- webrick now runs in SSL mode - no need for reverse proxy
- css files are sourced properly for non-root mounts - more detailed logging throughout git-svn-id: https://rubycas-server.googlecode.com/svn/trunk@46 fffcb96a-a727-0410-ad3e-7b35c796b8d7
This commit is contained in:
matt.zukowski
Родитель
161dc42db3
Коммит
c04f69c6ce
37
casserver.rb
37
casserver.rb
|
|
@ -59,11 +59,40 @@ if __FILE__ == $0
|
|||
case CASServer::Conf.server
|
||||
when "webrick", :webrick
|
||||
require 'webrick/httpserver'
|
||||
require 'webrick/https'
|
||||
require 'camping/webrick'
|
||||
|
||||
s = WEBrick::HTTPServer.new :BindAddress => "0.0.0.0", :Port => CASServer::Conf.port
|
||||
# TODO: verify the certificate's validity
|
||||
# example of how to do this is here: http://pablotron.org/download/ruri-20050331.rb
|
||||
|
||||
cert_path = CASServer::Conf.ssl_cert
|
||||
key_path = CASServer::Conf.ssl_key || CASServer::Conf.ssl_cert
|
||||
# look for the key in the ssl_cert if no ssl_key is specified
|
||||
|
||||
raise "'#{cert_path}' is not a valid ssl certificate. Your 'ssl_cert' configuration" +
|
||||
" setting must be a path to a valid ssl certificate file." unless
|
||||
File.exists? cert_path
|
||||
|
||||
raise "'#{key_path}' is not a valid ssl private key. Your 'ssl_key' configuration" +
|
||||
" setting must be a path to a valid ssl private key file." unless
|
||||
File.exists? key_path
|
||||
|
||||
cert = OpenSSL::X509::Certificate.new(File.read(cert_path))
|
||||
key = OpenSSL::PKey::RSA.new(File.read(key_path))
|
||||
|
||||
s = WEBrick::HTTPServer.new(
|
||||
:BindAddress => "0.0.0.0",
|
||||
:Port => CASServer::Conf.port,
|
||||
:SSLEnable => true,
|
||||
:SSLVerifyClient => ::OpenSSL::SSL::VERIFY_NONE,
|
||||
:SSLCertificate => cert,
|
||||
:SSLPrivateKey => key
|
||||
)
|
||||
|
||||
CASServer.create
|
||||
s.mount "/", WEBrick::CampingHandler, CASServer
|
||||
s.mount "#{CASServer::Conf.uri_path}", WEBrick::CampingHandler, CASServer
|
||||
|
||||
puts "\n** CASServer is running at http://localhost:#{CASServer::Conf.port}#{CASServer::Conf.uri_path} and logging to '#{CASServer::Conf.log[:file]}'\n\n"
|
||||
|
||||
# This lets Ctrl+C shut down your server
|
||||
trap(:INT) do
|
||||
|
|
@ -79,8 +108,8 @@ if __FILE__ == $0
|
|||
|
||||
CASServer.create
|
||||
|
||||
server = Mongrel::Camping::start("0.0.0.0",CASServer::Conf.port,"/#{CASServer::Conf.uri_path}",CASServer)
|
||||
puts "\n** CASServer is running at http://localhost:#{CASServer::Conf.port}/#{CASServer::Conf.uri_path} and logging to '#{CASServer::Conf.log[:file]}'"
|
||||
server = Mongrel::Camping::start("0.0.0.0",CASServer::Conf.port,"#{CASServer::Conf.uri_path}",CASServer)
|
||||
puts "\n** CASServer is running at http://localhost:#{CASServer::Conf.port}#{CASServer::Conf.uri_path} and logging to '#{CASServer::Conf.log[:file]}'"
|
||||
server.run.join
|
||||
|
||||
when "fastcgi", :fastcgi
|
||||
|
|
|
|||
|
|
@ -13,6 +13,8 @@ module CASServer::CAS
|
|||
lt.ticket = "LT-" + CASServer::Utils.random_string
|
||||
lt.client_hostname = env['REMOTE_HOST'] || env['REMOTE_ADDR']
|
||||
lt.save!
|
||||
$LOG.debug("Generated login ticket '#{lt.ticket}' for client" +
|
||||
" at '#{lt.client_hostname}'")
|
||||
lt
|
||||
end
|
||||
|
||||
|
|
@ -23,6 +25,8 @@ module CASServer::CAS
|
|||
tgt.username = username
|
||||
tgt.client_hostname = env['REMOTE_HOST'] || env['REMOTE_ADDR']
|
||||
tgt.save!
|
||||
$LOG.debug("Generated ticket granting ticket '#{tgt.ticket}' for user" +
|
||||
" '#{tgt.username}' at '#{tgt.client_hostname}'")
|
||||
tgt
|
||||
end
|
||||
|
||||
|
|
@ -34,6 +38,8 @@ module CASServer::CAS
|
|||
st.username = username
|
||||
st.client_hostname = env['REMOTE_HOST'] || env['REMOTE_ADDR']
|
||||
st.save!
|
||||
$LOG.debug("Generated service ticket '#{st.ticket}' for service '#{st.service}'" +
|
||||
" for user '#{st.username}' at '#{st.client_hostname}'")
|
||||
st
|
||||
end
|
||||
|
||||
|
|
@ -46,6 +52,9 @@ module CASServer::CAS
|
|||
pt.proxy_granting_ticket_id = pgt.id
|
||||
pt.client_hostname = env['REMOTE_HOST'] || env['REMOTE_ADDR']
|
||||
pt.save!
|
||||
$LOG.debug("Generated proxy ticket '#{pt.ticket}' for target service '#{pt.service}'" +
|
||||
" for user '#{pt.username}' at '#{pt.client_hostname}' using proxy-granting" +
|
||||
" ticket '#{pgt.ticket}'")
|
||||
pt
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -33,7 +33,8 @@ module CASServer
|
|||
:service_ticket_expiry => 5.minutes, # CAS Protocol Spec, sec. 3.2.1 (recommended expiry time)
|
||||
:proxy_granting_ticket_expiry => 48.hours,
|
||||
:ticket_granting_ticket_expiry => 48.hours,
|
||||
:log => {:file => 'casserver.log', :level => 'DEBUG'}
|
||||
:log => {:file => 'casserver.log', :level => 'DEBUG'},
|
||||
:uri_path => "/"
|
||||
}
|
||||
|
||||
def [](key)
|
||||
|
|
|
|||
|
|
@ -70,14 +70,14 @@ module CASServer::Controllers
|
|||
$LOG.debug("Ticket granting cookie '#{@cookies[:tgt]}' granted to '#{@username}'")
|
||||
|
||||
if @service.blank?
|
||||
$LOG.info("Successfully authenticated user '#{@username}'. No service param was given, so we will not redirect.")
|
||||
$LOG.info("Successfully authenticated user '#{@username}' at '#{tgt.client_hostname}'. No service param was given, so we will not redirect.")
|
||||
@message = {:type => 'confirmation', :message => "You have successfully logged in."}
|
||||
render :login
|
||||
else
|
||||
@st = generate_service_ticket(@service, @username)
|
||||
service_with_ticket = service_uri_with_ticket(@service, @st)
|
||||
|
||||
$LOG.info("Redirecting authenticated user '#{@username}' to service '#{@service}'")
|
||||
$LOG.info("Redirecting authenticated user '#{@username}' at '#{@st.client_hostname}' to service '#{@service}'")
|
||||
return redirect(service_with_ticket, :status => 303) # response code 303 means "See Other" (see Appendix B in CAS Protocol spec)
|
||||
end
|
||||
else
|
||||
|
|
@ -114,7 +114,7 @@ module CASServer::Controllers
|
|||
|
||||
$LOG.debug("Deleting Ticket-Granting Ticket '#{tgt}' for user '#{tgt.username}'")
|
||||
|
||||
$LOG.info("User #{tgt.username} logged out.")
|
||||
$LOG.info("User '#{tgt.username}' logged out.")
|
||||
else
|
||||
$LOG.warn("User tried to log out without a valid ticket-granting ticket.")
|
||||
end
|
||||
|
|
@ -224,7 +224,7 @@ module CASServer::Controllers
|
|||
@ticket = @input['pgt']
|
||||
@target_service = @input['targetService']
|
||||
|
||||
pgt, @error = validate_proxy_granting_ticket(@ticket, @target_service)
|
||||
pgt, @error = validate_proxy_granting_ticket(@ticket)
|
||||
@success = pgt && !@error
|
||||
|
||||
if @success
|
||||
|
|
|
|||
|
|
@ -12,8 +12,8 @@ module CASServer::Views
|
|||
xhtml_strict do
|
||||
head do
|
||||
title { "#{organization} Central Login" }
|
||||
link(:rel => "stylesheet", :type => "text/css", :href => "themes/cas.css")
|
||||
link(:rel => "stylesheet", :type => "text/css", :href => "themes/#{current_theme}/theme.css")
|
||||
link(:rel => "stylesheet", :type => "text/css", :href => "/themes/cas.css")
|
||||
link(:rel => "stylesheet", :type => "text/css", :href => "/themes/#{current_theme}/theme.css")
|
||||
end
|
||||
body(:onload => "if (document.getElementById('username')) document.getElementById('username').focus()") do
|
||||
self << yield
|
||||
|
|
|
|||
|
|
@ -7,18 +7,40 @@
|
|||
# are currently supported:
|
||||
#
|
||||
# webrick -- run as a stand-alone webrick server; this is the default method
|
||||
# mongrel -- run as a stand-alone mongrel server; fast, but you'll need to install mongrel first
|
||||
# mongrel -- run as a stand-alone mongrel server; fast, but you'll need to install
|
||||
# mongrel and run it behind an https reverse proxy like Pound or Apache 2.2's mod_proxy)
|
||||
# cgi -- slow, but simple to set up if you're already familliar with deploying CGI scripts
|
||||
# fastcgi -- see http://www.fastcgi.com (e.g. under Apache you can use this with mod_fastcgi)
|
||||
#
|
||||
# The cgi and fastcgi methods have not been thoroughly tested! Please report any problems to the authors.
|
||||
# The cgi and fastcgi methods have not been thoroughly tested!
|
||||
# Please report any problems to the authors.
|
||||
#
|
||||
# IMPORTANT: If you use the webrick or mongrel methods, you will need to run the server behind reverse proxy
|
||||
# (Pound, Apache 2.2 with mod_proxy, etc.) since neither webrick nor mongrel support SSL/HTTPS.
|
||||
# See the RubyCAS-Server install docs for more info.
|
||||
# IMPORTANT: If you use mongrel, you will need to run the server behind a reverse proxy
|
||||
# (Pound, Apache 2.2 with mod_proxy, etc.) since mongrel does not support SSL/HTTPS.
|
||||
# See the RubyCAS-Server install docs for more info. Also, mongrel requries
|
||||
# Camping 1.5.180 which as of writing is only available via SVN. You can install
|
||||
# this by running `gem install camping --source code.whytheluckystiff.net`
|
||||
|
||||
### webrick example
|
||||
|
||||
server: webrick
|
||||
port: 110011 # the port setting is only used when using 'webrick' or 'mongrel'
|
||||
port: 443
|
||||
ssl_cert: /path/to/your/ssl.pem
|
||||
# ssl_key: /path/to/your/private_key.pem <-- if private key is separate from cert
|
||||
|
||||
### mongrel example (you will need to run this behind an https reverse proxy,
|
||||
### since mongrel doesn't support SSL on its own)
|
||||
|
||||
#server: mongrel
|
||||
#port: 110011
|
||||
|
||||
### cgi example (you'll need to serve this via an SSL-capable server like Apache)
|
||||
|
||||
#server: cgi
|
||||
|
||||
### fastcgi example (you'll need to serve this via an SSL-capable server like Apache)
|
||||
|
||||
#server: fastcgi
|
||||
|
||||
|
||||
##### DATABASE #######################################################################
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче