ip不一致則會報一個錯誤。

解決方案：通過

request.getHeader("x-forwarded-for"); 方式獲取真實ip

一下是修改好的類，直接編譯下就可以使用了

package org.jasig.cas.web.support;

import org.apache.commons.lang3.StringUtils;
import org.jasig.cas.CipherExecutor;
import org.jasig.cas.util.NoOpCipherExecutor;
import org.jasig.cas.web.support.CookieValueManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;

/**
 * The {@link DefaultCasCookieValueManager} is responsible creating
 * the CAS SSO sookie and encrypting and signing its value.
 *
 * @author Misagh Moayyed
 * @since 4.1
 */
@Component("defaultCookieValueManager")
public final class DefaultCasCookieValueManager implements CookieValueManager {
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultCasCookieValueManager.class);
    private static final char COOKIE_FIELD_SEPARATOR = '@';
    private static final int COOKIE_FIELDS_LENGTH = 3;

    /** The cipher exec that is responsible for encryption and signing of the cookie. */
    private final CipherExecutor<String, String> cipherExecutor;

    /**
     * Instantiates a new Cas cookie value manager.
     * Set the default cipher to do absolutely  nothing.
     */
    public DefaultCasCookieValueManager() {
        this(new NoOpCipherExecutor());
    }

    /**
     * Instantiates a new Cas cookie value manager.
     *
     * @param cipherExecutor the cipher executor
     */
    @Autowired
    public DefaultCasCookieValueManager(@Qualifier("defaultCookieCipherExecutor")
                                            final CipherExecutor<String, String> cipherExecutor) {
        this.cipherExecutor = cipherExecutor;
        LOGGER.debug("Using cipher [{} to encrypt and decode the cookie",
                this.cipherExecutor.getClass());
    }

    @Override
    public String buildCookieValue(final String givenCookieValue, final HttpServletRequest request) {
        final StringBuilder builder = new StringBuilder(givenCookieValue);

        //final String remoteAddr = request.getRemoteAddr();
        final  String remoteAddr = request.getHeader("x-forwarded-for");
        if (StringUtils.isBlank(remoteAddr)) {
            throw new IllegalStateException("Request does not specify a remote address");
        }
        builder.append(COOKIE_FIELD_SEPARATOR);
        builder.append(remoteAddr);

        final String userAgent = request.getHeader("user-agent");
        if (StringUtils.isBlank(userAgent)) {
            throw new IllegalStateException("Request does not specify a user-agent");
        }
        builder.append(COOKIE_FIELD_SEPARATOR);
        builder.append(userAgent);

        final String res = builder.toString();
        LOGGER.debug("Encoding cookie value [{}]", res);
        return this.cipherExecutor.encode(res);
    }

    @Override
    public String obtainCookieValue(final Cookie cookie, final HttpServletRequest request) {
        final String cookieValue = this.cipherExecutor.decode(cookie.getValue());
        LOGGER.debug("Decoded cookie value is [{}]", cookieValue);
        if (StringUtils.isBlank(cookieValue)) {
            LOGGER.debug("Retrieved decoded cookie value is blank. Failed to decode cookie [{}]", cookie.getName());
            return null;
        }

        final String[] cookieParts = cookieValue.split(String.valueOf(COOKIE_FIELD_SEPARATOR));
        if (cookieParts.length != COOKIE_FIELDS_LENGTH) {
            throw new IllegalStateException("Invalid cookie. Required fields are missing");
        }
        final String value = cookieParts[0];
        final String remoteAddr = cookieParts[1];
        final String userAgent = cookieParts[2];

        if (StringUtils.isBlank(value) || StringUtils.isBlank(remoteAddr)
                || StringUtils.isBlank(userAgent)) {
            throw new IllegalStateException("Invalid cookie. Required fields are empty");
        }
        String clientRemoteAddr = request.getHeader("x-forwarded-for");
        if (!remoteAddr.equals(clientRemoteAddr)) {
            throw new IllegalStateException("Invalid cookie. Required remote address does not match "
                    + clientRemoteAddr);
        }

        if (!userAgent.equals(request.getHeader("user-agent"))) {
            throw new IllegalStateException("Invalid cookie. Required user-agent does not match "
                    + request.getHeader("user-agent"));
        }
        return value;
    }
}

cas 4.2.7 和 Nginx 整合遇到的問題登入一會可以一會不可以

cas 4.2.7 和 Nginx 整合遇到的問題登入一會可以一會不可以

cas 4.2.7 和 Nginx 整合遇到的問題登入一會可以一會不可以

cas server (4.2.7) 新增驗證碼

CAS overlay template 4.2.7 獲取除使用者名稱外其他資訊遇到的問題

CAS單點登入系列之極速入門於實戰教程(4.2.7)

CAS單點登入系列之極速入門與實戰教程(4.2.7)

windows 10 python 2.7和python3.6共存解決方法和pip安裝

Ext3 Functhion擴展的5個實例方法 p135 4.2.7.6

CentOS 7 下 PHP 7，MySQL 5.7 和 Nginx 1.8 的安裝與配置（實用）

易學筆記-go語言-第4章：基本結構和基本資料型別/4.4 變數/4.4.2 宣告和賦值語句結合

第二章排版 2.4-2.7強調內容

cas-4.1.7自定義登入介面修改，為不同的服務指定不同的主題、國際化

spring boot 1.4.2.RELEASE+Thymeleaf+mybatis 整合通用maper，與分頁外掛：

初學Python之一：Python的安裝2.7和3.6的安裝和解除安裝

Windows中Python 2.7和Python 3.5相容性問題及對應pip使用方法

Python 2.7和NLTK安裝教程

Mac OSX 正確地同時安裝Python 2.7 和Python3

Hibernate Validator5.4.2--宣告和驗證方法約束

python 除法 /與//在2.7和3.版本的區別

*《精通Windows API》 5.4.2 分配和釋放可讀可寫的虛擬記憶體頁面

cas 4.2.7 和 Nginx 整合遇到的問題 登入一會可以一會不可以

相關推薦

cas 4.2.7 和 Nginx 整合遇到的問題登入一會可以一會不可以