Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [scheduler_Worker-2] INFO org.jasig.cas.services.DefaultServicesManagerImpl - Loaded 9 services.
- Hibernate: select trim(password) from system_users where username=?
- [http-nio-8080-exec-3] INFO org.jasig.cas.authentication.PolicyBasedAuthenticationManager - QueryDatabaseAuthenticationHandler successfully authenticated test+password
- Hibernate: SELECT * FROM system_users WHERE username = ?
- [http-nio-8080-exec-3] INFO org.jasig.cas.authentication.PolicyBasedAuthenticationManager - Authenticated test with credentials [test+password].
- [http-nio-8080-exec-3] INFO com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager - Audit trail record BEGIN
- =============================================================
- WHO: audit:unknown
- WHAT: supplied credentials: [test+password]
- ACTION: AUTHENTICATION_SUCCESS
- APPLICATION: CAS
- WHEN: Wed Oct 28 09:55:46 GMT 2015
- CLIENT IP ADDRESS: 10.10.11.115
- SERVER IP ADDRESS: 10.10.11.113
- =============================================================
- [http-nio-8080-exec-3] INFO com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager - Audit trail record BEGIN
- =============================================================
- WHO: audit:unknown
- WHAT: TGT-1-Ogj40oX5SQRVr6AHdJkStF5Oo0S4ESB96ExrOkIaGmeQ2rFafi-cas01.example.org
- ACTION: TICKET_GRANTING_TICKET_CREATED
- APPLICATION: CAS
- WHEN: Wed Oct 28 09:55:46 GMT 2015
- CLIENT IP ADDRESS: 10.10.11.115
- SERVER IP ADDRESS: 10.10.11.113
- =============================================================
- [http-nio-8080-exec-3] WARN org.jasig.cas.CentralAuthenticationServiceImpl - ServiceManagement: Unauthorized Service Access. Service [http://localhost/app/j_spring_cas_security_check] is not found in service registry.
- [http-nio-8080-exec-3] INFO com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager - Audit trail record BEGIN
- =============================================================
- WHO: test
- WHAT: http://localhost/app/j_spring_cas_security_check
- ACTION: SERVICE_TICKET_NOT_CREATED
- APPLICATION: CAS
- WHEN: Wed Oct 28 09:55:46 GMT 2015
- CLIENT IP ADDRESS: 10.10.11.115
- SERVER IP ADDRESS: 10.10.11.113
- =============================================================
- [http-nio-8080-exec-5] WARN org.jasig.cas.CentralAuthenticationServiceImpl - ServiceManagement: Unauthorized Service Access. Service [http://localhost/app/j_spring_cas_security_check] is not found in service registry.
- [http-nio-8080-exec-5] INFO com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager - Audit trail record BEGIN
- =============================================================
- WHO: test
- WHAT: http://localhost/app/j_spring_cas_security_check
- ACTION: SERVICE_TICKET_NOT_CREATED
- APPLICATION: CAS
- WHEN: Wed Oct 28 09:55:50 GMT 2015
- CLIENT IP ADDRESS: 10.10.11.115
- SERVER IP ADDRESS: 10.10.11.113
- =============================================================
- server.name=http://localhost:8080
- server.prefix=${server.name}/cas
- # IP address or CIDR subnet allowed to access the /status URI of CAS that exposes health check information
- cas.securityContext.status.allowedSubnet=127.0.0.1
- cas.themeResolver.defaultThemeName=cas-theme-default
- cas.viewResolver.basename=default_views
- ##
- # Unique CAS node name
- # host.name is used to generate unique Service Ticket IDs and SAMLArtifacts. This is usually set to the specific
- # hostname of the machine running the CAS node, but it could be any label so long as it is unique in the cluster.
- host.name=cas01.example.org
- ##
- # Database flavors for Hibernate
- #
- # One of these is needed if you are storing Services or Tickets in an RDBMS via JPA.
- #
- # database.hibernate.dialect=org.hibernate.dialect.OracleDialect
- # database.hibernate.dialect=org.hibernate.dialect.MySQLInnoDBDialect
- database.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
- ##
- # CAS Logout Behavior
- # WEB-INF/cas-servlet.xml
- #
- # Specify whether CAS should redirect to the specified service parameter on /logout requests
- # cas.logout.followServiceRedirects=false
- ##
- # Single Sign-On Session Timeouts
- # Defaults sourced from WEB-INF/spring-configuration/ticketExpirationPolices.xml
- #
- # Maximum session timeout - TGT will expire in maxTimeToLiveInSeconds regardless of usage
- # tgt.maxTimeToLiveInSeconds=28800
- #
- # Idle session timeout - TGT will expire sooner than maxTimeToLiveInSeconds if no further requests
- # for STs occur within timeToKillInSeconds
- # tgt.timeToKillInSeconds=7200
- ##
- # Service Ticket Timeout
- # Default sourced from WEB-INF/spring-configuration/ticketExpirationPolices.xml
- #
- # Service Ticket timeout - typically kept short as a control against replay attacks, default is 10s. You'll want to
- # increase this timeout if you are manually testing service ticket creation/validation via tamperdata or similar tools
- # st.timeToKillInSeconds=10
- ##
- # Single Logout Out Callbacks
- # Default sourced from WEB-INF/spring-configuration/argumentExtractorsConfiguration.xml
- #
- # To turn off all back channel SLO requests set slo.disabled to true
- # slo.callbacks.disabled=false
- ##
- # Service Registry Periodic Reloading Scheduler
- # Default sourced from WEB-INF/spring-configuration/applicationContext.xml
- #
- # Force a startup delay of 2 minutes.
- # service.registry.quartz.reloader.startDelay=120000
- #
- # Reload services every 2 minutes
- # service.registry.quartz.reloader.repeatInterval=120000
- ##
- # Log4j
- # Default sourced from WEB-INF/spring-configuration/log4jConfiguration.xml:
- #
- # It is often time helpful to externalize log4j.xml to a system path to preserve settings between upgrades.
- # e.g. log4j.config.location=/etc/cas/log4j.xml
- # log4j.config.location=classpath:log4j.xml
- #
- # log4j refresh interval in millis
- # log4j.refresh.interval=60000
- ##
- # Password Policy
- #
- # Warn all users of expiration date regardless of warningDays value.
- password.policy.warnAll=false
- # Threshold number of days to begin displaying password expiration warnings.
- password.policy.warningDays=30
- # URL to which the user will be redirected to change the passsword.
- #password.policy.url=https://password.example.edu/change
- password.policy.url=http://fix.me
- <?xml version="1.0" encoding="UTF-8"?>
- <!--
- | deployerConfigContext.xml centralizes into one file some of the declarative configuration that
- | all CAS deployers will need to modify.
- |
- | This file declares some of the Spring-managed JavaBeans that make up a CAS deployment.
- | The beans declared in this file are instantiated at context initialization time by the Spring
- | ContextLoaderListener declared in web.xml. It finds this file because this
- | file is among those declared in the context parameter "contextConfigLocation".
- |
- | By far the most common change you will need to make in this file is to change the last bean
- | declaration to replace the default authentication handler with
- | one implementing your approach for authenticating usernames and passwords.
- +-->
- <beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:tx="http://www.springframework.org/schema/tx"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:sec="http://www.springframework.org/schema/security"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
- http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
- http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
- <!--
- | The authentication manager defines security policy for authentication by specifying at a minimum
- | the authentication handlers that will be used to authenticate credential. While the AuthenticationManager
- | interface supports plugging in another implementation, the default PolicyBasedAuthenticationManager should
- | be sufficient in most cases.
- +-->
- <bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
- <constructor-arg>
- <map>
- <!--
- | IMPORTANT
- | Every handler requires a unique name.
- | If more than one instance of the same handler class is configured, you must explicitly
- | set its name to something other than its default name (typically the simple class name).
- -->
- <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
- <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" />
- </map>
- </constructor-arg>
- <!-- Uncomment the metadata populator to allow clearpass to capture and cache the password
- This switch effectively will turn on clearpass.
- <property name="authenticationMetaDataPopulators">
- <util:list>
- <bean class="org.jasig.cas.extension.clearpass.CacheCredentialsMetaDataPopulator"
- c:credentialCache-ref="encryptedMap" />
- </util:list>
- </property>
- -->
- <!--
- | Defines the security policy around authentication. Some alternative policies that ship with CAS:
- |
- | * NotPreventedAuthenticationPolicy - all credential must either pass or fail authentication
- | * AllAuthenticationPolicy - all presented credential must be authenticated successfully
- | * RequiredHandlerAuthenticationPolicy - specifies a handler that must authenticate its credential to pass
- -->
- <property name="authenticationPolicy">
- <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" />
- </property>
- </bean>
- <!-- Required for proxy ticket mechanism. -->
- <bean id="proxyAuthenticationHandler"
- class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
- p:httpClient-ref="httpClient"
- p:requireSecure="false"
- />
- <!--
- | TODO: Replace this component with one suitable for your enviroment.
- |
- | This component provides authentication for the kind of credential used in your environment. In most cases
- | credential is a username/password pair that lives in a system of record like an LDAP directory.
- | The most common authentication handler beans:
- |
- | * org.jasig.cas.authentication.LdapAuthenticationHandler
- | * org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler
- | * org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler
- | * org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler
- -->
- <bean id="primaryAuthenticationHandler"
- class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
- <property name="passwordEncoder">
- <bean
- class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">
- <constructor-arg value="MD5" />
- </bean>
- </property>
- <property name="dataSource" ref="dataSource" />
- <property name="sql" value="select trim(password) from system_users where username=?" />
- </bean>
- <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
- <property name="driverClassName" >
- <value>org.postgresql.Driver</value>
- </property>
- <property name="url">
- <value>jdbc:postgresql://m-test-db:5432/casdb</value>
- </property>
- <property name="username">
- <value>admin</value>
- </property>
- <property name="password">
- <value>qwe123</value>
- </property>
- </bean>
- <!-- Required for proxy ticket mechanism -->
- <bean id="proxyPrincipalResolver"
- class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
- <!--
- | Resolves a principal from a credential using an attribute repository that is configured to resolve
- | against a deployer-specific store (e.g. LDAP).
- -->
- <bean id="primaryPrincipalResolver"
- class="org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" >
- <property name="attributeRepository" ref="attributeRepository" />
- </bean>
- <!--
- Bean that defines the attributes that a service may return. This example uses the Stub/Mock version. A real implementation
- may go against a database or LDAP server. The id should remain "attributeRepository" though.
- +-->
- <bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
- <constructor-arg index="0" ref="dataSource" />
- <constructor-arg index="1" value="SELECT * FROM system_users WHERE {0}" />
- <property name="queryAttributeMapping">
- <map>
- <entry key="username" value="username" />
- </map>
- </property>
- <property name="resultAttributeMapping">
- <map>
- <entry key="username" value="username" />
- <entry key="first_name" value="FirstName" />
- <entry key="last_name" value="LastName" />
- <entry key="active" value="active" />
- </map>
- </property>
- </bean>
- <util:map id="attrRepoBackingMap">
- <entry key="uid" value="uid" />
- <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
- <entry key="groupMembership" value="groupMembership" />
- </util:map>
- <bean class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor" />
- <bean id="serviceRegistryDao"
- class="org.jasig.cas.services.JpaServiceRegistryDaoImpl"
- /><!--
- p:entityManager-ref="entityManager"
- -->
- <!--
- <bean id="entityManager"
- factory-bean="entityManagerFactory"
- factory-method="getEntityManagerInterface"/>
- -->
- <bean id="entityManagerFactory"
- class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
- <property name="dataSource" ref="dataSource"/>
- <property name="packagesToScan">
- <list>
- <value>org.jasig.cas.services</value>
- <value>org.jasig.cas.ticket</value>
- <value>org.jasig.cas.ticket.registry.support</value>
- </list>
- </property>
- <property name="jpaVendorAdapter">
- <bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
- <property name="generateDdl" value="true"/>
- <property name="showSql" value="true" />
- </bean>
- </property>
- <property name="jpaProperties">
- <props>
- <prop key="hibernate.dialect">org.hibernate.dialect.PostgreSQLDialect</prop>
- <prop key="hibernate.hbm2ddl.auto">update</prop>
- </props>
- </property>
- </bean>
- <bean id="transactionManager"
- class="org.springframework.orm.jpa.JpaTransactionManager">
- <property name="entityManagerFactory" ref="entityManagerFactory"/>
- </bean>
- <tx:annotation-driven transaction-manager="transactionManager"/>
- <util:list id="registeredServicesList">
- <bean class="org.jasig.cas.services.RegexRegisteredService"
- p:id="0" p:name="HTTP and IMAP" p:description="Allows HTTP(S) and IMAP(S) protocols"
- p:serviceId="^(http?|https?|imaps?):/.*" p:evaluationOrder="10000001" />
- <!--
- Use the following definition instead of the above to further restrict access
- to services within your domain (including sub domains).
- Note that example.com must be replaced with the domain you wish to permit.
- This example also demonstrates the configuration of an attribute filter
- that only allows for attributes whose length is 3.
- -->
- <!--
- <bean class="org.jasig.cas.services.RegexRegisteredService">
- <property name="id" value="1" />
- <property name="name" value="HTTP and IMAP on example.com" />
- <property name="description" value="Allows HTTP(S) and IMAP(S) protocols on example.com" />
- <property name="serviceId" value="^(https?|imaps?)://([A-Za-z0-9_-]+.)*example.com/.*" />
- <property name="evaluationOrder" value="0" />
- <property name="attributeFilter">
- <bean class="org.jasig.cas.services.support.RegisteredServiceRegexAttributeFilter" c:regex="^w{3}$" />
- </property>
- </bean>
- -->
- </util:list>
- <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
- <bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor" p:monitors-ref="monitorsList" />
- <util:list id="monitorsList">
- <bean class="org.jasig.cas.monitor.MemoryMonitor" p:freeMemoryWarnThreshold="10" />
- <!--
- NOTE
- The following ticket registries support SessionMonitor:
- * DefaultTicketRegistry
- * JpaTicketRegistry
- Remove this monitor if you use an unsupported registry.
- -->
- <bean class="org.jasig.cas.monitor.SessionMonitor"
- p:ticketRegistry-ref="ticketRegistry"
- p:serviceTicketCountWarnThreshold="5000"
- p:sessionCountWarnThreshold="100000" />
- </util:list>
- </beans>
- <?xml version="1.0" encoding="UTF-8"?>
- <project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd ">
- <modelVersion>4.0.0</modelVersion>
- <groupId>net.unicon</groupId>
- <artifactId>cas-server</artifactId>
- <packaging>war</packaging>
- <version>1.0</version>
- <properties>
- <hibernate.validator.version>4.2.0.Final</hibernate.validator.version>
- <hibernate.version>4.1.0.Final</hibernate.version>
- <cas.version>4.0.0</cas.version>
- <maven.compiler.source>1.7</maven.compiler.source>
- <maven.compiler.target>1.7</maven.compiler.target>
- <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- </properties>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.6</version>
- <configuration>
- <warName>cas</warName>
- <webResources>
- <resource>
- <directory>src/main/webapp/WEB-INF</directory>
- <filtering>true</filtering>
- <targetPath>WEB-INF</targetPath>
- </resource>
- </webResources>
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-compiler-plugin</artifactId>
- <version>3.3</version>
- <configuration>
- <source>${maven.compiler.source}</source>
- <target>${maven.compiler.target}</target>
- </configuration>
- </plugin>
- </plugins>
- </build>
- <dependencies>
- <dependency>
- <groupId>org.jasig.cas</groupId>
- <artifactId>cas-server-webapp</artifactId>
- <version>${cas.version}</version>
- <type>war</type>
- <scope>runtime</scope>
- </dependency>
- <dependency>
- <groupId>org.jasig.cas</groupId>
- <artifactId>cas-server-core</artifactId>
- <version>${cas.version}</version>
- </dependency>
- <dependency>
- <groupId>org.jasig.cas</groupId>
- <artifactId>cas-server-support-jdbc</artifactId>
- <version>${cas.version}</version>
- </dependency>
- <dependency>
- <groupId>org.postgresql</groupId>
- <artifactId>postgresql</artifactId>
- <version>9.4-1200-jdbc41</version>
- </dependency>
- <dependency>
- <groupId>commons-dbcp</groupId>
- <artifactId>commons-dbcp</artifactId>
- <version>1.4</version>
- </dependency>
- <dependency>
- <groupId>org.hibernate</groupId>
- <artifactId>hibernate-core</artifactId>
- <version>${hibernate.version}</version>
- <type>jar</type>
- </dependency>
- <dependency>
- <groupId>org.hibernate</groupId>
- <artifactId>hibernate-entitymanager</artifactId>
- <version>${hibernate.version}</version>
- <type>jar</type>
- </dependency>
- <dependency>
- <groupId>org.hibernate</groupId>
- <artifactId>hibernate-validator</artifactId>
- <version>${hibernate.validator.version}</version>
- </dependency>
- </dependencies>
- <repositories>
- <repository>
- <id>sonatype-releases</id>
- <url>http://oss.sonatype.org/content/repositories/releases/</url>
- </repository>
- <repository>
- <id>sonatype-snapshots</id>
- <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
- </repository>
- </repositories>
- </project>
- <bean id="serviceRegistryDao"
- class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"
- p:registeredServices-ref="registeredServicesList" />
- <util:list id="registeredServicesList">
- <bean class="org.jasig.cas.services.RegexRegisteredService"
- p:id="1"
- p:name="jason web application"
- p:serviceId="^(https?|imaps?|http?)://.*"
- p:evaluationOrder="0" />
- </util:list>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement