cas 5.1.x 關於配置集羣代理的那些坑-2

Apereo cas 的代理功能是很是經常使用和重要的，尤爲是企業內部系統，各個系統間的無縫安全切換所有依靠這個代理功能，cas從4升級到5的轉變就是配置更新能夠及時生效，徹底取消了xml等諸多的配置。 在配置代理功能時遇到了不小的坑，千萬不要依賴官方文檔！！，這裏有不少次的失敗和嘗試，但願他人千萬不要掉進去。

官方說明，舉例以下：

Regex

A proxy policy that only allows proxying to PGT urls that match the specified regex pattern.

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "testId",
  "name" : "testId",
  "id" : 1,
  "proxyPolicy" : {
    "@class" : "org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
    "pattern" : "^https?://.*"
  }
}

咱們重點看這個參數：pattern ，依據官方給的樣例是個正則表達式字符串，若是你按照這個配置就慘了，

啓動cas時你會遇到這個錯誤：

Caused by: org.springframework.core.convert.ConverterNotFoundException: No converter found capable of converting from type [java.lang.String] to type [java.util.regex.Pattern]
	at org.springframework.core.convert.support.GenericConversionService.handleConverterNotFound(GenericConversionService.java:324)
	at org.springframework.core.convert.support.GenericConversionService.convert(GenericConversionService.java:206)
	at org.springframework.core.convert.support.GenericConversionService.convert(GenericConversionService.java:187)
	at org.springframework.data.mongodb.core.convert.MappingMongoConverter.getPotentiallyConvertedSimpleRead(MappingMongoConverter.java:829)
	at org.springframework.data.mongodb.core.convert.MappingMongoConverter.readValue(MappingMongoConverter.java:1220)
	at org.springframework.data.mongodb.core.convert.MappingMongoConverter.access$200(MappingMongoConverter.java:85)
	at org.springframework.data.mongodb.core.convert.MappingMongoConverter$MongoDbPropertyValueProvider.getPropertyValue(MappingMongoConverter.java:1166)
	at org.springframework.data.mongodb.core.convert.MappingMongoConverter.getValueInternal(MappingMongoConverter.java:877)
	at org.springframework.data.mongodb.core.convert.MappingMongoConverter$1.doWithPersistentProperty(MappingMongoConverter.java:290)
	at org.springframework.data.mongodb.core.convert.MappingMongoConverter$1.doWithPersistentProperty(MappingMongoConverter.java:278)
	at org.springframework.data.mapping.model.BasicPersistentEntity.doWithProperties(BasicPersistentEntity.java:330)
	at org.springframework.data.mongodb.core.convert.MappingMongoConverter.read(MappingMongoConverter.java:278)
	at org.springframework.data.mongodb.core.convert.MappingMongoConverter.read(MappingMongoConverter.java:238)
	at org.springframework.data.mongodb.core.convert.MappingMongoConverter.readValue(MappingMongoConverter.java:1218)

若是你把pattern字段取消或者更名，那麼你會遇到這個錯誤：

java.lang.NullPointerException: null
	at org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy.hashCode(RegexMatchingRegisteredServiceProxyPolicy.java:62) ~[cas-server-core-services-5.1.2.jar!/:5.1.2]
	at org.apache.commons.lang3.builder.HashCodeBuilder.append(HashCodeBuilder.java:851) ~[commons-lang3-3.5.jar!/:3.5]
	at org.apereo.cas.services.AbstractRegisteredService.hashCode(AbstractRegisteredService.java:260) ~[cas-server-core-services-5.1.2.jar!/:5.1.2]
	at org.apache.commons.lang3.builder.HashCodeBuilder.append(HashCodeBuilder.java:851) ~[commons-lang3-3.5.jar!/:3.5]
	at org.apereo.cas.authentication.HttpBasedServiceCredential.hashCode(HttpBasedServiceCredential.java:91) ~[cas-server-core-authentication-5.1.2.jar!/:5.1.2]
	at java.util.HashMap.hash(HashMap.java:338) ~[?:1.8.0_121]
	at java.util.HashMap.put(HashMap.java:611) ~[?:1.8.0_121]
	at java.util.HashSet.add(HashSet.java:219) ~[?:1.8.0_121]
	at java.util.stream.ReduceOps$3ReducingSink.accept(ReduceOps.java:169) ~[?:1.8.0_121]
	at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175) ~[?:1.8.0_121]
	at java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948) ~[?:1.8.0_121]
	at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481) ~[?:1.8.0_121]
	at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) ~[?:1.8.0_121]
	at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708) ~[?:1.8.0_121]
	at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:1.8.0_121]
	at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499) ~[?:1.8.0_121]
	at org.apereo.cas.authentication.AuthenticationTransaction.sanitizeCredentials(AuthenticationTransaction.java:99) ~[cas-server-core-api-authentication-5.1.2.jar!/:5.1.2]
	at org.apereo.cas.authentication.AuthenticationTransaction.wrap(AuthenticationTransaction.java:50) ~[cas-server-core-api-authentication-5.1.2.jar!/:5.1.2]
	at org.apereo.cas.authentication.DefaultAuthenticationSystemSupport.handleAuthenticationTransaction(DefaultAuthenticationSystemSupport.java:54) ~[cas-server-core-authentication-5.1.2.jar!/:5.1.2]

好吧，咱們回到 org.springframework.core.convert.ConverterNotFoundException: No converter found capable of converting from type [java.lang.String] to type [java.util.regex.Pattern] 這個錯上上，一看錯誤就知道屬性值轉換器問題，查看源代碼並測試以下：

在這個包下 package org.apereo.cas.util.spring 有個自定義轉換器Converters.java,咱們添加一個Pattern轉換器試試：

/**
     * string to Pattern converter
     * turns a {@link Pattern} into a formatted string.
     */
    public static class StringToPatternConverter implements Converter<String, Pattern> {
        @Override
        public Pattern convert(final String pgtUrlPattern) {
            return Pattern.compile(pgtUrlPattern, Pattern.CASE_INSENSITIVE);
        }
    }

而後編譯後，運行debug，查看轉換器加載完畢了，可是錯誤依然存在，轉換器沒起做用。好吧，我忍了。 這個cas我採用的是mongodb做爲存儲，那麼這個註冊服務的驅動用的是spring-data-mongodb組件，查看了官方文檔，發現能夠自定義轉換器;好吧，弄它試試！ 在包 package org.apereo.cas.services.convert 下面創建一個StringToPatternConverter.java,而後放入org.apereo.cas.config.MongoDbServiceRegistryConfiguration中的這個方法中（其實官方的註釋上標明瞭是排除轉換器）：

@Override
    public CustomConversions customConversions() {
        return new CustomConversions(Arrays.asList(
                new BaseConverters.LoggerConverter(),
                new BaseConverters.ClassConverter(),
                new BaseConverters.CommonsLogConverter(),
                new BaseConverters.PersonAttributesConverter(),
                new BaseConverters.CacheLoaderConverter(),
                new BaseConverters.RunnableConverter(),
                new BaseConverters.ReferenceQueueConverter(),
                new BaseConverters.ThreadLocalConverter(),
                new BaseConverters.CertPathConverter(),
                new BaseConverters.CacheConverter()
        ));
    }

編譯後啓動測試，發現問題依然存在，彎路走了很多。

原來錯誤的是這個樣子的：

"proxyPolicy" : {
        "_class" : "org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
        "pattern" : "^(http|https)?://.*/eccl/proxyUrl.?.*"
    },

最終正確的是這個樣子的：

"proxyPolicy" : {
        "_class" : "org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
        "pattern" : /^(http|https)?:\/\/.*\/eccl\/proxyUrl.?.*/i
    },

爲了取得真經，中間饒了十八彎，其中包含配置控制面板dashboard,包含配置CAS server that management app,中間的各類配置參數的組合，頭大的很，主要是官方沒有明確的每一個參數的說明和例子，你本身猜着看。