如何解决在Docker中获取Apereo / Cas从白名单进行身份验证
使用以下命令运行apereo / cas docker容器
docker run -p 8443:8443 -v /root/cas/config:/etc/cas/config -d apereo/cas:v6.2.4
/root/cas/config/cas.properties文件在主机上
cas.authn.accept.users=
cas.authn.file.separator=::
cas.authn.file.filename=file:///etc/cas/config/users.txt
cas.authn.file.name=file:///etc/cas/config/users.txt
cas.authn.file.passwordEncoder.type=NONE
testuser::password
当我执行docker容器时,在/ etc / cas / config中可以看到相同的cas.properties和users.txt文件,但是由于某些原因,当我以testuser身份登录时,它并没有进行身份验证。
不确定为什么!
容器启动
_ ____ _____ ____ _____ ___ ____ _ ____
/ \ | _ \| ____| _ \| ____/ _ \ / ___| / \ / ___|
/ _ \ | |_) | _| | |_) | _|| | | | | | / _ \ \___ \
/ ___ \| __/| |___| _ <| |__| |_| | | |___ / ___ \ ___) |
/_/ \_\_| |_____|_| \_\_____\___/ \____/_/ \_\____/
CAS Version: 6.2.4
CAS Branch: 6.2.x
CAS Commit Id: 60ba4cdd35a279ba8aae8922920099d314576500
CAS Build Date/Time: 2020-10-14T10:36:30Z
Spring Boot Version: 2.2.8.RELEASE
Spring Version: 5.2.6.RELEASE
Java Home: /opt/java/openjdk
Java vendor: AdoptOpenJDK
Java Version: 11.0.8
JVM Free Memory: 71 MB
JVM Maximum Memory: 1 GB
JVM Total Memory: 113 MB
JCE Installed: Yes
OS Architecture: amd64
OS Name: Linux
OS Version: 4.4.11-23.53.amzn1.x86_64
OS Date/Time: 2020-11-03T21:30:47.993674
OS Temp Directory: /tmp
------------------------------------------------------------
Apache Tomcat Version: Apache Tomcat/9.0.39
------------------------------------------------------------
2020-11-03 21:30:48,104 INFO [org.apereo.cas.configuration.DefaultCasConfigurationPropertiesSourceLocator] - <Configuration files found at [/etc/cas/config] are [[file [/etc/cas/config/cas.properties]]] under profile(s) [[standalone]]>
2020-11-03 21:30:48,602 INFO [org.apereo.cas.web.CasWebApplication] - <The following profiles are active: standalone>
2020-11-03 21:30:49,521 DEBUG [org.apereo.cas.web.CasWebApplicationContext] - <Refreshing org.apereo.cas.web.CasWebApplicationContext@3c443976>
2020-11-03 21:30:58,432 INFO [org.apereo.cas.configuration.CasConfigurationPropertiesValidator] - <Application context has validated CAS property sources and configuration successfully.>
2020-11-03 21:30:59,484 DEBUG [org.apereo.cas.tomcat.CasTomcatServletWebServerFactory] - <Code archive: /cas-overlay/cas.war>
2020-11-03 21:30:59,492 DEBUG [org.apereo.cas.tomcat.CasTomcatServletWebServerFactory] - <Document root: /cas-overlay/cas.war>
2020-11-03 21:31:12,045 DEBUG [org.apereo.cas.config.CascoreConfiguration] - <Applying configuration for Accept Any Authentication Policy>
2020-11-03 21:31:14,978 INFO [org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration] - <
Using generated security password: 512112df-5dd0-48ff-878f-41828c1c6899
>
2020-11-03 21:31:15,415 INFO [org.springframework.security.web.access.channel.ChannelProcessingFilter] - <Validated configuration attributes>
2020-11-03 21:31:15,454 INFO [org.springframework.security.web.DefaultSecurityFilterChain] - <Creating filter chain: any request,[org.springframework.security.web.access.channel.ChannelProcessingFilter@4ea48b2e,org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@45790cb,org.springframework.security.web.context.SecurityContextPersistenceFilter@2820b369,org.springframework.security.web.savedrequest.RequestCacheAwareFilter@476c137b,org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@2507a170,org.springframework.security.web.authentication.AnonymousAuthenticationFilter@73a5d86c,org.springframework.security.web.session.SessionManagementFilter@688d2a5d,org.springframework.security.web.access.ExceptionTranslationFilter@1e3566e,org.springframework.security.web.access.intercept.FilterSecurityInterceptor@1280bae3]>
2020-11-03 21:31:17,974 DEBUG [org.apereo.cas.config.CasPersonDirectoryConfiguration] - <Attribute repository sources are not available for person-directory principal resolution>
2020-11-03 21:31:18,086 WARN [org.apereo.cas.config.CascoreServicesConfiguration] - <Runtime memory is used as the persistence storage for retrieving and persisting service deFinitions. Changes that are made to service deFinitions during runtime WILL be LOST when the CAS server is restarted. Ideally for production,you should choose a storage option (JSON,JDBC,MongoDb,etc) to track service deFinitions.>
2020-11-03 21:31:18,142 WARN [org.apereo.cas.config.CascoreTicketsConfiguration] - <Runtime memory is used as the persistence storage for retrieving and managing tickets. Tickets that are issued during runtime will be LOST when the web server is restarted. This MAY impact SSO functionality.>
2020-11-03 21:31:18,154 INFO [org.apereo.cas.util.CoreTicketUtils] - <Ticket registry encryption/signing is turned off. This MAY NOT be safe in a clustered production environment. Consider using other choices to handle encryption,signing and verification of ticket registry tickets,and verify the chosen ticket registry does support this behavior.>
2020-11-03 21:31:18,186 DEBUG [org.apereo.cas.config.CascoreTicketsSchedulingConfiguration] - <Ticket registry cleaner is enabled.>
2020-11-03 21:31:18,377 DEBUG [org.apereo.cas.config.CasPersonDirectoryConfiguration] - <No attribute repository sources are available/defined to merge together.>
2020-11-03 21:31:18,415 DEBUG [org.apereo.cas.pm.config.PasswordManagementConfiguration] - <Password management is disabled. To enable the password management functionality,add 'cas.authn.pm.enabled=true' to the CAS configuration and then configure storage options for account updates>
2020-11-03 21:31:18,530 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Secret key for encryption is not defined for [Ticket-granting Cookie]; CAS will attempt to auto-generate the encryption key>
2020-11-03 21:31:18,558 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Generated encryption key [aXblgcpsNYneVsuoV52UEx-N4qeYR8L1_Tlt9eSy9Q8] of size [256] for [Ticket-granting Cookie]. The generated key MUST be added to CAS settings under setting [cas.tgc.crypto.encryption.key].>
2020-11-03 21:31:18,566 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Secret key for signing is not defined for [Ticket-granting Cookie]. CAS will attempt to auto-generate the signing key>
2020-11-03 21:31:18,567 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Generated signing key [DbaQjgbvwkhg6d6EMbURZwdxD2QRxbG71Iflo6wsX76xzaJAgIqFCbOlAfxiVKa2M9EbXFxh5hN1MPcUVMUx8w] of size [512] for [Ticket-granting Cookie]. The generated key MUST be added to CAS settings under setting [cas.tgc.crypto.signing.key].>
2020-11-03 21:31:18,931 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Secret key for signing is not defined under [cas.webflow.crypto.signing.key]. CAS will attempt to auto-generate the signing key>
2020-11-03 21:31:18,934 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Generated signing key [7dk5gLYwNoYKNCQTQB1BZvIhEmj-hOaSkVwMRnNGD0WyO9EBCA5F_y69glrZP41cNeKoH2nXNt4ItcaDFdF5cw] of size [512]. The generated key MUST be added to CAS settings under setting [cas.webflow.crypto.signing.key].>
2020-11-03 21:31:18,935 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Secret key for encryption is not defined under [cas.webflow.crypto.encryption.key]. CAS will attempt to auto-generate the encryption key>
2020-11-03 21:31:18,937 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Generated encryption key [ybP_djhKWyRG-CCAfNFeCA] of size [16]. The generated key MUST be added to CAS settings under setting [cas.webflow.crypto.encryption.key].>
2020-11-03 21:31:19,628 INFO [org.apereo.cas.web.CasWebApplication] - <Started CasWebApplication in 38.442 seconds (JVM running for 44.26)>
2020-11-03 21:31:19,643 INFO [org.apereo.cas.web.CasWebApplication] - <>
2020-11-03 21:31:19,643 INFO [org.apereo.cas.web.CasWebApplication] - <
____ _____ _ ______ __
| _ \| ____| / \ | _ \ \ / /
| |_) | _| / _ \ | | | \ V /
| _ <| |___ / ___ \| |_| || |
|_| \_\_____/_/ \_\____/ |_|
>
2020-11-03 21:31:19,644 INFO [org.apereo.cas.web.CasWebApplication] - <>
2020-11-03 21:31:19,645 INFO [org.apereo.cas.web.CasWebApplication] - <Ready to process requests @ [2020-11-03T21:31:19.642Z]>
2020-11-03 21:31:19,683 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].>
解决方法
该服务之所以不读取用于身份验证或服务的cas.properties设置,是因为cas叠加层需要与其他模块一起构建才能读取这些属性。
implementation "org.apereo.cas:cas-server-support-generic:${casServerVersion}"
implementation "org.apereo.cas:cas-server-support-json-service-registry:${casServerVersion}"
使用这2个模块重建cas-overlay-template项目后,它应读取与文件身份验证和json服务注册表相关的cas.properties
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
