SSO单点登录基于CAS架构封装 Memcached 实例
2019独角兽企业重金招聘Python工程师标准>>>
SSO认证中心是CAS整个应用架构的一个极其重要的关键点,必须满足如下两点要求: 1.高可用,不允许程序发生故障。如果认证中心发生故障,整个应用群将无法登录,导致所有服务瘫痪。 2.高并发,因为所有用户的登录请求都需要经过它处理,其承担的处理量往往是相当巨大的。
其中memcached的CAS源码 MemCacheTicketRegistry.java 类如下: /*
- Licensed to Jasig under one or more contributor license
- agreements. See the NOTICE file distributed with this work
- for additional information regarding copyright ownership.
- Jasig licenses this file to you under the Apache License,
- Version 2.0 (the "License"); you may not use this file
- except in compliance with the License. You may obtain a
- copy of the License at the following location:
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License. / package org.jasig.cas.ticket.registry; import java.io.IOException; import java.net.InetSocketAddress; import java.util.Arrays; import java.util.Collection; import java.util.List; import javax.validation.constraints.Min; import javax.validation.constraints.NotNull; import net.spy.memcached.AddrUtil; import net.spy.memcached.MemcachedClient; import net.spy.memcached.MemcachedClientIF; import org.jasig.cas.ticket.ServiceTicket; import org.jasig.cas.ticket.Ticket; import org.jasig.cas.ticket.TicketGrantingTicket; import org.springframework.beans.factory.DisposableBean; /*
- Key-value ticket registry implementation that stores tickets in memcached keyed on the ticket ID.
- @author Scott Battaglia
- @author Marvin S. Addison
- @since 3.3 / public final class MemCacheTicketRegistry extends AbstractDistributedTicketRegistry implements DisposableBean { /* Memcached client. / @NotNull private final MemcachedClientIF client; /*
- TGT cache entry timeout in seconds. / @Min(0) private final int tgtTimeout; /*
- ST cache entry timeout in seconds. / @Min(0) private final int stTimeout; /*
- Creates a new instance that stores tickets in the given memcached hosts.
- @param hostnames Array of memcached hosts where each element is of the form host:port.
- @param ticketGrantingTicketTimeOut TGT timeout in seconds.
- @param serviceTicketTimeOut ST timeout in seconds. / public MemCacheTicketRegistry(final String[] hostnames, final int ticketGrantingTicketTimeOut, final int serviceTicketTimeOut) { try { this.client = new MemcachedClient(AddrUtil.getAddresses(Arrays.asList(hostnames))); } catch (final IOException e) { throw new IllegalArgumentException("Invalid memcached host specification.", e); } this.tgtTimeout = ticketGrantingTicketTimeOut; this.stTimeout = serviceTicketTimeOut; } /*
- This alternative constructor takes time in milliseconds.
- It has the timeout parameters in order to create a unique method signature.
- @param ticketGrantingTicketTimeOut TGT timeout in milliseconds.
- @param serviceTicketTimeOut ST timeout in milliseconds.
- @param hostnames Array of memcached hosts where each element is of the form host:port.
- @see MemCacheTicketRegistry#MemCacheTicketRegistry(String[], int, int)
- @deprecated This has been deprecated / @Deprecated public MemCacheTicketRegistry(final long ticketGrantingTicketTimeOut, final long serviceTicketTimeOut, final String[] hostnames) { this(hostnames, (int) (ticketGrantingTicketTimeOut / 1000), (int) (serviceTicketTimeOut / 1000)); } /*
- Creates a new instance using the given memcached client instance, which is presumably configured via
- <code>net.spy.memcached.spring.MemcachedClientFactoryBean</code>.
- @param client Memcached client.
- @param ticketGrantingTicketTimeOut TGT timeout in seconds.
- @param serviceTicketTimeOut ST timeout in seconds. / public MemCacheTicketRegistry(final MemcachedClientIF client, final int ticketGrantingTicketTimeOut, final int serviceTicketTimeOut) { this.tgtTimeout = ticketGrantingTicketTimeOut; this.stTimeout = serviceTicketTimeOut; this.client = client; } public String getHostnames() { return hostnames; } public void setHostnames(String hostnames) { this.hostnames = hostnames; } public int getTgtTimeout() { return tgtTimeout; } public int getStTimeout() { return stTimeout; } protected void updateTicket(final Ticket ticket) { logger.debug("Updating ticket {}", ticket); try { if (!this.client.replace(ticket.getId(), getTimeout(ticket), ticket).get()) { logger.error("Failed updating {}", ticket); } } catch (final InterruptedException e) { logger.warn("Interrupted while waiting for response to async replace operation for ticket {}. " + "Cannot determine whether update was successful.", ticket); } catch (final Exception e) { logger.error("Failed updating {}", ticket, e); } } public void addTicket(final Ticket ticket) { logger.debug("Adding ticket {}", ticket); try { if (!this.client.add(ticket.getId(), getTimeout(ticket), ticket).get()) { logger.error("Failed adding {}", ticket); } } catch (final InterruptedException e) { logger.warn("Interrupted while waiting for response to async add operation for ticket {}." + "Cannot determine whether add was successful.", ticket); } catch (final Exception e) { logger.error("Failed adding {}", ticket, e); } } public boolean deleteTicket(final String ticketId) { logger.debug("Deleting ticket {}", ticketId); try { return this.client.delete(ticketId).get(); } catch (final Exception e) { logger.error("Failed deleting {}", ticketId, e); } return false; } public Ticket getTicket(final String ticketId) { try { final Ticket t = (Ticket) this.client.get(ticketId); if (t != null) { return getProxiedTicketInstance(t); } } catch (final Exception e) { logger.error("Failed fetching {} ", ticketId, e); } return null; } /*
- {@inheritDoc}
- This operation is not supported.
- @throws UnsupportedOperationException if you try and call this operation. / @Override public Collection<Ticket> getTickets() { throw new UnsupportedOperationException("GetTickets not supported."); } public void destroy() throws Exception { this.client.shutdown(); } /*
- @param sync set to true, if updates to registry are to be synchronized
- @deprecated As of version 3.5, this operation has no effect since async writes can cause registry consistency issues. */ @Deprecated public void setSynchronizeUpdatesToRegistry(final boolean sync) {} @Override protected boolean needsCallback() { return true; } private int getTimeout(final Ticket t) { if (t instanceof TicketGrantingTicket) { return this.tgtTimeout; } else if (t instanceof ServiceTicket) { return this.stTimeout; } throw new IllegalArgumentException("Invalid ticket type"); } }
将其 MemCacheTicketRegistry.java 类改为如下代码: /*
Licensed to Jasig under one or more contributor license
agreements. See the NOTICE file distributed with this work
for additional information regarding copyright ownership.
Jasig licenses this file to you under the Apache License,
Version 2.0 (the "License"); you may not use this file
except in compliance with the License. You may obtain a
copy of the License at the following location:
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License. / package org.jasig.cas.ticket.registry; import java.io.IOException; import java.net.InetSocketAddress; import java.util.Arrays; import java.util.Collection; import java.util.List; import javax.validation.constraints.Min; import javax.validation.constraints.NotNull; import net.spy.memcached.AddrUtil; import net.spy.memcached.MemcachedClient; import net.spy.memcached.MemcachedClientIF; import org.jasig.cas.ticket.ServiceTicket; import org.jasig.cas.ticket.Ticket; import org.jasig.cas.ticket.TicketGrantingTicket; import org.springframework.beans.factory.DisposableBean; /*
Key-value ticket registry implementation that stores tickets in memcached keyed on the ticket ID.
@author Scott Battaglia
@author Marvin S. Addison
@since 3.3 / public final class MemCacheTicketRegistry extends AbstractDistributedTicketRegistry implements DisposableBean { /* Memcached client. / @NotNull private final MemcachedClientIF client = getClient(); /*
- TGT cache entry timeout in seconds. / @Min(0) private int tgtTimeout; /*
- ST cache entry timeout in seconds. */ @Min(0) private int stTimeout;
private String hostname;
public MemcachedClient getClient(){ try { return new MemcachedClient(AddrUtil.getAddresses(Arrays.asList(hostname))); } catch (IOException e) { // TODO Auto-generated catch block e.printStackTrace(); } return null; } protected void updateTicket(final Ticket ticket) { logger.debug("Updating ticket {}", ticket); try { if (!this.client.replace(ticket.getId(), getTimeout(ticket), ticket).get()) { logger.error("Failed updating {}", ticket); } } catch (final InterruptedException e) { logger.warn("Interrupted while waiting for response to async replace operation for ticket {}. " + "Cannot determine whether update was successful.", ticket); } catch (final Exception e) { logger.error("Failed updating {}", ticket, e); } } public void addTicket(final Ticket ticket) { logger.debug("Adding ticket {}", ticket); try { if (!this.client.add(ticket.getId(), getTimeout(ticket), ticket).get()) { logger.error("Failed adding {}", ticket); } } catch (final InterruptedException e) { logger.warn("Interrupted while waiting for response to async add operation for ticket {}." + "Cannot determine whether add was successful.", ticket); } catch (final Exception e) { logger.error("Failed adding {}", ticket, e); } } public boolean deleteTicket(final String ticketId) { logger.debug("Deleting ticket {}", ticketId); try { return this.client.delete(ticketId).get(); } catch (final Exception e) { logger.error("Failed deleting {}", ticketId, e); } return false; } public Ticket getTicket(final String ticketId) { try { final Ticket t = (Ticket) this.client.get(ticketId); if (t != null) { return getProxiedTicketInstance(t); } } catch (final Exception e) { logger.error("Failed fetching {} ", ticketId, e); } return null; } /**
- {@inheritDoc}
- This operation is not supported.
- @throws UnsupportedOperationException if you try and call this operation. / @Override public Collection<Ticket> getTickets() { throw new UnsupportedOperationException("GetTickets not supported."); } public void destroy() throws Exception { this.client.shutdown(); } /*
- @param sync set to true, if updates to registry are to be synchronized
- @deprecated As of version 3.5, this operation has no effect since async writes can cause registry consistency issues. */ @Deprecated public void setSynchronizeUpdatesToRegistry(final boolean sync) {} @Override protected boolean needsCallback() { return true; } private int getTimeout(final Ticket t) { if (t instanceof TicketGrantingTicket) { return this.tgtTimeout; } else if (t instanceof ServiceTicket) { return this.stTimeout; } throw new IllegalArgumentException("Invalid ticket type"); } public int getTgtTimeout() { return tgtTimeout; } public void setTgtTimeout(int tgtTimeout) { this.tgtTimeout = tgtTimeout; } public int getStTimeout() { return stTimeout; } public void setStTimeout(int stTimeout) { this.stTimeout = stTimeout; } public String getHostname() { return hostname; } public void setHostname(String hostname) { this.hostname = hostname; }
} cas单点登录架构 ticket 票据存储方式为 memcached(单节点配置memcached满足cas存储票据),具体ticketRegistry.xml配置如下: 修改cas-server-webapp工程中ticketRegistry.xml文件 内容不全,网站 素文宅 http://www.yoodb.com/article/display/1168
转载于:https://my.oschina.net/freelife/blog/706288
SSO单点登录基于CAS架构封装 Memcached 实例相关推荐
- 【实战】从零搭建SSO单点登录服务器 - CAS认证流程
前言 因系统逐渐增多,各个业务系统间无法共享用户状态,每个系统都需要用户登录.这对于用户来说很不友好,于是需要搭建一个SSO单点登录服务器,来做统一的登录.注销. 写这个系列的文章有两个目的: 记录自 ...
- SSO单点登录-基于cookie的单点登录
1.概述 单点登录(Single-Sign-On),简称SSO,它的解释为:在多个应用系统中,只要登陆一次,便可以访问其它相互信任的系统.早期系统由于只有一个服务,因此只需要登录一次,就可以访问系统的 ...
- SSO单点登录Spring-Security+CAS+使用手册.doc
csdn地址: http://download.csdn.net/download/ddbbff2005/5299315 转载于:https://blog.51cto.com/2290337/1631 ...
- SSO单点登录原理详解
本文主要对SSO单点登录与CAS.OAuth2.0两种授权协议的关系和原理进行详细说明. 1. 基础概念 术语解释 SSO-Single Sign On,单点登录 TGT-Ticket Grantin ...
- 手撸SSO单点登录(六)SSO单点退出原理
目标 这一章节我们来一起学习,单点退出登录,是怎么让所有sso系统一起退出登录的. 视频详细讲解请见https://www.bilibili.com/video/BV14A4y1S7HP/ 时序图 当 ...
- 基于CAS实现SSO单点登录
点击关注公众号,实用技术文章及时了解 1. 概述 1.1. 什么是SSO? 单点登录( Single Sign-On , 简称 SSO )是目前比较流行的服务于企业业务整合的解决方案之一, SSO 使 ...
- Java架构-CAS SSO单点登录框架介绍
1.了解单点登录 SSO 主要特点是: SSO 应用之间使用 Web 协议(如 HTTPS) ,并且只有一个登录入口. SSO 的体系中有下面三种角色: User(多个) Web 应用(多个) SSO ...
- SSO单点登录学习总结(3)—— 基于CAS实现单点登录实例
第一: 本demo在一个机器上实现(三个虚拟主机),来看SSO单点登录实例(我们可以布到多个机器上使用都是同一个道理的),一个服务器主机,和两个客户端虚拟主机 [html] view plaincop ...
- redis 登录_Redis集群架构+Dubbo开发框架+SSO单点登录+Nginx+ZooKeeper
Redis集群架构 [课程介绍] Redis是现在使用为广泛的NoSQL数据库技术,其自身不仅拥有着良好的操作性能,也被广泛的应用于各种集群架构的数据整合处理之中,而本课程将通过Redis的核心作用, ...
最新文章
- 剑指offer:面试题07. 重建二叉树
- pywebio 和 pyecharts天生一对
- 基于SSM实现招聘网站
- 彻底卸载VS 2013
- laravel异常处理
- java 防止用户重复登录_JAVA 如何避免用户的重复登录
- 【C语言进阶深度学习记录】十一 C语言中enum,sizeof,typedef分析
- 用iArduino app+以太网插板实现“iPhone,iPadiPod无线控制Arduino”!
- 项目管理九大知识领域
- dnf超时空漩涡副本路线流程图_DNF超时空漩涡怎么打 队伍配置攻坚路线兵营boss攻略...
- ue4掉落深渊返回地面
- 10月10日~10月17 产品资讯
- 【调研】国内芯片公司对于存算一体芯片的相关调研
- linux命令:killall
- Windows 2003 SP2 截至 8.14 更新补丁汇总
- memset函数()详解
- [macOS]_[打开GBK-ANSI编码的中文字符文件乱码解决办法]
- Android系统开机到Launcher启动流程分析
- 计算机文档软件,电脑文档软件
- mongodb android,Android编程连接MongoDB及增删改查等基本操作示例
热门文章
- 《javascript语言精粹》读书笔记(一)
- strcpy_s与strcpy的比較
- Windows XP鲜为人知的70招
- 流行漏洞利用工具包瞄准Flash、Java和IE
- 读书笔记——Python第一个程序Hello world
- HTML5 canvas处理图片的各种效果,包括放大缩小涂鸦等
- 如何得到Mysql每个分组中的第N条记录
- 十五天精通WCF——第八天 对“绑定”的最后一点理解
- c++语言中,vector容器与list容器的区别和联系?_百度知道
- 软件开发面试_如何为成功的软件开发工作面试做准备