CAS (8) —— Mac下配置CAS到JBoss EAP 6.4(6.x)的Standalone模式(服務端)
jboss版本: jboss-eap-6.4-CVE-2015-7501
jdk版本: 1.7.0_79
cas版本: cas4.1.3
參考來源:
CAS 4.1.1 - JDBC authentication, failed to deploy
Securing JBoss EAP 6 - Implementing SSL
JBoss eap 6.4 mutual (two way) ssl configuration
Tomcat (1) —— Mac下配置Tomcat Https/SSL
準備工作
配置cas server到jboss eap 6.4需要做以下準備:
- 一個cas-server-webapp
- 一個jboss eap服務
- 配置jboss SSL
cas-server-webapp
可以參照下面兩篇文章,進行準備和配置:
jboss eap 6.4
配置jboss eap比較簡單,直接去官網註冊後就能下載了。
下載後也無需編譯,如果再Mac或linux下可以直接執行命令啟動jboss eap
Standalone模式:
:node6-a Richard$ ./bin/standalone.sh
Domain模式:
:node6-a Richard$ ./bin/domain.sh
新的EAP提供了兩種部署方式,官方推薦產品上使用Domain模式,關於Domain模式和Standalone模式有何區別,再次不贅述,weblogic也有類似特性,可以去官網上查詢。
如果能正常啟動,最後幾行的console輸出可能是:
09:05:34,206 INFO [org.springframework.web.servlet.DispatcherServlet] (ServerService Thread Pool -- 69)
FrameworkServlet 'cas': initialization completed in 820 ms
09:05:34,251 INFO [org.jboss.as.server] (Controller Boot Thread)
JBAS015859: 已部署的 "cas.war"(runtime-name: "cas.war")
09:05:34,256 INFO [org.jboss.as] (Controller Boot Thread)
JBAS015961: 偵聽 http://127.0.0.1:9990/management 的 HTTP 管理介面
09:05:34,257 INFO [org.jboss.as] (Controller Boot Thread)
JBAS015951: 管理控制檯偵聽於 http://127.0.0.1:9990
09:05:34,257 INFO [org.jboss.as] (Controller Boot Thread)
JBAS015874: JBoss EAP 6.4.0.GA (AS 7.5.0.Final-redhat-21) started in 9651ms - Started 551 of 588 services (60 services are lazy, passive or on-demand)
預設情況下,本地後臺服務管理的入口是http://127.0.0.1:9990/console。
*注意以下的測試都是基於Standalone模式
配置jboss SSL
這個版本的SSL的配置過程與Tomcat有些許差異,主要是因為jboss eap提供了Standalone與Domain兩種模式以及對配置檔案正規化的修改。至於從哪個版本起做的改變,在此不考證。
SSL金鑰和證照生成過程與Tomcat SSL一致,在此不贅述。
standalone.xml裡面有關鍵配置(Line 295~):
<subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="https" password="Hoau123" certificate-key-file="/Users/Richard/Documents/Dev/servers/cluster/keys/hoaukey"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost"/>
<alias name="sso.hoau.com"/>
</virtual-server>
</subsystem>
為subsystem新增了https connector以及為ssl指定certificate-key-file的路徑。
安裝cas.war
通過後臺console介面來部署比較方便
(1)選擇“Create Deployment”
(2)選擇“Add”
(3)點選“Browse”並選擇編譯好的war
錯誤
部署後可能會出現錯誤:
檢視server.log(../servers/cluster/jboss/node6-a/standalone/log)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name
'supportsTrustStoreSslSocketFactoryHttpClient': FactoryBean threw exception on object creation; nested exception is java.lang.NoSuchMethodError:
org.apache.http.impl.client.HttpClientBuilder.setSSLHostnameVerifier(Ljavax/net/ssl/HostnameVerifier;)L
org/apache/http/impl/client/HttpClientBuilder;
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:175)
[spring-beans-4.1.8.RELEASE.jar:4.1.8.RELEASE]
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:127)
[spring-beans-4.1.8.RELEASE.jar:4.1.8.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1523)
[spring-beans-4.1.8.RELEASE.jar:4.1.8.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:314)
[spring-beans-4.1.8.RELEASE.jar:4.1.8.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
[spring-beans-4.1.8.RELEASE.jar:4.1.8.RELEASE]
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
[spring-beans-4.1.8.RELEASE.jar:4.1.8.RELEASE]
... 64 more
解決辦法
此處懷疑jboss容器自帶的庫可能和Tomcat(8.x)有所差異,此處報錯的“org.apache.http.impl.client.HttpClientBuilder”屬於httpclient包下。
檢視檔案module.xml (路徑“../servers/cluster/jboss/node6-a/modules/system/layers/base/org/apache/httpcomponents/main”),發現jboss這個版本的jar是依賴與redhat自己打包的"httpclient-4.3.6.redhat-1.jar"和“httpcore-4.3.3.redhat-1.jar”。
暫且不考慮影響和更好的解決方案,一個可行方案是修改這個配置,將這兩個jar替換成httpclient的更高版本(此處為4.4.1)
maven
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.4.1</version>
</dependency>
module.xml
<?xml version="1.0" encoding="UTF-8"?>
<module xmlns="urn:jboss:module:1.1" name="org.apache.httpcomponents">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<!-- redhat original -->
<!-- <resource-root path="httpclient-4.3.6.redhat-1.jar"/>
<resource-root path="httpcore-4.3.3.redhat-1.jar"/>
<resource-root path="httpmime-4.3.6.redhat-1.jar"/> -->
<!-- redhat original -->
<!-- Richard Modify -->
<resource-root path="httpclient-4.4.1.jar"/>
<resource-root path="httpcore-4.4.1.jar"/>
<resource-root path="httpmime-4.3.6.redhat-1.jar"/>
<!-- Richard Modify -->
<!-- Insert resources here -->
</resources>
<dependencies>
<module name="javax.api"/>
<module name="org.apache.commons.codec"/>
<module name="org.apache.commons.logging"/>
<module name="org.apache.james.mime4j"/>
</dependencies>
</module>
測試
嘗試訪問
https://sso.hoau.com:8453/cas
並使用我們在資料庫裡面預埋的資料"casuser/Mellon"登陸
*擴充套件
參照資料庫使用者驗證和JpaTicketRegistry的方式,重新發布cas.war。這時可能會遇到另一個錯誤:
檢視server.log
10:28:09,762 ERROR [org.springframework.web.context.ContextLoader]
(ServerService Thread Pool -- 216) Context initialization failed:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in ServletContext resource [/WEB-INF/spring-configuration/ticketRegistry.xml]:
Invocation of init method failed; nested exception is java.lang.NoSuchMethodError:
javax.persistence.Table.indexes()[Ljavax/persistence/Index;
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1572)
[spring-beans-4.1.8.RELEASE.jar:4.1.8.RELEASE
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:539)
[spring-beans-4.1.8.RELEASE.jar:4.1.8.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
[spring-beans-4.1.8.RELEASE.jar:4.1.8.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
[spring-beans-4.1.8.RELEASE.jar:4.1.8.RELEASE]
這主要還是因為jboss EAP 6.4這個版本自帶jar包的問題。
解決方案
修改hibernate-jpa-api的jar包版本,路徑:
/Users/Richard/Documents/Dev/servers/cluster/jboss/node6-a/modules/system/layers/base/javax/persistence/api/main
module.xml
<module xmlns="urn:jboss:module:1.1" name="javax.persistence.api">
<dependencies>
<!-- PersistenceUnitInfo needs javax.sql.DataSource -->
<module name="javax.api" export="true"/>
</dependencies>
<resources>
<!-- original -->
<!-- <resource-root path="hibernate-jpa-2.0-api-1.0.1.Final-redhat-3.jar"/> -->
<!-- orginal -->
<!-- Richard modify -->
<resource-root path="hibernate-jpa-2.1-api-1.0.0.Final.jar"/>
<!-- Richard modify -->
<!-- Insert resources here -->
</resources>
</module>