我想在我的服务中使用REST协议。为此,我启用了Rest Protocol并尝试获取TGT。此外,所有示例均基于通用服务注册,我在产品环境中不需要。
Here是通用服务注册表示例,应不在产品环境中使用。而且我没有在我的环境中使用它:
{
/*
Generic service definition that applies to https/imaps urls
that wish to register with CAS for authentication.
*/
"@class" : "org.apereo.cas.services.RegexRegisteredService","serviceId" : "^(https|imaps)://.*","name" : "HTTPS and IMAPS","id" : 10000001,}
相反,我有以下内容:
{
"@class": "org.apereo.cas.services.RegexRegisteredService",// this service will match all the requests contains test in the request url
"serviceId": "^https?:\\/\\/.*test($|\\/).*$","name": "Test","id": 1,"description": "Test service","evaluationOrder": 2,"requiredHandlers": [
"java.util.HashSet",[
"TestHandler"
]
],"attributeReleasePolicy": {
"@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
},"properties": {
"@class": "java.util.HashMap","jwtAsServiceTicket": {
"@class": "org.apereo.cas.services.DefaultRegisteredServiceProperty","values": [
"java.util.HashSet",[
"true"
]
]
}
}
}
我无法以explained here的身份请求授予票证的票证:
POST /cas/v1/tickets HTTP/1.0
'Content-type': 'Application/x-www-form-urlencoded'
username=battags&password=password&additionalParam1=paramvalue
我遇到以下异常:
Unauthorized Service access. Service [] is not found in service registry
调试代码时,可以看到已创建TGT,并且我的注册服务运行良好。由于JWTBuilder中的CAS服务器的再次注册服务检查而引发异常:
val registeredService = payload.getRegisteredService() == null
? locateRegisteredService(serviceAudience)
: payload.getRegisteredService();
RegisteredServiceaccessStrategyUtils.ensureServiceaccessIsAllowed(registeredService);
此处CAS尝试检查是否允许访问服务。 payload.getRegisteredService返回null,并用serviceAudience调用locateRegisteredService,以确保确保ServiceaccessIsAllowed引发异常。
问题是: serviceAudience 是always filled,具有 CAS服务器前缀,这意味着必须存在与 CAS服务器前缀匹配的服务定义。当启用通用服务定义时,所有示例均有效,但是在删除通用服务定义时,由于上述检查,TGT不会返回。
有什么办法吗?我不想让每个人都能够创建TGT,我可以添加仅与CAS前缀匹配的服务定义,但是首先最好了解我是否错过了某些内容,或者这是一个错误。
我的Cas版本:6.1.0
我的配置:
server.port=8095
server.servlet.context-path=/bouncer
cas.authn.policy.any.tryAll=false
cas.authn.policy.any.enabled=true
cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.json.location=file:/services
我的构建:
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>${maven-war-plugin.version}</version>
<configuration>
<warName>${project.artifactId}</warName>
<failOnmissingWebXml>false</failOnmissingWebXml>
<recompressZippedFiles>false</recompressZippedFiles>
<archive>
<compress>false</compress>
<manifestFile>${manifestFileToUse}</manifestFile>
</archive>
<overlays>
<overlay>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp${app.server}</artifactId>
<excludes>
<exclude>WEB-INF/lib/log4j-api-2.12.1.jar</exclude>
<exclude>WEB-INF/lib/log4j-jcl-2.12.1.jar</exclude>
<exclude>WEB-INF/lib/log4j-jul-2.12.1.jar</exclude>
<exclude>WEB-INF/lib/log4j-slf4j18-impl-2.12.1.jar</exclude>
<exclude>WEB-INF/lib/log4j-web-2.12.1.jar</exclude>
<exclude>WEB-INF/lib/slf4j-api-1.8.0-beta4.jar</exclude>
</excludes>
</overlay>
</overlays>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>${maven-compiler-plugin.version}</version>
</plugin>
</plugins>
<finalName>${project.artifactId}.jar</finalName>
</build>
<dependencies>
<!--START: Extend CAS as WebApp-->
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp${app.server}</artifactId>
<version>${cas.version}</version>
<type>war</type>
<scope>runtime</scope>
</dependency>
<!--END-->
<!--START: Logback Gelf(Graylog Extended Log Format) integration-->
<dependency>
<groupId>de.siegmar</groupId>
<artifactId>logback-gelf</artifactId>
<version>${logback-gelf.version}</version>
<exclusions>
<exclusion>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
</exclusion>
<exclusion>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<!--END-->
<!--START: Java 11 integration problems,use older logback and slf4j until it is supported-->
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>${logback-classic.version}</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>${slf4j-api.version}</version>
</dependency>
<!--END-->
<!-- TODO: Problem The following two deps are needed for sending traces to zipkin -->
<!-- Problem: https://github.com/spring-cloud/spring-cloud-sleuth/issues/1193 -->
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-sleuth</artifactId>
<version>${cas.version}</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<!--this one is needed,because else an exception will be thrown caused
by: java.lang.NoClassDefFoundError: com/netflix/servo/monitor/Monitors-->
<dependency>
<groupId>com.netflix.servo</groupId>
<artifactId>servo-core</artifactId>
<version>${servo-core.version}</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- START: Support JWT/CAS Protocol: https://apereo.github.io/cas/6.0.x/installation/Configure-ServiceTicket-JWT.html -->
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-token-tickets</artifactId>
<version>${cas.version}</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<!--END-->
<!-- START: REST Endpoints enabled for cli authentications -->
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-rest-tokens</artifactId>
<version>${cas.version}</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<!--END-->
<!-- START: JSON Service Registry Enabled -->
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-json-service-registry</artifactId>
<version>${cas.version}</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
<exclusion>
<groupId>javax.el</groupId>
<artifactId>el-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<!--END-->
<!--START: OIDC Protocol enabled-->
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-oidc</artifactId>
<version>${cas.version}</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<!--END-->
<!--START: Enable consul client -->
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-consul-client</artifactId>
<version>${cas-server-support-consul-client.version}</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<!--END-->
<!--START: Enable Custom Authentication for CAS: https://apereo.github.io/cas/6.0.x/installation/Configuring-Custom-Authentication.html-->
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-core-authentication-api</artifactId>
<version>${cas.version}</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-core-api-configuration-model</artifactId>
<version>${cas.version}</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-core-web-api</artifactId>
<version>${cas.version}</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<!--END-->
<!--START: Enable Logback Support: https://apereo.github.io/cas/6.0.x/logging/Logging-Logback.html#logback-logging-->
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-logback</artifactId>
<version>${cas.version}</version>
<exclusions>
<exclusion>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
</exclusion>
<exclusion>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
<!-- NotNull annotation comes from this package conflicts with hibarnate for ConsulProperties class-->
<exclusion>
<groupId>edu.washington.cs.types.checker</groupId>
<artifactId>checker-framework</artifactId>
</exclusion>
</exclusions>
</dependency>
<!--END-->
</dependencies>