cas 4.2.7 和 Nginx 整合遇到的问题 登录一会可以一会不可以

版权声明：本文为博主原创文章，未经博主允许不得转载。 https://blog.csdn.net/shuaizai88/article/details/79899399

cas与Nginx整合遇到了 登录成功后 又自动退出，一刷新发现又登录成功的，在刷新还是未登录，不是很稳定，刚刚开始以为是浏览器缓存了登录页面的html没有去请求后台，经过调试发现 还请求了后台，最后吧cas的日志打开，发现了问题所在。

经过Nginx代理后，request.getremoteaddr 方法经过Nginx代理后变成了127.0.0.1 而不是真实的ip，cas有一个校验，如果发现下发cookie的时候，和这个ip不一致则会报一个错误。

 解决方案：通过

request.getHeader("x-forwarded-for"); 方式获取真实ip

一下是修改好的类，直接编译下就可以使用了

package org.jasig.cas.web.support;

import org.apache.commons.lang3.StringUtils;
import org.jasig.cas.CipherExecutor;
import org.jasig.cas.util.NoOpCipherExecutor;
import org.jasig.cas.web.support.CookieValueManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;

/**
 * The {@link DefaultCasCookieValueManager} is responsible creating
 * the CAS SSO sookie and encrypting and signing its value.
 *
 * @author Misagh Moayyed
 * @since 4.1
 */
@Component("defaultCookieValueManager")
public final class DefaultCasCookieValueManager implements CookieValueManager {
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultCasCookieValueManager.class);
    private static final char COOKIE_FIELD_SEPARATOR = '@';
    private static final int COOKIE_FIELDS_LENGTH = 3;

    /** The cipher exec that is responsible for encryption and signing of the cookie. */
    private final CipherExecutor<String, String> cipherExecutor;

    /**
     * Instantiates a new Cas cookie value manager.
     * Set the default cipher to do absolutely  nothing.
     */
    public DefaultCasCookieValueManager() {
        this(new NoOpCipherExecutor());
    }

    /**
     * Instantiates a new Cas cookie value manager.
     *
     * @param cipherExecutor the cipher executor
     */
    @Autowired
    public DefaultCasCookieValueManager(@Qualifier("defaultCookieCipherExecutor")
                                            final CipherExecutor<String, String> cipherExecutor) {
        this.cipherExecutor = cipherExecutor;
        LOGGER.debug("Using cipher [{} to encrypt and decode the cookie",
                this.cipherExecutor.getClass());
    }

    @Override
    public String buildCookieValue(final String givenCookieValue, final HttpServletRequest request) {
        final StringBuilder builder = new StringBuilder(givenCookieValue);

        //final String remoteAddr = request.getRemoteAddr();
        final  String remoteAddr = request.getHeader("x-forwarded-for");
        if (StringUtils.isBlank(remoteAddr)) {
            throw new IllegalStateException("Request does not specify a remote address");
        }
        builder.append(COOKIE_FIELD_SEPARATOR);
        builder.append(remoteAddr);

        final String userAgent = request.getHeader("user-agent");
        if (StringUtils.isBlank(userAgent)) {
            throw new IllegalStateException("Request does not specify a user-agent");
        }
        builder.append(COOKIE_FIELD_SEPARATOR);
        builder.append(userAgent);

        final String res = builder.toString();
        LOGGER.debug("Encoding cookie value [{}]", res);
        return this.cipherExecutor.encode(res);
    }

    @Override
    public String obtainCookieValue(final Cookie cookie, final HttpServletRequest request) {
        final String cookieValue = this.cipherExecutor.decode(cookie.getValue());
        LOGGER.debug("Decoded cookie value is [{}]", cookieValue);
        if (StringUtils.isBlank(cookieValue)) {
            LOGGER.debug("Retrieved decoded cookie value is blank. Failed to decode cookie [{}]", cookie.getName());
            return null;
        }

        final String[] cookieParts = cookieValue.split(String.valueOf(COOKIE_FIELD_SEPARATOR));
        if (cookieParts.length != COOKIE_FIELDS_LENGTH) {
            throw new IllegalStateException("Invalid cookie. Required fields are missing");
        }
        final String value = cookieParts[0];
        final String remoteAddr = cookieParts[1];
        final String userAgent = cookieParts[2];

        if (StringUtils.isBlank(value) || StringUtils.isBlank(remoteAddr)
                || StringUtils.isBlank(userAgent)) {
            throw new IllegalStateException("Invalid cookie. Required fields are empty");
        }
        String clientRemoteAddr = request.getHeader("x-forwarded-for");
        if (!remoteAddr.equals(clientRemoteAddr)) {
            throw new IllegalStateException("Invalid cookie. Required remote address does not match "
                    + clientRemoteAddr);
        }

        if (!userAgent.equals(request.getHeader("user-agent"))) {
            throw new IllegalStateException("Invalid cookie. Required user-agent does not match "
                    + request.getHeader("user-agent"));
        }
        return value;
    }
}