diff --git a/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java b/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java
index 30af2e519290ed96d4ac61c8ef00a23955adcfc3..024bcc222c35b29fffe798e751d77a5b1225732a 100644
--- a/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java
+++ b/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java
@@ -17,6 +17,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic();
http.csrf().disable();
+ http.headers().frameOptions().sameOrigin();
}
@Autowired
diff --git a/apollo-portal/pom.xml b/apollo-portal/pom.xml
index 500e8c3db12e6f4fcd4aaf803c77a0661a8e202e..d629868fac654b4ce228400b95f147559431b813 100644
--- a/apollo-portal/pom.xml
+++ b/apollo-portal/pom.xml
@@ -66,8 +66,8 @@
- org.jasig.cas.client
- cas-client-core-infosec-credis
+ com.ctrip.framework.apollo-sso
+ apollo-sso-ctrip
diff --git a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/auth/CtripLogoutHandler.java b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/auth/CtripLogoutHandler.java
index 0c7dd188ee1c9ebee74f69a5fd36ae87801c4c88..9e69a67bf5c7efc505b55c68c4028b50b7665a10 100644
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/auth/CtripLogoutHandler.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/auth/CtripLogoutHandler.java
@@ -9,6 +9,7 @@ import java.io.IOException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
public class CtripLogoutHandler implements LogoutHandler{
@@ -18,7 +19,10 @@ public class CtripLogoutHandler implements LogoutHandler{
@Override
public void logout(HttpServletRequest request, HttpServletResponse response) {
//将session销毁
- request.getSession().invalidate();
+ HttpSession session = request.getSession(false);
+ if (session != null) {
+ session.invalidate();
+ }
Cookie cookie = new Cookie("memCacheAssertionID", null);
//将cookie的有效期设置为0,命令浏览器删除该cookie
diff --git a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/configutation/AuthConfiguration.java b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/configutation/AuthConfiguration.java
index fbc89b36ba08bec192370d54fd7210618d8a3017..b552c6905f34897d8c752b9fe5591ce90eac4711 100644
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/configutation/AuthConfiguration.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/configutation/AuthConfiguration.java
@@ -73,9 +73,11 @@ public class AuthConfiguration {
filterInitParam.put("redisClusterName", "casClientPrincipal");
filterInitParam.put("serverName", serverConfigService.getValue("serverName"));
filterInitParam.put("casServerLoginUrl", serverConfigService.getValue("casServerLoginUrl"));
+ //we don't want to use session to store login information, since we will be deployed to a cluster, not a single instance
+ filterInitParam.put("useSession", "false");
casFilter.setInitParameters(filterInitParam);
- casFilter.setFilter(filter("org.jasig.cas.client.authentication.AuthenticationFilter"));
+ casFilter.setFilter(filter("com.ctrip.framework.apollo.sso.filter.ApolloAuthenticationFilter"));
casFilter.addUrlPatterns("/*");
return casFilter;
@@ -88,6 +90,8 @@ public class AuthConfiguration {
filterInitParam.put("casServerUrlPrefix", serverConfigService.getValue("casServerUrlPrefix"));
filterInitParam.put("serverName", serverConfigService.getValue("serverName"));
filterInitParam.put("encoding", "UTF-8");
+ //we don't want to use session to store login information, since we will be deployed to a cluster, not a single instance
+ filterInitParam.put("useSession", "false");
filterInitParam.put("useRedis", "true");
filterInitParam.put("redisClusterName", "casClientPrincipal");
@@ -105,7 +109,7 @@ public class AuthConfiguration {
public FilterRegistrationBean assertionHolder(){
FilterRegistrationBean assertionHolderFilter = new FilterRegistrationBean();
- assertionHolderFilter.setFilter(filter("org.jasig.cas.client.util.AssertionThreadLocalFilter"));
+ assertionHolderFilter.setFilter(filter("com.ctrip.framework.apollo.sso.filter.ApolloAssertionThreadLocalFilter"));
assertionHolderFilter.addUrlPatterns("/*");
return assertionHolderFilter;
diff --git a/apollo-portal/src/main/resources/static/scripts/AppUtils.js b/apollo-portal/src/main/resources/static/scripts/AppUtils.js
index 8a5e98982ce07e965854c44ea1260d087ef71d9d..0bb03997601aa94e60735a5cab390e1f9dd25046 100644
--- a/apollo-portal/src/main/resources/static/scripts/AppUtils.js
+++ b/apollo-portal/src/main/resources/static/scripts/AppUtils.js
@@ -3,7 +3,7 @@ appUtil.service('AppUtil', ['toastr', function (toastr) {
return {
errorMsg: function (response) {
if (response.status == -1) {
- return "您的登录信息已过期,请重新登录";
+ return "您的登录信息已过期,请刷新页面后重试";
}
var msg = "Code:" + response.status;
if (response.data.message != null) {
diff --git a/apollo-portal/src/main/resources/static/sso_heartbeat.html b/apollo-portal/src/main/resources/static/sso_heartbeat.html
new file mode 100644
index 0000000000000000000000000000000000000000..0cdb13ce983f68ee063ebc5e71b411b39bf1cdba
--- /dev/null
+++ b/apollo-portal/src/main/resources/static/sso_heartbeat.html
@@ -0,0 +1,22 @@
+
+
+
+
+ SSO Heartbeat
+
+
+
+
+
diff --git a/apollo-portal/src/main/resources/static/views/common/footer.html b/apollo-portal/src/main/resources/static/views/common/footer.html
index b4a386987e139513fad196fbf8e6847d14620c82..926c6596be156e51a49ec3b5264d6e5ef00be136 100644
--- a/apollo-portal/src/main/resources/static/views/common/footer.html
+++ b/apollo-portal/src/main/resources/static/views/common/footer.html
@@ -5,7 +5,4 @@
wiki
-
-
-
-
+
diff --git a/pom.xml b/pom.xml
index a90bc624510d8b394f7a7faa9b706817a7f34cfa..9d81d9b454c9ed5e71846a8822dd016011ac817e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -177,9 +177,9 @@
- org.jasig.cas.client
- cas-client-core-infosec-credis
- 3.1.12
+ com.ctrip.framework.apollo-sso
+ apollo-sso-ctrip
+ 1.0.0