我正在尝试配置CAS(4.1)以在Amazon AWS内的集群环境中工作。
我已经为群集配置了Tomcat 7,但是在aws上不能使用多播自动发现,因此我已经在tomcat上下文中设置了数据库会话复制。
会话复制似乎运行良好(同一集群中的其他应用程序正确使用了它):

<Context path="cas" crossContext="true">
        <Manager className="org.apache.catalina.session.PersistentManager" distributable="true"  processExpiresFrequency="3" maxIdleBackup="1" >
               <Store className="org.apache.catalina.session.JDBCStore"
               driverName="org.postgresql.Driver"
               connectionURL="jdbc:postgresql://*****:5432/****"
               connectionName="*****" connectionPassword="*****"
               sessionAppCol="app_name" sessionDataCol="session_data" sessionIdCol="session_id"
               sessionLastAccessedCol="last_access" sessionMaxInactiveCol="max_inactive"
               sessionTable="persistent_sessions" sessionValidCol="valid_session" />
       </Manager>
</Context>


接下来,我在cas配置上配置了jpaTicketRegistry和uniqueGenerators,如cas配置指南中所述:



<bean id="cleanerLock"
    class="org.jasig.cas.ticket.registry.support.JpaLockingStrategy"
    p:uniqueId="${host.name}" p:applicationId="cas-ticket-registry-cleaner" />

<bean id="jobDetailTicketRegistryCleaner"
    class="org.springframework.scheduling.quartz.MethodInvokingJobDetailFactoryBean"
    p:targetObject-ref="ticketRegistryCleaner" p:targetMethod="clean" />

<bean id="triggerJobDetailTicketRegistryCleaner"
    class="org.springframework.scheduling.quartz.SimpleTriggerFactoryBean"
    p:jobDetail-ref="jobDetailTicketRegistryCleaner" p:startDelay="20000"
    p:repeatInterval="5000000" />




<bean id="ticketGrantingTicketUniqueIdGenerator" class="org.jasig.cas.util.DefaultUniqueTicketIdGenerator"
        c:maxLength="50" c:suffix="${host.name}" />

    <bean id="serviceTicketUniqueIdGenerator" class="org.jasig.cas.util.DefaultUniqueTicketIdGenerator"
        c:maxLength="20" c:suffix="${host.name}" />

    <bean id="loginTicketUniqueIdGenerator" class="org.jasig.cas.util.DefaultUniqueTicketIdGenerator"
        c:maxLength="30" c:suffix="${host.name}" />

    <bean id="proxy20TicketUniqueIdGenerator" class="org.jasig.cas.util.DefaultUniqueTicketIdGenerator"
        c:maxLength="20" c:suffix="${host.name}" />

    <util:map id="uniqueIdGeneratorsMap">
        <entry
            key="org.jasig.cas.authentication.principal.SimpleWebApplicationServiceImpl"
            value-ref="serviceTicketUniqueIdGenerator" />
    </util:map>




<bean id="ticketGrantingTicketCookieGenerator"
        class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
        c:casCookieValueManager-ref="cookieValueManager"
        p:cookieSecure="true"
        p:cookieMaxAge="-1"
        p:cookieName="TGC"
        p:cookiePath="/cas" />

    <bean id="cookieCipherExecutor" class="org.jasig.cas.util.DefaultCipherExecutor"
        c:secretKeyEncryption="${tgc.encryption.key}"
        c:secretKeySigning="${tgc.signing.key}" />

    <bean id="cookieValueManager" class="org.jasig.cas.web.support.DefaultCasCookieValueManager"
          c:cipherExecutor-ref="cookieCipherExecutor" />


现在,应用程序正在启动,并且可以在单个节点上正常工作,但是当我启动第二个节点时,大多数情况下都无法识别登录票证,这导致客户端应用程序无法登录:

17:52:48,986 ERROR [http-bio-8443-exec-11][CASFilter:83] org.jasig.cas.client.validation.TicketValidationException: _            Ticket 'ST-1-uFUEA1PDhSv4GPQ61E1T-customers01.dwssystems.com' not recognized_     [Sanitized]
org.jasig.cas.client.validation.TicketValidationException: _            Ticket 'ST-1-uFUEA1PDhSv4GPQ61E1T-customers01.mycompany.com' not recognized_     [Sanitized]
    at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:73)
    at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188)
    at com.liferay.portal.servlet.filters.sso.cas.CASFilter.processFilter(CASFilter.java:194)
    at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
    at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:169)
    at com.liferay.portal.sharepoint.SharepointFilter.processFilter(SharepointFilter.java:88)
    at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:185)
    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
    at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:738)
    at com.liferay.portal.servlet.filters.urlrewrite.UrlRewriteFilter.processFilter(UrlRewriteFilter.java:57)
    at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:59)
    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:204)
    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:109)
    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:165)
    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:165)
    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:185)
    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:96)
    at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:119)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    at org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:219)
    at org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:335)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)


如cas参考中所述,我为两个节点使用了不同的主机名。该票证已在数据库表中注册,但似乎第二个节点无法对其进行验证。

我不确定问题是否与会话复制,节点之间缺乏自动发现或某些配置有关。

最佳答案

我设法修复了它,并进行了以下修改:
-配置具有静态成员资格的tomcat集群(因为由于AWS限制我无法使用多播)
-更新了两个bean配置:

<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
          p:cookieDomain="mycompany.com" // ---->> added this
          p:cookieSecure="true"
          p:cookieMaxAge="-1"
          p:cookieName="CASPRIVACY"
          p:cookiePath="/cas"/>

<bean id="ticketGrantingTicketCookieGenerator"
            class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
            c:casCookieValueManager-ref="cookieValueManager"
            p:cookieDomain="mycompany.com" // --->> added this
            p:cookieSecure="true"
            p:cookieMaxAge="-1"
            p:cookieName="TGC"
            p:cookiePath="/cas" />

10-07 20:02
查看更多