【CAS】Flask客户端配置_flask cas-程序员宅基地
技术标签: CAS maven Python-CAS
CAS服务端配置,看这里
本文基于Flask-CAS作为客户端与CAS服务端调试,测试多属性返回信息。
1 环境说明
Flask-CAS: 1.0.1,基于源码安装。pip安装方式只能安装1.0.0版本。
Flask: 1.0.2
Python: 3.6
2 客户端工程目录
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
__title__ = ''
"""
import ssl
import flask
from flask import current_app
from flask_cas import CAS
try:
from flask import _app_ctx_stack as stack
except ImportError:
from flask import _request_ctx_stack as stack
from functools import wraps
# ssl._create_default_https_context = ssl._create_unverified_context
class MyCas(CAS):
@staticmethod
def login():
return flask.redirect(flask.url_for('cas.login', _external=True))
@staticmethod
def logout():
return flask.redirect(flask.url_for('cas.logout', _external=True))
def login_required(self, function):
@wraps(function)
def wrap(*args, **kwargs):
for k, v in flask.session.items():
print('*{k1}***{v1}'.format(k1=k, v1=v))
if 'CAS_USERNAME' not in flask.session:
flask.session['CAS_AFTER_LOGIN_SESSION_URL'] = (
flask.request.script_root +
flask.request.full_path
)
return flask.redirect(flask.url_for('cas.login', _external=True))
else:
# 权限校验
if permissio_check(flask.session['CAS_USERNAME'], flask.request.endpoint):
return function(*args, **kwargs)
else:
raise AuthException
return wrap
def permissio_check(username, require_path):
# 这里修改成你自己的账号和访问权限
if username == 'hebj':
permission = 't1'
if require_path == permission:
return True
else:
return False
from werkzeug.exceptions import HTTPException
class AuthException(HTTPException):
code = 403
msg = 'forbidden to acess this page'
error_code = 1001
def get_body(self, environ=None):
body = dict(
msg=self.msg,
error_code=self.error_code
)
from flask import json
text = json.dumps(body)
return text
def get_headers(self, environ=None):
"""Get a list of headers."""
return [('Content-Type', 'application/json')]
# app.py
from os import path, getcwd
from sys import argv
from flask import Flask, render_template, session, redirect, send_from_directory, jsonify
# from flask_cas import login
# from flask_cas import logout
# from my_cas import MyCas
import logging
from my_cas import MyCas
app = Flask(__name__)
cas = MyCas(app, '/cas')
# app.config['CAS_SERVER'] = 'http://172.16.0.10:8080'
app.config['CAS_SERVER'] = 'https://sso.bob.net:8443'
# app.config['CAS_SERVER'] = 'https://10.110.193.46:8443'
app.config['CAS_AFTER_LOGIN'] = 'secure'
# app.config['CAS_LOGOUT_ROUTE'] =
# app.config['CAS_VALIDATE_ROUTE'] =
#app.config['CAS_VALIDATE_ROUTE'] = '/cas/p3/serviceValidate'
app.config['CAS_VALIDATE_ROUTE'] = '/cas/serviceValidate'
@app.route("/logout")
def logout():
session.clear()
return render_template('logout.html')
@app.route("/t1")
@cas.login_required
def t1():
return jsonify({'msg':'this is test1'})
@app.route("/t2")
@cas.login_required
def t2():
return jsonify({'msg':'this is test2'})
@app.route("/caslogout")
def caslogout():
return redirect(app.config['CAS_LOGOUT_ROUTE'], code=302)
# @app.route("/")
# def main():
# return render_template('index.html')
@app.route("/<path:filename>")
def static_files(filename):
return send_from_directory(path.join(getcwd(), 'static'), filename)
if __name__ == "__main__":
if len(argv) >= 3 and argv[1] == '--server':
app.config['CAS_SERVER'] = argv[2]
app.secret_key = 'super secret key'
app.config['SESSION_TYPE'] = 'filesystem'
app.debug = True
app.run()
3 客户端调试
3.1 客户端无法正常获取属性信息
问题:
在flask.session中输出session中所有信息,只有用户名以及token,并未包含相关的属性信息。
for k, v in flask.session.items():
print('*{k1}***{v1}'.format(k1=k, v1=v)){
'CAS_USERNAME':'hebj',
'_CAS_TOKEN', 'ST-1-2awnHgVcXO2yhbEZrQBjzswrIiUbobmac'
}但是在CAS服务端能够正常的显示这些信息,如下所示:
2020-02-23 14:44:00,981 INFO [org.apereo.cas.support.events.listener.DefaultCasEventListener] - <>
2020-02-23 14:44:00,981 INFO [org.apereo.cas.support.events.listener.DefaultCasEventListener] - <Ready to process requests @ [2020-02-23T06:44:00.980Z]>
2020-02-23 14:44:00,982 INFO [org.apereo.cas.web.CasWebApplication] - <Started CasWebApplication in 23.367 seconds (JVM running for 25.257)>
2020-02-23 14:44:20,598 INFO [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Setting path for cookies for warn cookie generator to: [/cas/] >
2020-02-23 14:44:20,631 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [event=success,timestamp=Sun Feb 23 14:44:20 CST 2020,source=RankedAuthenticationProviderWebflowEventResolver]
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 14:44:20 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 14:44:20,877 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [1] service(s) from [JsonServiceRegistry].>
2020-02-23 14:44:30,889 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.>
2020-02-23 14:44:35,282 INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authenticated principal [hebj] with attributes [{admin_multi=1, user_multi=[2, 1]}] via credentials [[UsernamePasswordCredential(username=hebj)]].>
2020-02-23 14:44:35,284 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: Supplied credentials: [UsernamePasswordCredential(username=hebj)]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Sun Feb 23 14:44:35 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 14:44:35,294 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,principal=SimplePrincipal(id=hebj, attributes={admin_multi=1, user_multi=[2, 1]}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 14:44:35 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 14:44:35,378 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,principal=SimplePrincipal(id=hebj, attributes={admin_multi=[1], user_multi=[2, 1]}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 14:44:35 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 14:44:35,385 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: TGT-1-********************************************************2Bz-dt-XsVIbobmac
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Sun Feb 23 14:44:35 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 14:44:35,397 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 14:44:35 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 14:44:35,407 INFO [org.apereo.cas.DefaultCentralAuthenticationService] - <Granted ticket [ST-1-2awnHgVcXO2yhbEZrQBjzswrIiUbobmac] for service [http://localhost:5000/cas/login/?origin=%2Ft1%3F] and principal [hebj]>
2020-02-23 14:44:35,409 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: ST-1-2awnHgVcXO2yhbEZrQBjzswrIiUbobmac for http://localhost:5000/cas/login/?origin=%2Ft1%3F
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Sun Feb 23 14:44:35 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 14:44:35,497 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,principal=SimplePrincipal(id=hebj, attributes={admin_multi=[1], user_multi=[2, 1]}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 14:44:35 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 14:44:35,505 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: ST-1-2awnHgVcXO2yhbEZrQBjzswrIiUbobmac for http://localhost:5000/cas/login/?origin=%2Ft1%3F
ACTION: SERVICE_TICKET_VALIDATED
APPLICATION: CAS
WHEN: Sun Feb 23 14:44:35 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
解决办法:
1. 确认CAS服务端工程中的services目录下的JSON文件名是否与配置一致,确认JSON文件中配置了属性返回模式,即如下:
"attributeReleasePolicy": {
"@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
}
或者
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "属性1", "属性2" ] ]
}
确认后,JSON文件没有问题,还有其他原因导致客户端没有收到相关数据。
2. 确认客户端与服务端的CAS协议是基于3.0协议。这个问题比较难排查。
在Flask-CAS中,如何设置使用CAS3.0协议,客户端中直接加入“p3”,就表示基于CAS3.0协议接收数据。
app.config['CAS_VALIDATE_ROUTE'] = '/cas/p3/serviceValidate'
CAS服务端返回信息如下:
2020-02-23 10:31:30,371 INFO [org.apereo.cas.support.events.listener.DefaultCasEventListener] - <Ready to process requests @ [2020-02-23T02:31:30.371Z]>
2020-02-23 10:31:30,373 INFO [org.apereo.cas.web.CasWebApplication] - <Started CasWebApplication in 25.929 seconds (JVM running for 27.938)>
2020-02-23 10:31:50,273 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [1] service(s) from [JsonServiceRegistry].>
2020-02-23 10:32:00,278 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.>
2020-02-23 10:33:50,276 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [1] service(s) from [JsonServiceRegistry].>
2020-02-23 10:33:58,931 INFO [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Setting path for cookies for warn cookie generator to: [/cas/] >
2020-02-23 10:33:58,965 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [event=success,timestamp=Sun Feb 23 10:33:58 CST 2020,source=RankedAuthenticationProviderWebflowEventResolver]
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 10:33:58 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 10:34:00,280 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.>
2020-02-23 10:34:14,918 INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authenticated principal [hebj] with attributes [{admin_multi=1, user_multi=[2, 1]}] via credentials [[UsernamePasswordCredential(username=hebj)]].>
2020-02-23 10:34:14,921 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: Supplied credentials: [UsernamePasswordCredential(username=hebj)]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Sun Feb 23 10:34:14 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 10:34:14,935 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,principal=SimplePrincipal(id=hebj, attributes={admin_multi=1, user_multi=[2, 1]}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 10:34:14 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 10:34:15,025 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,principal=SimplePrincipal(id=hebj, attributes={admin_multi=[1], user_multi=[2, 1]}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 10:34:15 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 10:34:15,032 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: TGT-1-********************************************************HHEsZohjbFAbobmac
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Sun Feb 23 10:34:15 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 10:34:15,045 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 10:34:15 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 10:34:15,055 INFO [org.apereo.cas.DefaultCentralAuthenticationService] - <Granted ticket [ST-1-35y-2-0Ftnfnw2rvc5JftGc79DIbobmac] for service [http://localhost:5000/cas/login/?origin=%2Ft1%3F] and principal [hebj]>
2020-02-23 10:34:15,058 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: ST-1-35y-2-0Ftnfnw2rvc5JftGc79DIbobmac for http://localhost:5000/cas/login/?origin=%2Ft1%3F
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Sun Feb 23 10:34:15 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 10:34:15,151 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,principal=SimplePrincipal(id=hebj, attributes={}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 10:34:15 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 10:34:15,158 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: ST-1-35y-2-0Ftnfnw2rvc5JftGc79DIbobmac for http://localhost:5000/cas/login/?origin=%2Ft1%3F
ACTION: SERVICE_TICKET_VALIDATED
APPLICATION: CAS
WHEN: Sun Feb 23 10:34:15 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
CAS客户端返回信息如下:
CAS_ATTRIBUTES:
{
'cas:admin_multi': '1',
'cas:authenticationDate': '2020-02-23T10:41:55.159+08:00[Asia/Shanghai]',
'cas:authenticationMethod': 'QueryDatabaseAuthenticationHandler',
'cas:credentialType': 'UsernamePasswordCredential',
'cas:isFromNewLogin': 'true',
'cas:longTermAuthenticationRequestTokenUsed': 'false',
'cas:successfulAuthenticationHandlers':'QueryDatabaseAuthenticationHandler',
'cas:user_multi': ['2', '1']
}
CAS_USERNAME: hebj,
_CAS_TOKEN: ST-2-INKF5795Y0dxVb6ExJcLIGwcRqsbobmac
经过测试发现,即使采用CAS3.0协议,如果没有配置返回属性策略,即移除以下内容:
"attributeReleasePolicy": {
"@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
}
或者
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "属性1", "属性2" ] ]
}
CAS服务端数据如下:
2020-02-23 15:18:18,135 INFO [org.apereo.cas.support.events.listener.DefaultCasEventListener] - <>
2020-02-23 15:18:18,135 INFO [org.apereo.cas.support.events.listener.DefaultCasEventListener] - <Ready to process requests @ [2020-02-23T07:18:18.134Z]>
2020-02-23 15:18:18,136 INFO [org.apereo.cas.web.CasWebApplication] - <Started CasWebApplication in 22.228 seconds (JVM running for 24.035)>
2020-02-23 15:18:38,035 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [1] service(s) from [JsonServiceRegistry].>
2020-02-23 15:18:48,043 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.>
2020-02-23 15:19:23,093 INFO [org.apereo.cas.web.flow.login.InitialFlowSetupAction] - <Setting path for cookies for warn cookie generator to: [/cas/] >
2020-02-23 15:19:23,125 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [event=success,timestamp=Sun Feb 23 15:19:23 CST 2020,source=RankedAuthenticationProviderWebflowEventResolver]
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 15:19:23 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 15:19:35,950 INFO [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authenticated principal [hebj] with attributes [{admin_multi=1, user_multi=[2, 1]}] via credentials [[UsernamePasswordCredential(username=hebj)]].>
2020-02-23 15:19:35,953 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: Supplied credentials: [UsernamePasswordCredential(username=hebj)]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Sun Feb 23 15:19:35 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 15:19:35,967 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,principal=SimplePrincipal(id=hebj, attributes={admin_multi=1, user_multi=[2, 1]}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 15:19:35 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 15:19:36,071 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,principal=SimplePrincipal(id=hebj, attributes={admin_multi=[1], user_multi=[2, 1]}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 15:19:36 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 15:19:36,080 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: TGT-1-********************************************************Q1uA70hkHekbobmac
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Sun Feb 23 15:19:36 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 15:19:36,092 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 15:19:36 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 15:19:36,104 INFO [org.apereo.cas.DefaultCentralAuthenticationService] - <Granted ticket [ST-1-T0AdE9cha4B18pAbP2U5BkIwawcbobmac] for service [http://localhost:5000/cas/login/?origin=%2Ft1%3F] and principal [hebj]>
2020-02-23 15:19:36,106 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: ST-1-T0AdE9cha4B18pAbP2U5BkIwawcbobmac for http://localhost:5000/cas/login/?origin=%2Ft1%3F
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Sun Feb 23 15:19:36 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 15:19:36,200 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [result=Service Access Granted,service=http://localhost:5000/cas/login/?orig...,principal=SimplePrincipal(id=hebj, attributes={}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sun Feb 23 15:19:36 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
2020-02-23 15:19:36,207 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: hebj
WHAT: ST-1-T0AdE9cha4B18pAbP2U5BkIwawcbobmac for http://localhost:5000/cas/login/?origin=%2Ft1%3F
ACTION: SERVICE_TICKET_VALIDATED
APPLICATION: CAS
WHEN: Sun Feb 23 15:19:36 CST 2020
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
>
CAS客户端,不能得到相关的配置属性,但是可以得到其他认证相关信息。
{ "CAS_ATTRIBUTES":
{
'cas:authenticationDate': '2020-02-23T15:19:36.062+08:00[Asia/Shanghai]',
'cas:authenticationMethod': 'QueryDatabaseAuthenticationHandler',
'cas:credentialType': 'UsernamePasswordCredential',
'cas:isFromNewLogin':'true',
'cas:longTermAuthenticationRequestTokenUsed': 'false',
'cas:successfulAuthenticationHandlers': 'QueryDatabaseAuthenticationHandler'
},
'CAS_USERNAME':'hebj',
'_CAS_TOKEN', 'ST-1-2awnHgVcXO2yhbEZrQBjzswrIiUbobmac'
}
3.2 客户端被认证成功,返回请求页面出错
解决办法:
当使用urllib.urlopen打开一个 https 链接时,会验证一次 SSL 证书。而当目标网站使用的是自签名的证书时就会抛出一个 urllib2.URLError: 的错误消息。我们可以选择取消SSL的证书验证。
在代码中加入如下代码:
import ssl
try:
_create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
# Legacy Python that doesn't verify HTTPS certificates by default
pass
else:
# Handle target environment that doesn't support HTTPS verification
ssl._create_default_https_context = _create_unverified_https_context官方解释如下
This guidance is aimed primarily at system administrators that wish to adopt newer
versions of Python that implement this PEP in legacy environments that do not yet
support certificate verification on HTTPS connections. For example, an administrator
may opt out by adding the monkeypatch above to sitecustomize.py in their Standard
Operating Environment for Python. Applications and libraries SHOULD NOT be making
this change process wide (except perhaps in response to a system administrator
controlled configuration setting).Particularly security sensitive applications should always provide an explicit
application defined SSL context rather than relying on the default behaviour
of the underlying Python implementation.
参考
https://blog.csdn.net/wuguowei1988/article/details/102482567
https://blog.csdn.net/eric520zenobia/article/details/78105232
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
智能推荐
使用nginx解决浏览器跨域问题_nginx不停的xhr-程序员宅基地
文章浏览阅读1k次。通过使用ajax方法跨域请求是浏览器所不允许的,浏览器出于安全考虑是禁止的。警告信息如下:不过jQuery对跨域问题也有解决方案,使用jsonp的方式解决,方法如下:$.ajax({ async:false, url: 'http://www.mysite.com/demo.do', // 跨域URL ty..._nginx不停的xhr
在 Oracle 中配置 extproc 以访问 ST_Geometry-程序员宅基地
文章浏览阅读2k次。关于在 Oracle 中配置 extproc 以访问 ST_Geometry,也就是我们所说的 使用空间SQL 的方法,官方文档链接如下。http://desktop.arcgis.com/zh-cn/arcmap/latest/manage-data/gdbs-in-oracle/configure-oracle-extproc.htm其实简单总结一下,主要就分为以下几个步骤。..._extproc
Linux C++ gbk转为utf-8_linux c++ gbk->utf8-程序员宅基地
文章浏览阅读1.5w次。linux下没有上面的两个函数,需要使用函数 mbstowcs和wcstombsmbstowcs将多字节编码转换为宽字节编码wcstombs将宽字节编码转换为多字节编码这两个函数,转换过程中受到系统编码类型的影响,需要通过设置来设定转换前和转换后的编码类型。通过函数setlocale进行系统编码的设置。linux下输入命名locale -a查看系统支持的编码_linux c++ gbk->utf8
IMP-00009: 导出文件异常结束-程序员宅基地
文章浏览阅读750次。今天准备从生产库向测试库进行数据导入,结果在imp导入的时候遇到“ IMP-00009:导出文件异常结束” 错误,google一下,发现可能有如下原因导致imp的数据太大,没有写buffer和commit两个数据库字符集不同从低版本exp的dmp文件,向高版本imp导出的dmp文件出错传输dmp文件时,文件损坏解决办法:imp时指定..._imp-00009导出文件异常结束
python程序员需要深入掌握的技能_Python用数据说明程序员需要掌握的技能-程序员宅基地
文章浏览阅读143次。当下是一个大数据的时代,各个行业都离不开数据的支持。因此,网络爬虫就应运而生。网络爬虫当下最为火热的是Python,Python开发爬虫相对简单,而且功能库相当完善,力压众多开发语言。本次教程我们爬取前程无忧的招聘信息来分析Python程序员需要掌握那些编程技术。首先在谷歌浏览器打开前程无忧的首页,按F12打开浏览器的开发者工具。浏览器开发者工具是用于捕捉网站的请求信息,通过分析请求信息可以了解请..._初级python程序员能力要求
Spring @Service生成bean名称的规则(当类的名字是以两个或以上的大写字母开头的话,bean的名字会与类名保持一致)_@service beanname-程序员宅基地
文章浏览阅读7.6k次,点赞2次,收藏6次。@Service标注的bean,类名:ABDemoService查看源码后发现,原来是经过一个特殊处理:当类的名字是以两个或以上的大写字母开头的话,bean的名字会与类名保持一致public class AnnotationBeanNameGenerator implements BeanNameGenerator { private static final String C..._@service beanname
随便推点
二叉树的各种创建方法_二叉树的建立-程序员宅基地
文章浏览阅读6.9w次,点赞73次,收藏463次。1.前序创建#include<stdio.h>#include<string.h>#include<stdlib.h>#include<malloc.h>#include<iostream>#include<stack>#include<queue>using namespace std;typed_二叉树的建立
解决asp.net导出excel时中文文件名乱码_asp.net utf8 导出中文字符乱码-程序员宅基地
文章浏览阅读7.1k次。在Asp.net上使用Excel导出功能,如果文件名出现中文,便会以乱码视之。 解决方法: fileName = HttpUtility.UrlEncode(fileName, System.Text.Encoding.UTF8);_asp.net utf8 导出中文字符乱码
笔记-编译原理-实验一-词法分析器设计_对pl/0作以下修改扩充。增加单词-程序员宅基地
文章浏览阅读2.1k次,点赞4次,收藏23次。第一次实验 词法分析实验报告设计思想词法分析的主要任务是根据文法的词汇表以及对应约定的编码进行一定的识别,找出文件中所有的合法的单词,并给出一定的信息作为最后的结果,用于后续语法分析程序的使用;本实验针对 PL/0 语言 的文法、词汇表编写一个词法分析程序,对于每个单词根据词汇表输出: (单词种类, 单词的值) 二元对。词汇表:种别编码单词符号助记符0beginb..._对pl/0作以下修改扩充。增加单词
android adb shell 权限,android adb shell权限被拒绝-程序员宅基地
文章浏览阅读773次。我在使用adb.exe时遇到了麻烦.我想使用与bash相同的adb.exe shell提示符,所以我决定更改默认的bash二进制文件(当然二进制文件是交叉编译的,一切都很完美)更改bash二进制文件遵循以下顺序> adb remount> adb push bash / system / bin /> adb shell> cd / system / bin> chm..._adb shell mv 权限
投影仪-相机标定_相机-投影仪标定-程序员宅基地
文章浏览阅读6.8k次,点赞12次,收藏125次。1. 单目相机标定引言相机标定已经研究多年,标定的算法可以分为基于摄影测量的标定和自标定。其中,应用最为广泛的还是张正友标定法。这是一种简单灵活、高鲁棒性、低成本的相机标定算法。仅需要一台相机和一块平面标定板构建相机标定系统,在标定过程中,相机拍摄多个角度下(至少两个角度,推荐10~20个角度)的标定板图像(相机和标定板都可以移动),即可对相机的内外参数进行标定。下面介绍张氏标定法(以下也这么称呼)的原理。原理相机模型和单应矩阵相机标定,就是对相机的内外参数进行计算的过程,从而得到物体到图像的投影_相机-投影仪标定
Wayland架构、渲染、硬件支持-程序员宅基地
文章浏览阅读2.2k次。文章目录Wayland 架构Wayland 渲染Wayland的 硬件支持简 述: 翻译一篇关于和 wayland 有关的技术文章, 其英文标题为Wayland Architecture .Wayland 架构若是想要更好的理解 Wayland 架构及其与 X (X11 or X Window System) 结构;一种很好的方法是将事件从输入设备就开始跟踪, 查看期间所有的屏幕上出现的变化。这就是我们现在对 X 的理解。 内核是从一个输入设备中获取一个事件,并通过 evdev 输入_wayland