cas 4.2.7 和 Nginx 整合遇到的问题登录一会可以一会不可以-白红宇

cas 4.2.7 和 Nginx 整合遇到的问题登录一会可以一会不可以

阅读量：4073 次

发布时间：2019-05-25

本文共 4727 字，大约阅读时间需要 15 分钟。

cas与Nginx整合遇到了登录成功后又自动退出，一刷新发现又登录成功的，在刷新还是未登录，不是很稳定，刚刚开始以为是浏览器缓存了登录页面的html没有去请求后台，经过调试发现还请求了后台，最后吧cas的日志打开，发现了问题所在。

经过Nginx代理后，request.getremoteaddr 方法经过Nginx代理后变成了127.0.0.1 而不是真实的ip，cas有一个校验，如果发现下发cookie的时候，和这个ip不一致则会报一个错误。

解决方案：通过

request.getHeader("x-forwarded-for"); 方式获取真实ip

一下是修改好的类，直接编译下就可以使用了

package org.jasig.cas.web.support;import org.apache.commons.lang3.StringUtils;import org.jasig.cas.CipherExecutor;import org.jasig.cas.util.NoOpCipherExecutor;import org.jasig.cas.web.support.CookieValueManager;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.beans.factory.annotation.Qualifier;import org.springframework.stereotype.Component;import javax.servlet.http.Cookie;import javax.servlet.http.HttpServletRequest;/** * The {@link DefaultCasCookieValueManager} is responsible creating * the CAS SSO sookie and encrypting and signing its value. * * @author Misagh Moayyed * @since 4.1 */@Component("defaultCookieValueManager")public final class DefaultCasCookieValueManager implements CookieValueManager {    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultCasCookieValueManager.class);    private static final char COOKIE_FIELD_SEPARATOR = '@';    private static final int COOKIE_FIELDS_LENGTH = 3;    /** The cipher exec that is responsible for encryption and signing of the cookie. */    private final CipherExecutor
   
     cipherExecutor;    /**     * Instantiates a new Cas cookie value manager.     * Set the default cipher to do absolutely  nothing.     */    public DefaultCasCookieValueManager() {        this(new NoOpCipherExecutor());    }    /**     * Instantiates a new Cas cookie value manager.     *     * @param cipherExecutor the cipher executor     */    @Autowired    public DefaultCasCookieValueManager(@Qualifier("defaultCookieCipherExecutor")                                            final CipherExecutor
    
      cipherExecutor) {        this.cipherExecutor = cipherExecutor;        LOGGER.debug("Using cipher [{} to encrypt and decode the cookie",                this.cipherExecutor.getClass());    }    @Override    public String buildCookieValue(final String givenCookieValue, final HttpServletRequest request) {        final StringBuilder builder = new StringBuilder(givenCookieValue);        //final String remoteAddr = request.getRemoteAddr();        final  String remoteAddr = request.getHeader("x-forwarded-for");        if (StringUtils.isBlank(remoteAddr)) {            throw new IllegalStateException("Request does not specify a remote address");        }        builder.append(COOKIE_FIELD_SEPARATOR);        builder.append(remoteAddr);        final String userAgent = request.getHeader("user-agent");        if (StringUtils.isBlank(userAgent)) {            throw new IllegalStateException("Request does not specify a user-agent");        }        builder.append(COOKIE_FIELD_SEPARATOR);        builder.append(userAgent);        final String res = builder.toString();        LOGGER.debug("Encoding cookie value [{}]", res);        return this.cipherExecutor.encode(res);    }    @Override    public String obtainCookieValue(final Cookie cookie, final HttpServletRequest request) {        final String cookieValue = this.cipherExecutor.decode(cookie.getValue());        LOGGER.debug("Decoded cookie value is [{}]", cookieValue);        if (StringUtils.isBlank(cookieValue)) {            LOGGER.debug("Retrieved decoded cookie value is blank. Failed to decode cookie [{}]", cookie.getName());            return null;        }        final String[] cookieParts = cookieValue.split(String.valueOf(COOKIE_FIELD_SEPARATOR));        if (cookieParts.length != COOKIE_FIELDS_LENGTH) {            throw new IllegalStateException("Invalid cookie. Required fields are missing");        }        final String value = cookieParts[0];        final String remoteAddr = cookieParts[1];        final String userAgent = cookieParts[2];        if (StringUtils.isBlank(value) || StringUtils.isBlank(remoteAddr)                || StringUtils.isBlank(userAgent)) {            throw new IllegalStateException("Invalid cookie. Required fields are empty");        }        String clientRemoteAddr = request.getHeader("x-forwarded-for");        if (!remoteAddr.equals(clientRemoteAddr)) {            throw new IllegalStateException("Invalid cookie. Required remote address does not match "                    + clientRemoteAddr);        }        if (!userAgent.equals(request.getHeader("user-agent"))) {            throw new IllegalStateException("Invalid cookie. Required user-agent does not match "                    + request.getHeader("user-agent"));        }        return value;    }}

转载地址：http://grwni.baihongyu.com/

你可能感兴趣的文章