回顾:上章我们简单介绍了服务端的目录结构。现在来介绍目录结构的第一部分 sso-config
一.看一下目录结构
1.这里面先重点关注两个文件 cas-management-dev.properties和sso-dev.properties
我分别贴一下两个文件的代码
cas-management-dev.properties:
#
# 版权所有.(c)2008-2017. 卡尔科技工作室
#
##
# CAS Thymeleaf Views
#
spring.thymeleaf.cache=false
spring.thymeleaf.mode=HTML
##
# Embedded CAS Tomcat Container
#
server.context-path=/cas-management
server.port=8081
#
# CAS 动态认证管理开始
#
cas.server.name=https://passport.sso.com:8443/cas
cas.server.prefix=${cas.server.name}
cas.mgmt.serverName=http://passport.sso.com:8081
# 静态管理认证开始
#通过sso登录后的用户,必须存在该文件下,否则无法登录,当然这些用户可以通过ldap进行动态管理
cas.mgmt.userPropertiesFile=classpath:/user-details.properties
cas.mgmt.defaultLocale=zh_CN
# 静态管理认证结束
##
# CAS Web Application Config
#
server.session.timeout=1800
server.session.cookie.http-only=true
server.session.tracking-modes=COOKIE
##
# CAS Cloud Bus Configuration
# Please leave spring.cloud.bus.enabled set to false
#
spring.cloud.bus.enabled=false
##
# Actuator Endpoint Security Defaults
#
endpoints.enabled=true
endpoints.actuator.enabled=true
#cas.serviceRegistry.jpa.healthQuery=SELECT 1 FROM INFORMATION_SCHEMA.SYSTEM_USERS
#cas.serviceRegistry.jpa.isolateInternalQueries=false
cas.serviceRegistry.jpa.url=jdbc:mysql://127.0.0.1:3306/sso
cas.serviceRegistry.jpa.failFast=true
cas.serviceRegistry.jpa.dialect=org.hibernate.dialect.MySQL5Dialect
cas.serviceRegistry.jpa.leakThreshold=10
cas.serviceRegistry.jpa.batchSize=1
cas.serviceRegistry.jpa.defaultCatalog=
cas.serviceRegistry.jpa.defaultSchema=
cas.serviceRegistry.jpa.user=root
cas.serviceRegistry.jpa.ddlAuto=create-drop
cas.serviceRegistry.jpa.password=root
cas.serviceRegistry.jpa.autocommit=true
cas.serviceRegistry.jpa.driverClass=com.mysql.jdbc.Driver
cas.serviceRegistry.jpa.idleTimeout=5000
cas.serviceRegistry.jpa.pool.suspension=false
cas.serviceRegistry.jpa.pool.minSize=6
cas.serviceRegistry.jpa.pool.maxSize=18
cas.serviceRegistry.jpa.pool.maxIdleTime=1000
cas.serviceRegistry.jpa.pool.maxWait=2000
management.security.enabled=false
#tomcat配置
server.max-http-header-size=2097152
server.use-forward-headers=true
server.connection-timeout=20000
server.error.include-stacktrace=ALWAYS
server.tomcat.max-http-post-size=2097152
server.tomcat.basedir=build/tomcat
server.tomcat.accesslog.enabled=true
server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms)
server.tomcat.accesslog.suffix=.log
server.tomcat.max-threads=10
server.tomcat.port-header=X-Forwarded-Port
server.tomcat.protocol-header=X-Forwarded-Proto
server.tomcat.protocol-header-https-value=https
server.tomcat.remote-ip-header=X-FORWARDED-FOR
server.tomcat.uri-encoding=UTF-8
spring.http.encoding.charset=UTF-8
spring.http.encoding.enabled=true
spring.http.encoding.force=true
sso-dev.properties
#
# 版权所有.(c)2008-2017. 卡尔科技工作室
#
##
# CAS Server Context Configuration
#
server.context-path=/cas
server.port=8443
#SSL配置
server.ssl.enabled=true
server.ssl.key-store=classpath:tomcat.keystore
server.ssl.key-store-password=123456
server.ssl.keyAlias=passport.sso.com
#SSL配置
server.max-http-header-size=2097152
server.use-forward-headers=true
server.connection-timeout=20000
server.error.include-stacktrace=NEVER
server.tomcat.max-http-post-size=2097152
server.tomcat.basedir=build/tomcat
server.tomcat.accesslog.enabled=true
server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms)
server.tomcat.accesslog.suffix=.log
server.tomcat.max-threads=10
server.tomcat.port-header=X-Forwarded-Port
server.tomcat.protocol-header=X-Forwarded-Proto
server.tomcat.protocol-header-https-value=https
server.tomcat.remote-ip-header=X-FORWARDED-FOR
server.tomcat.uri-encoding=UTF-8
spring.http.encoding.charset=UTF-8
spring.http.encoding.enabled=true
spring.http.encoding.force=true
cas.server.name=https://passport.sso.com:${server.port}${server.context-path}
cas.server.prefix=${cas.server.name}
##
# CAS Cloud Bus Configuration
#
spring.cloud.bus.enabled=false
##
# CAS Web Application Session Configuration
#
server.session.timeout=300
server.session.cookie.http-only=true
server.session.tracking-modes=COOKIE
##
# CAS Thymeleaf View Configuration
#
spring.thymeleaf.encoding=UTF-8
spring.thymeleaf.cache=true
spring.thymeleaf.mode=HTML
##
# CAS Log4j Configuration
#
# logging.config=file:/etc/cas/log4j2.xml
server.context-parameters.isLog4jAutoInitializationDisabled=true
##
# CAS AspectJ Configuration
#
spring.aop.auto=true
spring.aop.proxy-target-class=true
##
# CAS Authentication Credentials
#
#cas.authn.accept.users=casuser::Mellon
# 不允许静态用户
staticAuthentication=false
cas.serviceRegistry.initFromJson=true
#Query Database Authentication 数据库查询校验用户名开始
#查询账号密码sql,必须包含密码字段
cas.authn.jdbc.query[0].sql=select * from sys_user where username=?
#指定上面的sql查询字段名(必须)
cas.authn.jdbc.query[0].fieldPassword=password
#指定过期字段,1为过期,若过期不可用
cas.authn.jdbc.query[0].fieldExpired=expired
#为不可用字段段,1为不可用,需要修改密码
cas.authn.jdbc.query[0].fieldDisabled=disabled
#数据库方言hibernate的知识
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect
#数据库驱动
cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver
#数据库连接
cas.authn.jdbc.query[0].url=jdbc:mysql://127.0.0.1:3306/sso
#数据库用户名
cas.authn.jdbc.query[0].user=root
#数据库密码
cas.authn.jdbc.query[0].password=root
#默认加密策略,通过encodingAlgorithm来指定算法,默认NONE不加密
cas.authn.jdbc.query[0].passwordEncoder.type=DEFAULT
#cas.authn.jdbc.query[0].passwordEncoder.type=org.springframework.security.authentication.encoding.Md5PasswordEncoder
cas.authn.jdbc.query[0].passwordEncoder.characterEncoding=UTF-8
cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=MD5
#Query Database Authentication 数据库查询校验用户名结束
#Encode Database Authentication 开始
#加密次数
cas.authn.jdbc.encode[0].numberOfIterations=2
#该列名的值可替代上面的值,但对密码加密时必须取该值进行处理
cas.authn.jdbc.encode[0].numberOfIterationsFieldName=
# 盐值固定列
cas.authn.jdbc.encode[0].saltFieldName=username
#静态盐值
cas.authn.jdbc.encode[0].staticSalt=.
cas.authn.jdbc.encode[0].sql=select * from sys_user_encode where username=?
#对处理盐值后的算法
cas.authn.jdbc.encode[0].algorithmName=MD5
cas.authn.jdbc.encode[0].passwordFieldName=${cas.authn.jdbc.query[0].fieldPassword}
cas.authn.jdbc.encode[0].expiredFieldName=${cas.authn.jdbc.query[0].fieldExpired}
cas.authn.jdbc.encode[0].disabledFieldName=${cas.authn.jdbc.query[0].fieldDisabled}
cas.authn.jdbc.encode[0].url=${cas.authn.jdbc.query[0].url}
cas.authn.jdbc.encode[0].dialect=${cas.authn.jdbc.query[0].dialect}
cas.authn.jdbc.encode[0].user=${cas.authn.jdbc.query[0].user}
cas.authn.jdbc.encode[0].password=${cas.authn.jdbc.query[0].password}
cas.authn.jdbc.encode[0].driverClass=${cas.authn.jdbc.query[0].driverClass}
#Encode Database Authentication 结束
#密码管理 开始
#允许内置密码管理
cas.authn.pm.enabled=true
#重置信息 https://apereo.github.io/cas/5.1.x/installation/Configuration-Properties.html#password-management
cas.authn.pm.reset.from=${spring.mail.username}
#发送邮件标题
cas.authn.pm.reset.subject=SSO DEMO 重置密码
#邮件内容,必须要有%s,因为会生成一个连接并且带了token,否则无法打开链接,当然这个链接也和cas.server.prefix有关系
cas.authn.pm.reset.text=打开以下链接重置您的密码(SSO-DEMO): %s
#token失效分钟数
cas.authn.pm.reset.expirationMinutes=10
cas.authn.pm.reset.emailAttribute=mail
#是否开启问题回答
cas.authn.pm.reset.securityQuestionsEnabled=true
#新密码必须匹配表达式
cas.authn.pm.policyPattern=\\d{3,10}
#发送邮件
spring.mail.host=smtp.qq.com
spring.mail.port=465
#邮箱用户名
[email protected]
#邮箱授权码
spring.mail.password=judnarjvmhsfbdji
spring.mail.testConnection=false
spring.mail.properties.mail.smtp.auth=true
#必须ssl
spring.mail.properties.mail.smtp.ssl.enable=true
#邮箱查找
#根据用户名查找问题
cas.authn.pm.jdbc.sqlSecurityQuestions=select question, answer from sys_user_question where username=?
#根据用户名查找邮箱
cas.authn.pm.jdbc.sqlFindEmail=select email from sys_user where username=?
#修改密码
cas.authn.pm.jdbc.sqlChangePassword=update sys_user set password=? where username=?
cas.authn.pm.jdbc.url=${cas.authn.jdbc.query[0].url}
cas.authn.pm.jdbc.user=${cas.authn.jdbc.query[0].user}
cas.authn.pm.jdbc.password=${cas.authn.jdbc.query[0].password}
cas.authn.pm.jdbc.dialect=${cas.authn.jdbc.query[0].dialect}
cas.authn.pm.jdbc.driverClass=${cas.authn.jdbc.query[0].driverClass}
#密码修改加密规则,这个必须要和原始密码加密规则一致
cas.authn.pm.jdbc.passwordEncoder.type=${cas.authn.jdbc.query[0].passwordEncoder.type}
cas.authn.pm.jdbc.passwordEncoder.characterEncoding=${cas.authn.jdbc.query[0].passwordEncoder.characterEncoding}
cas.authn.pm.jdbc.passwordEncoder.encodingAlgorithm=${cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm}
cas.authn.pm.jdbc.passwordEncoder.secret=${cas.authn.jdbc.query[0].passwordEncoder.secret}
#默认是false,不会提交update语句
cas.authn.pm.jdbc.autocommit=true
#密码管理 结束
#MongoDb配置(客户端持久化)开始
# cas.serviceRegistry.jpa.healthQuery=SELECT 1 FROM INFORMATION_SCHEMA.SYSTEM_USERS
# cas.serviceRegistry.jpa.isolateInternalQueries=false
cas.serviceRegistry.jpa.url=jdbc:mysql://127.0.0.1:3306/sso
cas.serviceRegistry.jpa.failFast=true
cas.serviceRegistry.jpa.dialect=org.hibernate.dialect.MySQL5Dialect
cas.serviceRegistry.jpa.leakThreshold=10
cas.serviceRegistry.jpa.batchSize=1
cas.serviceRegistry.jpa.defaultCatalog=
cas.serviceRegistry.jpa.defaultSchema=
cas.serviceRegistry.jpa.user=root
cas.serviceRegistry.jpa.ddlAuto=create-drop
cas.serviceRegistry.jpa.password=root
cas.serviceRegistry.jpa.autocommit=true
cas.serviceRegistry.jpa.driverClass=com.mysql.jdbc.Driver
cas.serviceRegistry.jpa.idleTimeout=5000
cas.serviceRegistry.jpa.pool.suspension=false
cas.serviceRegistry.jpa.pool.minSize=6
cas.serviceRegistry.jpa.pool.maxSize=18
cas.serviceRegistry.jpa.pool.maxIdleTime=1000
cas.serviceRegistry.jpa.pool.maxWait=2000
#MongoDb配置(客户端持久化)结束
# cas 自带监控
management.security.enabled=false
management.context-path=/status
management.add-application-context-header=false
security.basic.authorize-mode=role
security.basic.enabled=false
cas.adminPagesSecurity.ip=.*
endpoints.sensitive=false
endpoints.enabled=true
endpoints.restart.enabled=true
endpoints.shutdown.enabled=true
endpoints.autoconfig.enabled=true
endpoints.beans.enabled=true
endpoints.bus.enabled=true
endpoints.configprops.enabled=true
endpoints.dump.enabled=true
endpoints.env.enabled=true
endpoints.health.enabled=true
endpoints.features.enabled=true
endpoints.info.enabled=true
endpoints.loggers.enabled=true
endpoints.logfile.enabled=true
endpoints.trace.enabled=true
endpoints.docs.enabled=true
endpoints.heapdump.enabled=true
cas.monitor.endpoints.enabled=true
cas.monitor.endpoints.sensitive=false
cas.monitor.endpoints.dashboard.enabled=true
cas.monitor.endpoints.dashboard.sensitive=false
cas.monitor.endpoints.auditEvents.enabled=true
cas.monitor.endpoints.auditEvents.sensitive=false
cas.monitor.endpoints.authenticationEvents.enabled=true
cas.monitor.endpoints.authenticationEvents.sensitive=false
cas.monitor.endpoints.configurationState.enabled=true
cas.monitor.endpoints.configurationState.sensitive=false
cas.monitor.endpoints.healthCheck.enabled=true
cas.monitor.endpoints.healthCheck.sensitive=false
cas.monitor.endpoints.loggingConfig.enabled=true
cas.monitor.endpoints.loggingConfig.sensitive=false
cas.monitor.endpoints.metrics.enabled=true
cas.monitor.endpoints.metrics.sensitive=false
cas.monitor.endpoints.attributeResolution.enabled=true
cas.monitor.endpoints.attributeResolution.sensitive=false
cas.monitor.endpoints.singleSignOnReport.enabled=true
cas.monitor.endpoints.singleSignOnReport.sensitive=false
cas.monitor.endpoints.statistics.enabled=true
cas.monitor.endpoints.statistics.sensitive=false
cas.monitor.endpoints.trustedDevices.enabled=true
cas.monitor.endpoints.trustedDevices.sensitive=false
cas.monitor.endpoints.status.enabled=true
cas.monitor.endpoints.status.sensitive=false
cas.monitor.endpoints.singleSignOnStatus.enabled=true
cas.monitor.endpoints.singleSignOnStatus.sensitive=false
cas.monitor.endpoints.springWebflowReport.enabled=true
cas.monitor.endpoints.springWebflowReport.sensitive=false
# 监控系统结束
## 多属性返回开始
###单行
cas.authn.attributeRepository.jdbc[0].attributes.id=id
cas.authn.attributeRepository.jdbc[0].attributes.username=username
cas.authn.attributeRepository.jdbc[0].attributes.password=password
cas.authn.attributeRepository.jdbc[0].attributes.intime=intime
cas.authn.attributeRepository.jdbc[0].attributes.attemptstime=attemptstime
cas.authn.attributeRepository.jdbc[0].attributes.email=email
cas.authn.attributeRepository.jdbc[0].singleRow=true
cas.authn.attributeRepository.jdbc[0].order=0
cas.authn.attributeRepository.jdbc[0].url=${cas.authn.jdbc.query[0].url}
# 以下属性为查询sql时,当为多个时逗号分隔,如填写username、email,sql会变成 select * from sys_user where username=${?} {and/or} email=${?}
cas.authn.attributeRepository.jdbc[0].username=username
cas.authn.attributeRepository.jdbc[0].queryType=OR
cas.authn.attributeRepository.jdbc[0].user=${cas.authn.jdbc.query[0].user}
cas.authn.attributeRepository.jdbc[0].password=${cas.authn.jdbc.query[0].password}
cas.authn.attributeRepository.jdbc[0].sql=select * from sys_user where {0}
cas.authn.attributeRepository.jdbc[0].dialect=${cas.authn.jdbc.query[0].dialect}
cas.authn.attributeRepository.jdbc[0].ddlAuto=none
cas.authn.attributeRepository.jdbc[0].driverClass=${cas.authn.jdbc.query[0].driverClass}
cas.authn.attributeRepository.jdbc[0].leakThreshold=10
cas.authn.attributeRepository.jdbc[0].propagationBehaviorName=PROPAGATION_REQUIRED
cas.authn.attributeRepository.jdbc[0].batchSize=1
cas.authn.attributeRepository.jdbc[0].failFast=true
#多行
cas.authn.attributeRepository.jdbc[1].attributes.group=group_multi
cas.authn.attributeRepository.jdbc[1].attributes.school=school_multi
#键值对
cas.authn.attributeRepository.jdbc[1].columnMappings.ATTR_KEY=ATTR_VAL
cas.authn.attributeRepository.jdbc[1].singleRow=false
cas.authn.attributeRepository.jdbc[1].order=1
cas.authn.attributeRepository.jdbc[1].url=${cas.authn.jdbc.query[0].url}
cas.authn.attributeRepository.jdbc[1].username=username
cas.authn.attributeRepository.jdbc[1].user=${cas.authn.jdbc.query[0].user}
cas.authn.attributeRepository.jdbc[1].password=${cas.authn.jdbc.query[0].password}
cas.authn.attributeRepository.jdbc[1].sql=select * from sys_attrs where {0}
cas.authn.attributeRepository.jdbc[1].dialect=${cas.authn.jdbc.query[0].dialect}
cas.authn.attributeRepository.jdbc[1].ddlAuto=none
cas.authn.attributeRepository.jdbc[1].driverClass=${cas.authn.jdbc.query[0].driverClass}
cas.authn.attributeRepository.jdbc[1].leakThreshold=10
cas.authn.attributeRepository.jdbc[1].propagationBehaviorName=PROPAGATION_REQUIRED
cas.authn.attributeRepository.jdbc[1].batchSize=1
cas.authn.attributeRepository.jdbc[1].failFast=true
## 多属性返回结束未完待续。。。。