TouchInstinct
/
cas-overlay-template
306
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: TouchInstinct:master
Branches Tags
TouchInstinct:master
TouchInstinct:feature/touchinstinct
TouchInstinct:feature/init
TouchInstinct:6.1
TouchInstinct:5.2
TouchInstinct:6.0
TouchInstinct:5.3
TouchInstinct:alljarsinwar
TouchInstinct:5.1
TouchInstinct:5.0.x
TouchInstinct:4.2
TouchInstinct:4.1
..
compare: TouchInstinct:4.2
Branches Tags
TouchInstinct:feature/touchinstinct
TouchInstinct:feature/init
TouchInstinct:master
TouchInstinct:6.1
TouchInstinct:5.2
TouchInstinct:6.0
TouchInstinct:5.3
TouchInstinct:alljarsinwar
TouchInstinct:5.1
TouchInstinct:5.0.x
TouchInstinct:4.2
TouchInstinct:4.1

19 Commits
master ... 4.2

Author SHA1 Message Date
Misagh Moayyed 0ec452cbeb Merge pull request #5 from ParthKolekar/4.2-changed-mode 
Changed Mode
 2017-01-10 21:13:08 +03:30
Parth Kolekar ce5b819ce7 Changed Mode 2017-01-10 11:55:20 +05:30
Misagh Moayyed 97293f463f Update pom.xml 2016-11-03 15:26:14 -07:00
Misagh Moayyed 181bfb46c6 Update pom.xml 2016-09-28 23:39:51 +03:30
Misagh Moayyed 84ef8e3b1c Update README.md 2016-09-02 01:46:06 -07:00
Misagh Moayyed f485f7db3c Update README.md 2016-09-02 01:43:12 -07:00
Misagh Moayyed b840f4df8e Update pom.xml 2016-09-02 01:43:02 -07:00
Misagh Moayyed d0d16dfc0c Merge pull request #4 from wallon-ines/master 
You need to replace variables in cas.properties : svcreg.database.dia…
 2016-07-29 14:12:03 +04:30
Misagh Moayyed a3e34088d4 Update README.md 2016-07-29 02:41:33 -07:00
Misagh Moayyed 666d51eebf Update pom.xml 2016-07-29 02:41:20 -07:00
Misagh Moayyed e32665b921
updated repository to include shib releases 2016-07-14 23:35:03 -07:00
Misagh Moayyed b9f698a2fe Update README.md 2016-05-20 13:00:20 -07:00
Misagh Moayyed 06aa410b14 Update pom.xml 2016-05-20 13:00:11 -07:00
Ines WALLON 85ba824233 You need to replace variables in cas.properties : svcreg.database.dialect ==> svcreg.database.hibernate.dialect ==> svcreg.database.dialect. Otherwise, these properties are not used in java source files. 2016-04-20 15:56:40 +02:00
Misagh Moayyed f1060371ed Update cas.properties 2016-04-11 09:17:21 -07:00
Misagh Moayyed ffb772c55a Update cas.properties 2016-04-11 08:55:24 -07:00
Misagh Moayyed 35649a198d Update cas.properties 2016-04-11 08:54:55 -07:00
Misagh Moayyed 4294125d0d Update pom.xml 2016-04-01 05:05:28 -07:00
Misagh Moayyed f2db7a019c Update README.md 2016-04-01 05:05:16 -07:00
43 changed files with 1688 additions and 1395 deletions
Show Stats Expand all files Collapse all files

7
.dockerignore
View File

@ -1,7 +0,0 @@
target/**
build/**
bin/**
.idea/**
.history/**
.github/**
.git/**

6
.gitattributes vendored
View File

@ -1,6 +0,0 @@
# Set line endings to LF, even on Windows. Otherwise, execution within Docker fails.
# See https://help.github.com/articles/dealing-with-line-endings/
*.sh text eol=lf
gradlew text eol=lf
*.cmd text eol=crlf
*.bat text eol=crlf

1
.github/FUNDING.yml vendored
View File

@ -1 +0,0 @@
custom: ['https://www.apereo.org/content/apereo-membership']

11
.github/renovate.json vendored
View File

@ -1,11 +0,0 @@
{
"extends": [
"config:base",
":preserveSemverRanges",
":rebaseStalePrs",
":disableRateLimiting",
":semanticCommits",
":semanticCommitTypeAll(renovatebot)"
],
"labels": ["dependencies", "bot"]
}

8
.gitignore vendored Executable file → Normal file
View File

@ -2,8 +2,6 @@
!/.project
.project
.settings
.history
.vscode
target/
.idea/
.DS_Store
@ -11,12 +9,6 @@ target/
overlays/
.gradle/
build/
log/
bin/
*.war
*.iml
*.log
tmp/
./apache-tomcat
apache-tomcat.zip
config-metadata.properties

32
.mergify.yml
View File

@ -1,32 +0,0 @@
#
# Licensed to Apereo under one or more contributor license
# agreements. See the NOTICE file distributed with this work
# for additional information regarding copyright ownership.
# Apereo licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a
# copy of the License at the following location:
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
pull_request_rules:
- name: automatic merge by dependabot
conditions:
- status-success=continuous-integration/travis-ci/pr
- status-success=WIP
- "#changes-requested-reviews-by=0"
- base=master
- label=dependencies
actions:
merge:
method: merge
strict: true
delete_head_branch:

62
.travis.yml
View File

@ -1,62 +0,0 @@
language: java
sudo: required
dist: trusty
services:
- docker
branches:
only:
- master
before_cache:
- rm -rf $HOME/.gradle/caches/5.*/
- rm -rf $HOME/.gradle/caches/4.*/
- rm -fr $HOME/.gradle/caches/*/plugin-resolution/
- find ~/.gradle/caches/ -name "*.lock" -type f -delete
cache:
bundler: false
cargo: false
directories:
- $HOME/.m2
- $HOME/.npm/
- $HOME/.gradle/caches/
- $HOME/.gradle/wrapper/
env:
global:
- JAVA_OPTS="-Xms512m -Xmx4048m -Xss128m -XX:ReservedCodeCacheSize=512m -XX:+UseG1GC -Xverify:none -server"
- GRADLE_OPTS="-Xms512m -Xmx1024m -Xss128m -XX:ReservedCodeCacheSize=512m -XX:+UseG1GC -Xverify:none -server"
jdk:
- openjdk11
before_install:
- echo -e "Configuring Gradle wrapper...\n"
- mkdir -p ~/.gradle && echo "org.gradle.daemon=false" >> ~/.gradle/gradle.properties
- chmod -R 777 ./gradlew
- chmod -R 777 *.sh
install: true
stages:
- build
- validate
- docker
jobs:
include:
- stage: build
script: ./gradlew clean build --stacktrace --no-daemon --refresh-dependencies -Dorg.gradle.internal.http.socketTimeout=600000 -Dorg.gradle.internal.http.connectionTimeout=600000
name: "Build CAS"
############################################
- stage: validate
script: ./gradlew downloadShell
name: "Download CAS Shell"
- stage: validate
script: ./gradlew listTemplateViews
name: "List CAS Template Views"
- stage: validate
script: ./gradlew explodeWar
name: "Unzip CAS Web Application"
############################################
- stage: docker
script: ./gradlew build jibDockerBuild --stacktrace --no-daemon --refresh-dependencies
name: "Build Docker Image via Jib"
- stage: docker
script: docker-compose build
name: "Build Docker Image via Docker Compose"
- stage: docker
script: ./docker-build.sh
name: "Build Docker Image"

40
Dockerfile
View File

@ -1,40 +0,0 @@
FROM adoptopenjdk/openjdk11:alpine-slim AS overlay
RUN mkdir -p cas-overlay
COPY ./src cas-overlay/src/
COPY ./gradle/ cas-overlay/gradle/
COPY ./gradlew ./settings.gradle ./build.gradle ./gradle.properties /cas-overlay/
RUN mkdir -p ~/.gradle \
&& echo "org.gradle.daemon=false" >> ~/.gradle/gradle.properties \
&& echo "org.gradle.configureondemand=true" >> ~/.gradle/gradle.properties \
&& cd cas-overlay \
&& chmod 750 ./gradlew \
&& ./gradlew --version;
RUN cd cas-overlay \
&& ./gradlew clean build --parallel --no-daemon;
FROM adoptopenjdk/openjdk11:alpine-jre AS cas
LABEL "Organization"="Apereo"
LABEL "Description"="Apereo CAS"
RUN cd / \
&& mkdir -p /etc/cas/config \
&& mkdir -p /etc/cas/services \
&& mkdir -p /etc/cas/saml \
&& mkdir -p cas-overlay;
COPY etc/cas/ /etc/cas/
COPY etc/cas/config/ /etc/cas/config/
COPY etc/cas/services/ /etc/cas/services/
COPY etc/cas/saml/ /etc/cas/saml/
COPY --from=overlay cas-overlay/build/libs/cas.war cas-overlay/
EXPOSE 8080 8443
ENV PATH $PATH:$JAVA_HOME/bin:.
WORKDIR cas-overlay
ENTRYPOINT ["java", "-server", "-noverify", "-Xmx2048M", "-jar", "cas.war"]

146
README.md
View File

@ -1,146 +1,52 @@
CAS Overlay Template [![Build Status](https://travis-ci.org/apereo/cas-overlay-template.svg?branch=master)](https://travis-ci.org/apereo/cas-overlay-template)
=======================
CAS Overlay Template
============================
Generic CAS WAR overlay to exercise the latest versions of CAS. This overlay could be freely used as a starting template for local CAS war overlays.
Generic CAS maven war overlay to exercise the latest versions of CAS. This overlay could be freely used as a starting template for local CAS maven war overlays. The CAS services management overlay is available [here](https://github.com/Jasig/cas-services-management-overlay).
# Versions
- CAS `6.2.x`
- JDK `11`
# Overview
To build the project, use:
```bash
# Use --refresh-dependencies to force-update SNAPSHOT versions
./gradlew[.bat] clean build
```xml
<cas.version>4.2.x</cas.version>
```
To see what commands are available to the build script, run:
```bash
./gradlew[.bat] tasks
```
To launch into the CAS command-line shell:
```bash
./gradlew[.bat] downloadShell runShell
```
To fetch and overlay a CAS resource or view, use:
```bash
./gradlew[.bat] getResource -PresourceName=[resource-name]
```
To list all available CAS views and templates:
```bash
./gradlew[.bat] listTemplateViews
```
To unzip and explode the CAS web application file and the internal resources jar:
```bash
./gradlew[.bat] explodeWar
```
# Requirements
* JDK 1.7+
# Configuration
- The `etc` directory contains the configuration files and directories that need to be copied to `/etc/cas/config`.
The `etc` directory contains the configuration files that need to be copied to `/etc/cas`.
Current files are:
* `cas.properties`
* `log4j2.xml`
# Build
```bash
./gradlew[.bat] copyCasConfiguration
mvnw clean package
```
- The specifics of the build are controlled using the `gradle.properties` file.
## Adding Modules
CAS modules may be specified under the `dependencies` block of the [Gradle build script](build.gradle):
```gradle
dependencies {
compile "org.apereo.cas:cas-server-some-module:${project.casVersion}"
...
}
```
To collect the list of all project modules and dependencies:
or
```bash
./gradlew[.bat] allDependencies
mvnw.bat clean package
```
### Clear Gradle Cache
If you need to, on Linux/Unix systems, you can delete all the existing artifacts (artifacts and metadata) Gradle has downloaded using:
```bash
# Only do this when absolutely necessary
rm -rf $HOME/.gradle/caches/
```
Same strategy applies to Windows too, provided you switch `$HOME` to its equivalent in the above command.
# Deployment
- Create a keystore file `thekeystore` under `/etc/cas`. Use the password `changeit` for both the keystore and the key/certificate entries. This can either be done using the JDK's `keytool` utility or via the following command:
## Embedded Jetty
* Create a Java keystore at `/etc/cas/jetty/thekeystore` with the password `changeit`.
* Import your CAS server certificate inside this keystore.
```bash
./gradlew[.bat] createKeystore
mvnw jetty:run-forked
```
- Ensure the keystore is loaded up with keys and certificates of the server.
On a successful deployment via the following methods, CAS will be available at:
CAS will be available at:
* `http://cas.server.name:8080/cas`
* `https://cas.server.name:8443/cas`
## Executable WAR
Run the CAS web application as an executable WAR:
```bash
./gradlew[.bat] run
```
Debug the CAS web application as an executable WAR:
```bash
./gradlew[.bat] debug
```
Run the CAS web application as a *standalone* executable WAR:
```bash
./gradlew[.bat] clean executable
```
## External
Deploy the binary web application file `cas.war` after a successful build to a servlet container of choice.
## Docker
The following strategies outline how to build and deploy CAS Docker images.
### Jib
The overlay embraces the [Jib Gradle Plugin](https://github.com/GoogleContainerTools/jib) to provide easy-to-use out-of-the-box tooling for building CAS docker images. Jib is an open-source Java containerizer from Google that lets Java developers build containers using the tools they know. It is a container image builder that handles all the steps of packaging your application into a container image. It does not require you to write a Dockerfile or have Docker installed, and it is directly integrated into the overlay.
```bash
./gradlew build jibDockerBuild
```
### Dockerfile
You can also use the native Docker tooling and the provided `Dockerfile` to build and run CAS.
```bash
chmod +x *.sh
./docker-build.sh
./docker-run.sh
```
Deploy resultant `target/cas.war` to a Servlet container of choice.

111
build.gradle
View File

@ -1,111 +0,0 @@
buildscript {
repositories {
mavenLocal()
gradlePluginPortal()
mavenCentral()
jcenter()
maven {
url "https://repo.spring.io/libs-milestone"
mavenContent { releasesOnly() }
}
maven {
url "https://repo.spring.io/libs-snapshot"
mavenContent { snapshotsOnly() }
}
maven {
url "https://plugins.gradle.org/m2/"
mavenContent { releasesOnly() }
}
}
dependencies {
classpath "de.undercouch:gradle-download-task:${project.gradleDownloadTaskVersion}"
classpath "org.springframework.boot:spring-boot-gradle-plugin:${project.springBootVersion}"
classpath "gradle.plugin.com.google.cloud.tools:jib-gradle-plugin:${project.jibVersion}"
classpath "io.freefair.gradle:maven-plugin:${project.gradleMavenPluginVersion}"
classpath "io.freefair.gradle:lombok-plugin:${project.gradleLombokPluginVersion}"
}
}
repositories {
mavenLocal()
mavenCentral()
jcenter()
maven {
url "https://oss.sonatype.org/content/repositories/snapshots"
mavenContent { snapshotsOnly() }
}
maven {
mavenContent { releasesOnly() }
url "https://build.shibboleth.net/nexus/content/repositories/releases/"
}
maven {
mavenContent { releasesOnly() }
url "https://repo.spring.io/milestone/"
}
maven {
url "https://repo.spring.io/snapshot/"
mavenContent { snapshotsOnly() }
}
maven {
mavenContent { snapshotsOnly() }
url "https://oss.jfrog.org/artifactory/oss-snapshot-local"
}
}
def casServerVersion = project.'cas.version'
def casWebApplicationBinaryName = "cas.war"
project.ext."casServerVersion" = casServerVersion
project.ext."casWebApplicationBinaryName" = casWebApplicationBinaryName
apply plugin: "io.freefair.war-overlay"
apply plugin: "io.freefair.lombok"
apply from: rootProject.file("gradle/tasks.gradle")
apply plugin: "war"
apply plugin: "eclipse"
apply plugin: "idea"
apply from: rootProject.file("gradle/springboot.gradle")
apply from: rootProject.file("gradle/dockerjib.gradle")
dependencies {
// Other CAS dependencies/modules may be listed here...
// implementation "org.apereo.cas:cas-server-support-json-service-registry:${casServerVersion}"
}
tasks.findByName("jibDockerBuild")
.dependsOn(copyWebAppIntoJib, copyConfigIntoJib)
.finalizedBy(deleteWebAppFromJib)
tasks.findByName("jib")
.dependsOn(copyWebAppIntoJib, copyConfigIntoJib)
.finalizedBy(deleteWebAppFromJib)
configurations.all {
resolutionStrategy {
cacheChangingModulesFor 0, "seconds"
cacheDynamicVersionsFor 0, "seconds"
preferProjectModules()
def failIfConflict = project.hasProperty("failOnVersionConflict") && Boolean.valueOf(project.getProperty("failOnVersionConflict"))
if (failIfConflict) {
failOnVersionConflict()
}
}
}
eclipse {
classpath {
downloadSources = true
downloadJavadoc = true
}
}
idea {
module {
downloadJavadoc = true
downloadSources = true
}
}

10
docker-build.sh
View File

@ -1,10 +0,0 @@
#!/bin/bash
image_tag=(`cat gradle.properties | grep "cas.version" | cut -d= -f2`)
echo "Building CAS docker image tagged as [v$image_tag]"
# read -p "Press [Enter] to continue..." any_key;
docker build --tag="org.apereo.cas/cas:v$image_tag" . \
&& echo "Built CAS image successfully tagged as org.apereo.cas/cas:v$image_tag" \
&& docker images "org.apereo.cas/cas:v$image_tag"

7
docker-compose.yml
View File

@ -1,7 +0,0 @@
version: '3'
services:
cas:
build: .
ports:
- "8443:8443"
- "8080:8080"

12
docker-push.sh
View File

@ -1,12 +0,0 @@
#!/bin/bash
read -p "Docker username: " docker_user
read -s -p "Docker password: " docker_psw
echo "$docker_psw" | docker login --username "$docker_user" --password-stdin
image_tag=(`cat gradle.properties | grep "cas.version" | cut -d= -f2`)
echo "Pushing CAS docker image tagged as v$image_tag to org.apereo.cas/cas..."
docker push org.apereo.cas/cas:"v$image_tag" \
&& echo "Pushed org.apereo.cas/cas:v$image_tag successfully.";

7
docker-run.sh
View File

@ -1,7 +0,0 @@
#!/bin/bash
docker stop cas > /dev/null 2>&1
docker rm cas > /dev/null 2>&1
image_tag=(`cat gradle.properties | grep "cas.version" | cut -d= -f2`)
docker run -d -p 8080:8080 -p 8443:8443 --name="cas" org.apereo.cas/cas:"v${image_tag}"
docker logs -f cas

712
etc/cas.properties Normal file
View File

@ -0,0 +1,712 @@
#
# Licensed to Apereo under one or more contributor license
# agreements. See the NOTICE file distributed with this work
# for additional information regarding copyright ownership.
# Apereo licenses this file to you under the Apache License,
# Version 2.0 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a
# copy of the License at the following location:
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
server.name=http://localhost:8080
server.prefix=${server.name}/cas
# security configuration based on IP address to access the /status and /statistics pages
# cas.securityContext.adminpages.ip=127\.0\.0\.1
##
# Unique CAS node name
# host.name is used to generate unique Service Ticket IDs and SAMLArtifacts. This is usually set to the specific
# hostname of the machine running the CAS node, but it could be any label so long as it is unique in the cluster.
host.name=cas01.example.org
##
# JPA Ticket Registry Database Configuration
#
# ticketreg.database.ddl.auto=create-drop
# ticketreg.database.dialect=org.hibernate.dialect.OracleDialect|MySQLInnoDBDialect|HSQLDialect
# ticketreg.database.batchSize=10
# ticketreg.database.driverClass=org.hsqldb.jdbcDriver
# ticketreg.database.url=jdbc:hsqldb:mem:cas-ticket-registry
# ticketreg.database.user=sa
# ticketreg.database.password=
# ticketreg.database.pool.minSize=6
# ticketreg.database.pool.maxSize=18
# ticketreg.database.pool.maxWait=10000
# ticketreg.database.pool.maxIdleTime=120
# ticketreg.database.pool.acquireIncrement=6
# ticketreg.database.pool.idleConnectionTestPeriod=30
# ticketreg.database.pool.connectionHealthQuery=select 1
# ticketreg.database.pool.acquireRetryAttempts=5
# ticketreg.database.pool.acquireRetryDelay=2000
# ticketreg.database.pool.connectionHealthQuery=select 1
##
# JPA Service Registry Database Configuration
#
# svcreg.database.ddl.auto=create-drop
# svcreg.database.dialect=org.hibernate.dialect.OracleDialect|MySQLInnoDBDialect|HSQLDialect
# svcreg.database.hibernate.batchSize=10
# svcreg.database.driverClass=org.hsqldb.jdbcDriver
# svcreg.database.url=jdbc:hsqldb:mem:cas-ticket-registry
# svcreg.database.user=sa
# svcreg.database.password=
# svcreg.database.pool.minSize=6
# svcreg.database.pool.maxSize=18
# svcreg.database.pool.maxWait=10000
# svcreg.database.pool.maxIdleTime=120
# svcreg.database.pool.acquireIncrement=6
# svcreg.database.pool.idleConnectionTestPeriod=30
# svcreg.database.pool.connectionHealthQuery=select 1
# svcreg.database.pool.acquireRetryAttempts=5
# svcreg.database.pool.acquireRetryDelay=2000
# svcreg.database.pool.connectionHealthQuery=select 1
##
# CAS SSO Cookie Generation & Security
# See https://github.com/mitreid-connect/json-web-key-generator
#
# Do note that the following settings MUST be generated per deployment.
#
# The encryption secret key. By default, must be a octet string of size 256.
# tgc.encryption.key=
# The signing secret key. By default, must be a octet string of size 512.
# tgc.signing.key=
# Decides whether SSO cookie should be created only under secure connections.
# tgc.secure=true
# The expiration value of the SSO cookie
# tgc.maxAge=-1
# The name of the SSO cookie
# tgc.name=TGC
# The path to which the SSO cookie will be scoped
# tgc.path=/cas
# The expiration value of the SSO cookie for long-term authentications
# tgc.remember.me.maxAge=1209600
# Decides whether SSO Warning cookie should be created only under secure connections.
# warn.cookie.secure=true
# The expiration value of the SSO Warning cookie
# warn.cookie.maxAge=-1
# The name of the SSO Warning cookie
# warn.cookie.name=CASPRIVACY
# The path to which the SSO Warning cookie will be scoped
# warn.cookie.path=/cas
# Whether we should track the most recent session by keeping the latest service ticket
# tgt.onlyTrackMostRecentSession = true
##
# CAS UI Theme Resolution
#
# cas.themeResolver.defaultThemeName=cas-theme-default
# cas.themeResolver.pathprefix=/WEB-INF/view/jsp/
# cas.themeResolver.param.name=theme
# Location of the Spring xml config file where views may be collected
# cas.viewResolver.xmlFile=/META-INF/spring/views.xml
##
# CAS Logout Behavior
# WEB-INF/cas-servlet.xml
#
# Specify whether CAS should redirect to the specified service parameter on /logout requests
# cas.logout.followServiceRedirects=false
##
# CAS Cached Attributes Timeouts
# Controls the cached attribute expiration policy
#
# Notes the duration in which attributes will be kept alive
# cas.attrs.timeToExpireInHours=2
##
# Single Sign-On Session
#
# Indicates whether an SSO session should be created for renewed authentication requests.
# create.sso.renewed.authn=true
#
# Indicates whether an SSO session can be created if no service is present.
# create.sso.missing.service=true
##
# CAS Authentication Policy
#
# cas.authn.policy.any.tryall=false
# cas.authn.policy.req.tryall=false
# cas.authn.policy.req.handlername=handlerName
##
# CAS PersonDirectory Principal Resolution
#
# cas.principal.resolver.persondir.principal.attribute=cn
# cas.principal.resolver.persondir.return.null=false
##
# CAS Internationalization
#
# locale.default=en
# locale.param.name=locale
# message.bundle.encoding=UTF-8
# message.bundle.cacheseconds=180
# message.bundle.fallback.systemlocale=false
# message.bundle.usecode.message=true
# message.bundle.basenames=classpath:custom_messages,classpath:messages
##
# CAS Authentication Throttling
#
#cas.throttle.failure.threshold=
#cas.throttle.failure.range.seconds=
#cas.throttle.username.parameter=
#cas.throttle.appcode=
#cas.throttle.authn.failurecode=
#cas.throttle.audit.query=
##
# CAS Health Monitoring
#
# cas.monitor.st.warn.threshold=5000
# cas.monitor.tgt.warn.threshold=10000
# cas.monitor.free.mem.threshold=10
##
# CAS MongoDB Service Registry
#
# mongodb.host=mongodb database url
# mongodb.port=mongodb database port
# mongodb.userId=mongodb userid to bind
# mongodb.userPassword=mongodb password to bind
# cas.service.registry.mongo.db=Collection name to store service definitions
# mongodb.timeout=5000
##
# Spring Webflow Web Application Session
# Define the settings that are required to encrypt and persist the CAS web application session.
# See the cas-servlet.xml file to understand how these properties are used.
#
# The encryption secret key. By default, must be a octet string of size 256.
# webflow.encryption.key=
# The signing secret key. By default, must be a octet string of size 512.
# webflow.signing.key=
##
# Remote User Authentication
#
# ip.address.range=
##
# Apache Shiro Authentication
#
# shiro.authn.requiredRoles=
# shiro.authn.requiredPermissions=
# shiro.authn.config.file=classpath:shiro.ini
##
# YubiKey Authentication
#
# yubikey.client.id=
# yubikey.secret.key=
##
# JDBC Authentication
#
# cas.jdbc.authn.query.encode.sql=
# cas.jdbc.authn.query.encode.alg=
# cas.jdbc.authn.query.encode.salt.static=
# cas.jdbc.authn.query.encode.password=
# cas.jdbc.authn.query.encode.salt=
# cas.jdbc.authn.query.encode.iterations.field=
# cas.jdbc.authn.query.encode.iterations=
# cas.jdbc.authn.query.sql=
# cas.jdbc.authn.search.password=
# cas.jdbc.authn.search.user=
# cas.jdbc.authn.search.table=
##
# Duo security 2fa authentication provider
# https://www.duosecurity.com/docs/duoweb#1.-generate-an-akey
#
# cas.duo.api.host=
# cas.duo.integration.key=
# cas.duo.secret.key=
# cas.duo.application.key=
##
# File Authentication
#
# file.authn.filename=classpath:people.txt
# file.authn.separator=::
##
# General Authentication
#
# cas.principal.transform.upperCase=false
# cas.authn.password.encoding.char=UTF-8
# cas.authn.password.encoding.alg=SHA-256
# cas.principal.transform.prefix=
# cas.principal.transform.suffix=
##
# X509 Authentication
#
# cas.x509.authn.crl.checkAll=false
# cas.x509.authn.crl.throw.failure=true
# cas.x509.authn.crl.refresh.interval=
# cas.x509.authn.revocation.policy.threshold=
# cas.x509.authn.trusted.issuer.dnpattern=
# cas.x509.authn.max.path.length=
# cas.x509.authn.max.path.length.unspecified=
# cas.x509.authn.check.key.usage=
# cas.x509.authn.require.key.usage=
# cas.x509.authn.subject.dnpattern=
# cas.x509.authn.principal.descriptor=
# cas.x509.authn.principal.serial.no.prefix=
# cas.x509.authn.principal.value.delim=
##
# Accepted Users Authentication
#
accept.authn.users=casuser::Mellon
##
# Rejected Users Authentication
#
# reject.authn.users=
##
# JAAS Authentication
#
# cas.authn.jaas.realm=CAS
# cas.authn.jaas.kerb.realm=
# cas.authn.jaas.kerb.kdc=
##
# Single Sign-On Session TGT Timeouts
#
# Inactivity Timeout Policy
# tgt.timeout.maxTimeToLiveInSeconds=28800
# Hard Timeout Policy
# tgt.timeout.hard.maxTimeToLiveInSeconds
#
# Throttled Timeout Policy
# tgt.throttled.maxTimeToLiveInSeconds=28800
# tgt.throttled.timeInBetweenUsesInSeconds=5
# Default Expiration Policy
# tgt.maxTimeToLiveInSeconds=28800
# tgt.timeToKillInSeconds=7200
##
# Service Ticket Timeout
#
# st.timeToKillInSeconds=10
# st.numberOfUses=1
##
# Http Client Settings
#
# The http client read timeout in milliseconds
# http.client.read.timeout=5000
# The http client connection timeout in milliseconds
# http.client.connection.timeout=5000
#
# The http client truststore file, in addition to the default's
# http.client.truststore.file=classpath:truststore.jks
#
# The http client truststore's password
# http.client.truststore.psw=changeit
##
# Single Logout Out Callbacks
#
# To turn off all back channel SLO requests set this to true
# slo.callbacks.disabled=false
#
# To send callbacks to endpoints synchronously, set this to false
# slo.callbacks.asynchronous=true
##
# CAS Protocol Security Filter
#
# Are multi-valued parameters accepted?
# cas.http.allow.multivalue.params=false
# Define the list of request parameters to examine for sanity
# cas.http.check.params=ticket,service,renew,gateway,warn,target,SAMLart,pgtUrl,pgt,pgtId,pgtIou,targetService
# Define the list of request parameters only allowed via POST
# cas.http.allow.post.params=username,password
##
# JSON Service Registry
#
# Directory location where JSON service files may be found.
# service.registry.config.location=classpath:services
##
# Service Registry Periodic Reloading Scheduler
# Default sourced from WEB-INF/spring-configuration/applicationContext.xml
#
# Force a startup delay of 2 minutes.
# service.registry.quartz.reloader.startDelay=120000
#
# Reload services every 2 minutes
# service.registry.quartz.reloader.repeatInterval=120000
##
# Background Scheduler
#
# Wait for scheduler to finish running before shutting down CAS.
# scheduler.shutdown.wait=true
#
# Attempt to interrupt background jobs when shutting down CAS
# scheduler.shutdown.interruptJobs=true
##
# Audits
#
# Use single line format for audit blocks
# cas.audit.singleline=true
# Separator to use between each fields in a single audit event
# cas.audit.singleline.separator=|
# Application code for audits
# cas.audit.appcode=CAS
#
## JDBC Audits
#
#cas.audit.max.agedays=
#cas.audit.database.dialect=
#cas.audit.database.batchSize=
#cas.audit.database.ddl.auto=
#cas.audit.database.gen.ddl=
#cas.audit.database.show.sql=
#cas.audit.database.driverClass=
#cas.audit.database.url=
#cas.audit.database.user=
#cas.audit.database.password=
#cas.audit.database.pool.minSize=
#cas.audit.database.pool.minSize=
#cas.audit.database.pool.maxSize=
#cas.audit.database.pool.maxIdleTime=
#cas.audit.database.pool.maxWait=
#cas.audit.database.pool.acquireIncrement=
#cas.audit.database.pool.acquireRetryAttempts=
#cas.audit.database.pool.acquireRetryDelay=
#cas.audit.database.pool.idleConnectionTestPeriod=
#cas.audit.database.pool.connectionHealthQuery=
##
# Metrics
# Default sourced from WEB-INF/spring-configuration/metricsConfiguration.xml:
#
# Define how often should metric data be reported. Default is 30 seconds.
# metrics.refresh.internal=30s
##
# Encoding
#
# Set the encoding to use for requests. Default is UTF-8
# httprequest.web.encoding=UTF-8
# Default is true. Switch this to "false" to not enforce the specified encoding in any case,
# applying it as default response encoding as well.
# httprequest.web.encoding.force=true
##
# Response Headers
#
# httpresponse.header.cache=false
# httpresponse.header.hsts=false
# httpresponse.header.xframe=false
# httpresponse.header.xcontent=false
# httpresponse.header.xss=false
##
# SAML
#
# Indicates the SAML response issuer
# cas.saml.response.issuer=localhost
#
# Indicates the skew allowance which controls the issue instant of the SAML response
# cas.saml.response.skewAllowance=0
#
# Indicates whether SAML ticket id generation should be saml2-compliant.
# cas.saml.ticketid.saml2=false
##
# Default Ticket Registry
#
# default.ticket.registry.initialcapacity=1000
# default.ticket.registry.loadfactor=1
# default.ticket.registry.concurrency=20
##
# Ticket Registry Cleaner
#
# Indicates how frequently the Ticket Registry cleaner should run. Configured in seconds.
# ticket.registry.cleaner.startdelay=20
# ticket.registry.cleaner.repeatinterval=5000
##
# Ticket ID Generation
#
# lt.ticket.maxlength=20
# st.ticket.maxlength=20
# tgt.ticket.maxlength=50
# pgt.ticket.maxlength=50
##
# Google Apps public/private key
#
# cas.saml.googleapps.publickey.file=file:/etc/cas/public.key
# cas.saml.googleapps.privatekey.file=file:/etc/cas/private.p8
# cas.saml.googleapps.key.alg=RSA
##
# WS-FED
#
# The claim from ADFS that should be used as the user's identifier.
# cas.wsfed.idp.idattribute=upn
#
# Federation Service identifier
# cas.wsfed.idp.id=https://adfs.example.org/adfs/services/trust
#
# The ADFS login url.
# cas.wsfed.idp.url=https://adfs.example.org/adfs/ls/
#
# Identifies resource(s) that point to ADFS's signing certificates.
# These are used verify the WS Federation token that is returned by ADFS.
# Multiple certificates may be separated by comma.
# cas.wsfed.idp.signingcerts=classpath:adfs-signing.crt
#
# Unique identifier that will be set in the ADFS configuration.
# cas.wsfed.rp.id=urn:cas:localhost
#
# Slack dealing with time-drift between the ADFS Server and the CAS Server.
# cas.wsfed.idp.tolerance=10000
#
# Decides which bundle of attributes should be resolved during WS-FED authentication.
# cas.wsfed.idp.attribute.resolver.enabled=true
# cas.wsfed.idp.attribute.resolver.type=WSFED
##
# LDAP User Details
#
# ldap.userdetails.service.user.attr=
# ldap.userdetails.service.role.attr=
##
# Password Policy
#
# Warn all users of expiration date regardless of warningDays value.
# password.policy.warnAll=false
# Threshold number of days to begin displaying password expiration warnings.
# password.policy.warningDays=30
# URL to which the user will be redirected to change the password.
# password.policy.url=https://password.example.edu/change
# password.policy.warn.attribute.name=attributeName
# password.policy.warn.attribute.value=attributeValue
# password.policy.warn.display.matched=true
##
# CAS REST API Services
#
# cas.rest.services.attributename=
# cas.rest.services.attributevalue=
##
# Ticket Registry
#
# Secret key to use when encrypting tickets in a distributed ticket registry.
# ticket.encryption.secretkey=C@$W3bSecretKey!
# Seed to use when encrypting tickets in a distributed ticket registry.
# ticket.encryption.seed=S!ngl3$ign0n4W3b
# Secret key to use when signing tickets in a distributed ticket registry.
# By default, must be a octet string of size 512.
# ticket.signing.secretkey=szxK-5_eJjs-aUj-64MpUZ-GPPzGLhYPLGl0wrYjYNVAGva2P0lLe6UGKGM7k8dWxsOVGutZWgvmY3l5oVPO3w
# Secret key algorithm used
# ticket.secretkey.alg=AES
##
# Hazelcast Ticket Registry
#
# hz.config.location=file:/etc/cas/hazelcast.xml
# hz.mapname=tickets
# hz.cluster.logging.type=slf4j
# hz.cluster.portAutoIncrement=true
# hz.cluster.port=5701
# hz.cluster.multicast.enabled=false
# hz.cluster.members=cas1.example.com,cas2.example.com
# hz.cluster.tcpip.enabled=true
# hz.cluster.multicast.enabled=false
# hz.cluster.max.heapsize.percentage=85
# hz.cluster.max.heartbeat.seconds=5
# hz.cluster.eviction.percentage=10
# hz.cluster.eviction.policy=LRU
# hz.cluster.instance.name=${host.name}
##
# Ehcache Ticket Registry
#
# ehcache.config.file=classpath:ehcache-replicated.xml
# ehcache.cachemanager.shared=false
# ehcache.cachemanager.name=ticketRegistryCacheManager
# ehcache.disk.expiry.interval.seconds=0
# ehcache.disk.persistent=false
# ehcache.eternal=false
# ehcache.max.elements.memory=10000
# ehcache.max.elements.disk=0
# ehcache.eviction.policy=LRU
# ehcache.overflow.disk=false
# ehcache.cache.st.name=org.jasig.cas.ticket.ServiceTicket
# ehcache.cache.st.timeIdle=0
# ehcache.cache.st.timeAlive=300
# ehcache.cache.tgt.name=org.jasig.cas.ticket.TicketGrantingTicket
# ehcache.cache.tgt.timeIdle=7201
# ehcache.cache.tgt.timeAlive=0
# ehcache.cache.loader.async=true
# ehcache.cache.loader.chunksize=5000000
# ehcache.repl.async.interval=10000
# ehcache.repl.async.batch.size=100
# ehcache.repl.sync.puts=true
# ehcache.repl.sync.putscopy=true
# ehcache.repl.sync.updates=true
# ehcache.repl.sync.updatesCopy=true
# ehcache.repl.sync.removals=true
##
# Ehcache Monitoring
#
# cache.monitor.warn.free.threshold=10
# cache.monitor.eviction.threshold=0
##
# Memcached Ticket Registry
#
# memcached.servers=localhost:11211
# memcached.hashAlgorithm=FNV1_64_HASH
# memcached.protocol=BINARY
# memcached.locatorType=ARRAY_MOD
# memcached.failureMode=Redistribute
##
# Memcached Monitoring
#
# cache.monitor.warn.free.threshold=10
# cache.monitor.eviction.threshold=0
##
# RADIUS Authentication Server
#
# cas.radius.client.inetaddr=localhost
# cas.radius.client.port.acct=
# cas.radius.client.socket.timeout=60
# cas.radius.client.port.authn=
# cas.radius.client.sharedsecret=N0Sh@ar3d$ecReT
# cas.radius.server.protocol=EAP_MSCHAPv2
# cas.radius.server.retries=3
# cas.radius.server.nasIdentifier=-1
# cas.radius.server.nasPort=-1
# cas.radius.server.nasPortId=-1
# cas.radius.server.nasRealPort=-1
# cas.radius.server.nasPortType=-1
# cas.radius.server.nasIpAddress=
# cas.radius.server.nasIpv6Address=
# cas.radius.failover.authn=false
# cas.radius.failover.exception=false
##
# SPNEGO Authentication
#
# cas.spnego.ldap.attribute=spnegoattribute
# cas.spnego.ldap.filter=host={0}
# cas.spnego.ldap.basedn=
# cas.spnego.hostname.pattern=.+
# cas.spnego.ip.pattern=
# cas.spnego.alt.remote.host.attribute
# cas.spengo.use.principal.domain=false
# cas.spnego.ntlm.allowed=true
# cas.spnego.kerb.debug=false
# cas.spnego.kerb.realm=EXAMPLE.COM
# cas.spnego.kerb.kdc=172.10.1.10
# cas.spnego.login.conf.file=/path/to/login
# cas.spnego.jcifs.domain=
# cas.spnego.jcifs.domaincontroller=
# cas.spnego.jcifs.netbios.cache.policy:600
# cas.spnego.jcifs.netbios.wins=
# cas.spnego.jcifs.password=
# cas.spnego.jcifs.service.password=
# cas.spnego.jcifs.socket.timeout:300000
# cas.spnego.jcifs.username=
# cas.spnego.kerb.conf=
# cas.spnego.ntlm=false
# cas.spnego.supportedBrowsers=MSIE,Trident,Firefox,AppleWebKit
# cas.spnego.mixed.mode.authn=false
# cas.spnego.send.401.authn.failure=false
# cas.spnego.principal.resolver.transform=NONE
# cas.spnego.service.principal=HTTP/cas.example.com@EXAMPLE.COM
##
# NTLM Authentication
#
# ntlm.authn.domain.controller=
# ntlm.authn.include.pattern=
# ntlm.authn.load.balance=true
##
# Authentication delegation using pac4j
#
# cas.pac4j.client.authn.typedidused=true
# cas.pac4j.facebook.id=
# cas.pac4j.facebook.secret=
# cas.pac4j.facebook.scope=
# cas.pac4j.facebook.fields=
# cas.pac4j.twitter.id=
# cas.pac4j.twitter.secret=
# cas.pac4j.saml.keystorePassword=
# cas.pac4j.saml.privateKeyPassword=
# cas.pac4j.saml.keystorePath=
# cas.pac4j.saml.identityProviderMetadataPath=
# cas.pac4j.saml.maximumAuthenticationLifetime=
# cas.pac4j.saml.serviceProviderEntityId=
# cas.pac4j.saml.serviceProviderMetadataPath=
# cas.pac4j.cas.loginUrl=
# cas.pac4j.cas.protocol=
# cas.pac4j.oidc.id=
# cas.pac4j.oidc.secret=
# cas.pac4j.oidc.discoveryUri=
# cas.pac4j.oidc.useNonce=
# cas.pac4j.oidc.preferredJwsAlgorithm=
# cas.pac4j.oidc.maxClockSkew=
# cas.pac4j.oidc.customParamKey1=
# cas.pac4j.oidc.customParamValue1=
# cas.pac4j.oidc.customParamKey2=
# cas.pac4j.oidc.customParamValue2=

6
etc/cas/config/cas.properties
View File

@ -1,6 +0,0 @@
cas.server.name=https://cas.example.org:8443
cas.server.prefix=${cas.server.name}/cas
logging.config: file:/etc/cas/config/log4j2.xml
# cas.authn.accept.users=

119
etc/cas/config/log4j2.xml
View File

@ -1,119 +0,0 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!-- Specify the refresh internal in seconds. -->
<Configuration monitorInterval="5" packages="org.apereo.cas.logging">
<Properties>
<Property name="baseDir">/var/log</Property>
<Property name="cas.log.level">info</Property>
<Property name="spring.webflow.log.level">warn</Property>
<Property name="spring.security.log.level">info</Property>
<Property name="spring.cloud.log.level">warn</Property>
<Property name="spring.boot.admin.log.level">debug</Property>
<Property name="spring.web.log.level">warn</Property>
<Property name="spring.boot.log.level">warn</Property>
<Property name="ldap.log.level">warn</Property>
<Property name="pac4j.log.level">warn</Property>
<Property name="opensaml.log.level">warn</Property>
<Property name="hazelcast.log.level">warn</Property>
</Properties>
<Appenders>
<Console name="console" target="SYSTEM_OUT">
<PatternLayout pattern="%highlight{%d %p [%c] - &lt;%m&gt;}%n"/>
</Console>
<RollingFile name="file" fileName="${baseDir}/cas.log" append="true"
filePattern="${baseDir}/cas-%d{yyyy-MM-dd-HH}-%i.log">
<PatternLayout pattern="%d %p [%c] - &lt;%m&gt;%n"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10 MB"/>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>
<RollingFile name="auditlogfile" fileName="${baseDir}/cas_audit.log" append="true"
filePattern="${baseDir}/cas_audit-%d{yyyy-MM-dd-HH}-%i.log">
<PatternLayout pattern="%d %p [%c] - %m%n"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10 MB"/>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>
<CasAppender name="casAudit">
<AppenderRef ref="auditlogfile" />
</CasAppender>
<CasAppender name="casFile">
<AppenderRef ref="file" />
</CasAppender>
<CasAppender name="casConsole">
<AppenderRef ref="console" />
</CasAppender>
</Appenders>
<Loggers>
<!-- If adding a Logger with level set higher than warn, make category as selective as possible -->
<!-- Loggers inherit appenders from Root Logger unless additivity is false -->
<AsyncLogger name="org.apereo" level="${sys:cas.log.level}" includeLocation="true"/>
<AsyncLogger name="org.apereo.services.persondir" level="${sys:cas.log.level}" includeLocation="true"/>
<AsyncLogger name="org.apereo.cas.web.flow" level="${sys:cas.log.level}" includeLocation="true"/>
<AsyncLogger name="org.apereo.spring" level="${sys:cas.log.level}" includeLocation="true"/>
<AsyncLogger name="org.apache" level="warn" />
<AsyncLogger name="org.apache.http" level="error" />
<AsyncLogger name="org.springframework.boot" level="${sys:spring.boot.log.level" includeLocation="true"/>
<AsyncLogger name="org.springframework.boot.context.embedded" level="info" includeLocation="true" />
<AsyncLogger name="org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration"
level="${sys:spring.security.log.level}" includeLocation="true" />
<AsyncLogger name="org.springframework.boot.autoconfigure.security" level="${sys:spring.security.log.level}" includeLocation="true"/>
<AsyncLogger name="org.springframework.boot.devtools" level="off" includeLocation="true"/>
<AsyncLogger name="org.springframework" level="warn" includeLocation="true" />
<AsyncLogger name="org.springframework.webflow" level="${sys:spring.webflow.log.level}" includeLocation="true"/>
<AsyncLogger name="org.springframework.aop" level="warn" includeLocation="true" />
<AsyncLogger name="org.springframework.web" level="warn" includeLocation="true"/>
<AsyncLogger name="org.springframework.session" level="warn" includeLocation="true"/>
<AsyncLogger name="org.springframework.scheduling" level="info" includeLocation="true"/>
<AsyncLogger name="org.springframework.cloud.vault" level="warn" includeLocation="true" />
<AsyncLogger name="org.springframework.web.client" level="warn" includeLocation="true" />
<AsyncLogger name="org.springframework.security" level="${sys:spring.security.log.level}" includeLocation="true"/>
<AsyncLogger name="org.springframework.cloud" level="${sys:spring.cloud.log.level}" includeLocation="true"/>
<AsyncLogger name="org.springframework.amqp" level="error" />
<AsyncLogger name="org.springframework.integration" level="warn" includeLocation="true"/>
<AsyncLogger name="org.springframework.messaging" level="warn" includeLocation="true"/>
<AsyncLogger name="org.springframework.web" level="${sys:spring.web.log.level}" includeLocation="true"/>
<AsyncLogger name="org.springframework.orm.jpa" level="warn" includeLocation="true"/>
<AsyncLogger name="org.springframework.scheduling" level="warn" includeLocation="true"/>
<AsyncLogger name="org.springframework.context.annotation" level="off" includeLocation="true"/>
<AsyncLogger name="org.springframework.web.socket" level="warn" includeLocation="true"/>
<AsyncLogger name="org.thymeleaf" level="warn" includeLocation="true"/>
<AsyncLogger name="org.pac4j" level="${sys:pac4j.log.level}" includeLocation="true"/>
<AsyncLogger name="org.opensaml" level="${sys:opensaml.log.level}" includeLocation="true"/>
<AsyncLogger name="PROTOCOL_MESSAGE" level="${sys:opensaml.log.level}" includeLocation="true" />
<AsyncLogger name="net.sf.ehcache" level="warn" includeLocation="true"/>
<AsyncLogger name="com.couchbase" level="warn" includeLocation="true"/>
<AsyncLogger name="de.codecentric" level="${sys:spring.boot.admin.log.level}" includeLocation="true"/>
<AsyncLogger name="net.jradius" level="warn" includeLocation="true" />
<AsyncLogger name="org.openid4java" level="warn" includeLocation="true" />
<AsyncLogger name="org.ldaptive" level="${sys:ldap.log.level}" includeLocation="true"/>
<AsyncLogger name="com.hazelcast" level="${sys:hazelcast.log.level}" includeLocation="true"/>
<!-- Log audit to all root appenders, and also to audit log (additivity is not false) -->
<AsyncLogger name="org.apereo.inspektr.audit.support" level="info" includeLocation="true" >
<AppenderRef ref="casAudit"/>
</AsyncLogger>
<!-- All Loggers inherit appenders specified here, unless additivity="false" on the Logger -->
<AsyncRoot level="warn">
<AppenderRef ref="casFile"/>
<!--
For deployment to an application server running as service,
delete the casConsole appender below
-->
<AppenderRef ref="casConsole"/>
</AsyncRoot>
</Loggers>
</Configuration>

1
etc/cas/saml/.gitkeep
View File

@ -1 +0,0 @@
This directory is references in the Dockerfile so it needs to be here.

0
etc/cas/services/.donotdel
View File

BIN
etc/cas/thekeystore
View File

Binary file not shown.

48
etc/jetty/jetty-https.xml Executable file
View File

@ -0,0 +1,48 @@
<?xml version="1.0"?>
<!--
Licensed to Apereo under one or more contributor license
agreements. See the NOTICE file distributed with this work
for additional information regarding copyright ownership.
Apereo licenses this file to you under the Apache License,
Version 2.0 (the "License"); you may not use this file
except in compliance with the License. You may obtain a
copy of the License at the following location:
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
<!-- ============================================================= -->
<!-- Configure a HTTPS connector. -->
<!-- This configuration must be used in conjunction with jetty.xml -->
<!-- and jetty-ssl.xml. -->
<!-- ============================================================= -->
<Configure id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
<Call name="addIfAbsentConnectionFactory">
<Arg>
<New class="org.eclipse.jetty.server.SslConnectionFactory">
<Arg name="next">http/1.1</Arg>
<Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
</New>
</Arg>
</Call>
<Call name="addConnectionFactory">
<Arg>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="sslHttpConfig" /></Arg>
</New>
</Arg>
</Call>
</Configure>

111
etc/jetty/jetty-ssl.xml Executable file
View File

@ -0,0 +1,111 @@
<?xml version="1.0"?>
<!--
~ Licensed to Apereo under one or more contributor license
~ agreements. See the NOTICE file distributed with this work
~ for additional information regarding copyright ownership.
~ Apereo licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file
~ except in compliance with the License. You may obtain a
~ copy of the License at the following location:
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
<!-- ============================================================= -->
<!-- Base SSL configuration -->
<!-- This configuration needs to be used together with 1 or more -->
<!-- of jetty-https.xml or jetty-http2.xml -->
<!-- ============================================================= -->
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="KeyStorePath"><Property name="jetty.ssl.keystore.path" default="/etc/cas/jetty/thekeystore" /></Set>
<Set name="KeyStorePassword"><Property name="jetty.ssl.keystore.password" default="changeit" /></Set>
<Set name="KeyManagerPassword"><Property name="jetty.ssl.keymanager.password" default="changeit" /></Set>
<Set name="TrustStorePath"><Property name="jetty.ssl.truststore.path" default="/etc/cas/jetty/thekeystore" /></Set>
<Set name="TrustStorePassword"><Property name="jetty.ssl.truststore.password" default="changeit" /></Set>
</New>
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="acceptors" type="int"><Property name="http.acceptors" default="-1"/></Arg>
<Arg name="selectors" type="int"><Property name="http.selectors" default="-1"/></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="httpConfig" /></Arg>
</New>
</Item>
</Array>
</Arg>
<Set name="host"><Property name="jetty.host" /></Set>
<Set name="port"><Property name="jetty.port" default="8080" /></Set>
<Set name="idleTimeout"><Property name="http.timeout" default="30000"/></Set>
<Set name="soLingerTime"><Property name="http.soLingerTime" default="-1"/></Set>
<Set name="acceptorPriorityDelta"><Property name="http.acceptorPriorityDelta" default="0"/></Set>
<Set name="selectorPriorityDelta"><Property name="http.selectorPriorityDelta" default="0"/></Set>
<Set name="acceptQueueSize"><Property name="http.acceptQueueSize" default="0"/></Set>
</New>
</Arg>
</Call>
<!-- =========================================================== -->
<!-- Add a SSL Connector with no protocol factories -->
<!-- =========================================================== -->
<Call name="addConnector">
<Arg>
<New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="acceptors" type="int"><Property name="jetty.ssl.acceptors" deprecated="ssl.acceptors" default="-1"/></Arg>
<Arg name="selectors" type="int"><Property name="jetty.ssl.selectors" deprecated="ssl.selectors" default="-1"/></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<!-- uncomment to support proxy protocol
<Item>
<New class="org.eclipse.jetty.server.ProxyConnectionFactory"/>
</Item>-->
</Array>
</Arg>
<Set name="host"><Property name="jetty.ssl.host" deprecated="jetty.host" /></Set>
<Set name="port"><Property name="jetty.ssl.port" deprecated="ssl.port" default="8443" /></Set>
<Set name="idleTimeout"><Property name="jetty.ssl.idleTimeout" deprecated="ssl.timeout" default="30000"/></Set>
<Set name="soLingerTime"><Property name="jetty.ssl.soLingerTime" deprecated="ssl.soLingerTime" default="-1"/></Set>
<Set name="acceptorPriorityDelta"><Property name="jetty.ssl.acceptorPriorityDelta" deprecated="ssl.acceptorPriorityDelta" default="0"/></Set>
<Set name="acceptQueueSize"><Property name="jetty.ssl.acceptQueueSize" deprecated="ssl.acceptQueueSize" default="0"/></Set>
</New>
</Arg>
</Call>
<!-- =========================================================== -->
<!-- Create a TLS specific HttpConfiguration based on the -->
<!-- common HttpConfiguration defined in jetty.xml -->
<!-- Add a SecureRequestCustomizer to extract certificate and -->
<!-- session information -->
<!-- =========================================================== -->
<New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Arg><Ref refid="httpConfig"/></Arg>
<Call name="addCustomizer">
<Arg>
<New class="org.eclipse.jetty.server.SecureRequestCustomizer">
<Arg type="boolean"><Property name="jetty.ssl.sniHostCheck" default="true"/></Arg>
</New>
</Arg>
</Call>
</New>
</Configure>

151
etc/jetty/jetty.xml Executable file
View File

@ -0,0 +1,151 @@
<?xml version="1.0"?>
<!--
Licensed to Apereo under one or more contributor license
agreements. See the NOTICE file distributed with this work
for additional information regarding copyright ownership.
Apereo licenses this file to you under the Apache License,
Version 2.0 (the "License"); you may not use this file
except in compliance with the License. You may obtain a
copy of the License at the following location:
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
<!-- =============================================================== -->
<!-- Documentation of this file format can be found at: -->
<!-- http://wiki.eclipse.org/Jetty/Reference/jetty.xml_syntax -->
<!-- -->
<!-- Additional configuration files are available in $JETTY_HOME/etc -->
<!-- and can be mixed in. See start.ini file for the default -->
<!-- configuration files. -->
<!-- -->
<!-- For a description of the configuration mechanism, see the -->
<!-- output of: -->
<!-- java -jar start.jar -? -->
<!-- =============================================================== -->
<!-- =============================================================== -->
<!-- Configure a Jetty Server instance with an ID "Server" -->
<!-- Other configuration files may also configure the "Server" -->
<!-- ID, in which case they are adding configuration to the same -->
<!-- instance. If other configuration have a different ID, they -->
<!-- will create and configure another instance of Jetty. -->
<!-- Consult the javadoc of o.e.j.server.Server for all -->
<!-- configuration that may be set here. -->
<!-- =============================================================== -->
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<!-- =========================================================== -->
<!-- Configure the Server Thread Pool. -->
<!-- The server holds a common thread pool which is used by -->
<!-- default as the executor used by all connectors and servlet -->
<!-- dispatches. -->
<!-- -->
<!-- Configuring a fixed thread pool is vital to controlling the -->
<!-- maximal memory footprint of the server and is a key tuning -->
<!-- parameter for tuning. In an application that rarely blocks -->
<!-- then maximal threads may be close to the number of 5*CPUs. -->
<!-- In an application that frequently blocks, then maximal -->
<!-- threads should be set as high as possible given the memory -->
<!-- available. -->
<!-- -->
<!-- Consult the javadoc of o.e.j.util.thread.QueuedThreadPool -->
<!-- for all configuration that may be set here. -->
<!-- =========================================================== -->
<!-- uncomment to change type of threadpool
<Arg name="threadpool"><New id="threadpool" class="org.eclipse.jetty.util.thread.QueuedThreadPool"/></Arg>
-->
<Get name="ThreadPool">
<Set name="minThreads" type="int"><Property name="jetty.threadPool.minThreads" deprecated="threads.min" default="10"/></Set>
<Set name="maxThreads" type="int"><Property name="jetty.threadPool.maxThreads" deprecated="threads.max" default="200"/></Set>
<Set name="idleTimeout" type="int"><Property name="jetty.threadPool.idleTimeout" deprecated="threads.timeout" default="60000"/></Set>
<Set name="detailedDump">false</Set>
</Get>
<!-- =========================================================== -->
<!-- Add shared Scheduler instance -->
<!-- =========================================================== -->
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.util.thread.ScheduledExecutorScheduler"/>
</Arg>
</Call>
<!-- =========================================================== -->
<!-- Http Configuration. -->
<!-- This is a common configuration instance used by all -->
<!-- connectors that can carry HTTP semantics (HTTP, HTTPS, etc.)-->
<!-- It configures the non wire protocol aspects of the HTTP -->
<!-- semantic. -->
<!-- -->
<!-- This configuration is only defined here and is used by -->
<!-- reference from other XML files such as jetty-http.xml, -->
<!-- jetty-https.xml and other configuration files which -->
<!-- instantiate the connectors. -->
<!-- -->
<!-- Consult the javadoc of o.e.j.server.HttpConfiguration -->
<!-- for all configuration that may be set here. -->
<!-- =========================================================== -->
<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Set name="secureScheme"><Property name="jetty.httpConfig.secureScheme" default="https" /></Set>
<Set name="securePort"><Property name="jetty.httpConfig.securePort" deprecated="jetty.secure.port" default="8443" /></Set>
<Set name="outputBufferSize"><Property name="jetty.httpConfig.outputBufferSize" deprecated="jetty.output.buffer.size" default="32768" /></Set>
<Set name="outputAggregationSize"><Property name="jetty.httpConfig.outputAggregationSize" deprecated="jetty.output.aggregation.size" default="8192" /></Set>
<Set name="requestHeaderSize"><Property name="jetty.httpConfig.requestHeaderSize" deprecated="jetty.request.header.size" default="8192" /></Set>
<Set name="responseHeaderSize"><Property name="jetty.httpConfig.responseHeaderSize" deprecated="jetty.response.header.size" default="8192" /></Set>
<Set name="sendServerVersion"><Property name="jetty.httpConfig.sendServerVersion" deprecated="jetty.send.server.version" default="true" /></Set>
<Set name="sendDateHeader"><Property name="jetty.httpConfig.sendDateHeader" deprecated="jetty.send.date.header" default="false" /></Set>
<Set name="headerCacheSize"><Property name="jetty.httpConfig.headerCacheSize" default="512" /></Set>
<Set name="delayDispatchUntilContent"><Property name="jetty.httpConfig.delayDispatchUntilContent" deprecated="jetty.delayDispatchUntilContent" default="true"/></Set>
<!-- Uncomment to enable handling of X-Forwarded- style headers
<Call name="addCustomizer">
<Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
</Call>
-->
</New>
<!-- =========================================================== -->
<!-- Set the default handler structure for the Server -->
<!-- A handler collection is used to pass received requests to -->
<!-- both the ContextHandlerCollection, which selects the next -->
<!-- handler by context path and virtual host, and the -->
<!-- DefaultHandler, which handles any requests not handled by -->
<!-- the context handlers. -->
<!-- Other handlers may be added to the "Handlers" collection, -->
<!-- for example the jetty-requestlog.xml file adds the -->
<!-- RequestLogHandler after the default handler -->
<!-- =========================================================== -->
<Set name="handler">
<New id="Handlers" class="org.eclipse.jetty.server.handler.HandlerCollection">
<Set name="handlers">
<Array type="org.eclipse.jetty.server.Handler">
<Item>
<New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/>
</Item>
<Item>
<New id="DefaultHandler" class="org.eclipse.jetty.server.handler.DefaultHandler"/>
</Item>
</Array>
</Set>
</New>
</Set>
<!-- =========================================================== -->
<!-- extra server options -->
<!-- =========================================================== -->
<Set name="stopAtShutdown"><Property name="jetty.server.stopAtShutdown" default="true"/></Set>
<Set name="stopTimeout">5000</Set>
<Set name="dumpAfterStart"><Property name="jetty.server.dumpAfterStart" deprecated="jetty.dump.start" default="false"/></Set>
<Set name="dumpBeforeStop"><Property name="jetty.server.dumpBeforeStop" deprecated="jetty.dump.stop" default="false"/></Set>
</Configure>

24
etc/jetty/web.xml Executable file
View File

@ -0,0 +1,24 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Licensed to Apereo under one or more contributor license
~ agreements. See the NOTICE file distributed with this work
~ for additional information regarding copyright ownership.
~ Apereo licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file
~ except in compliance with the License. You may obtain a
~ copy of the License at the following location:
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0"
metadata-complete="true">
</web-app>

61
etc/log4j2.xml Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!-- Specify the refresh internal in seconds. -->
<Configuration monitorInterval="60">
<Appenders>
<Console name="console" target="SYSTEM_OUT">
<PatternLayout pattern="%d %p [%c] - &lt;%m&gt;%n"/>
</Console>
<RollingFile name="file" fileName="cas.log" append="true"
filePattern="cas-%d{yyyy-MM-dd-HH}-%i.log">
<PatternLayout pattern="%d %p [%c] - %m%n"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10 MB"/>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>
<RollingFile name="auditlogfile" fileName="cas_audit.log" append="true"
filePattern="cas_audit-%d{yyyy-MM-dd-HH}-%i.log">
<PatternLayout pattern="%d %p [%c] - %m%n"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10 MB"/>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>
<RollingFile name="perfFileAppender" fileName="perfStats.log" append="true"
filePattern="perfStats-%d{yyyy-MM-dd-HH}-%i.log">
<PatternLayout pattern="%m%n"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10 MB"/>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>
</Appenders>
<Loggers>
<AsyncLogger name="org.jasig" level="info" additivity="false" includeLocation="true">
<AppenderRef ref="console"/>
<AppenderRef ref="file"/>
</AsyncLogger>
<AsyncLogger name="org.springframework" level="warn" />
<AsyncLogger name="org.springframework.webflow" level="warn" />
<AsyncLogger name="org.springframework.web" level="warn" />
<Logger name="org.pac4j" level="warn" />
<AsyncLogger name="perfStatsLogger" level="info" additivity="false" includeLocation="true">
<AppenderRef ref="perfFileAppender"/>
</AsyncLogger>
<AsyncLogger name="org.jasig.cas.web.flow" level="info" additivity="true" includeLocation="true">
<AppenderRef ref="file"/>
</AsyncLogger>
<AsyncLogger name="org.jasig.inspektr.audit.support" level="info" includeLocation="true">
<AppenderRef ref="auditlogfile"/>
<AppenderRef ref="file"/>
</AsyncLogger>
<AsyncRoot level="error">
<AppenderRef ref="console"/>
</AsyncRoot>
</Loggers>
</Configuration>

28
gradle.properties
View File

@ -1,28 +0,0 @@
# Versions
cas.version=6.2.0-SNAPSHOT
springBootVersion=2.2.5.RELEASE
# Use -jetty, -undertow to other containers
# Or blank if you want to deploy to an external container
appServer=-tomcat
executable=false
tomcatVersion=9.0.33
group=org.apereo.cas
sourceCompatibility=11
targetCompatibility=11
jibVersion=2.1.0
# Location of the downloaded CAS shell JAR
shellDir=build/libs
ivyVersion=2.4.0
gradleDownloadTaskVersion=3.4.3
gradleMavenPluginVersion=4.1.5
gradleLombokPluginVersion=4.1.5
# use without "-slim" in tag name if you want tools like jstack, adds about 100MB to image size
# (https://hub.docker.com/r/adoptopenjdk/openjdk11/tags/)
baseDockerImage=adoptopenjdk/openjdk11:alpine-jre
allowInsecureRegistries=false

52
gradle/dockerjib.gradle
View File

@ -1,52 +0,0 @@
apply plugin: "com.google.cloud.tools.jib"
jib {
from {
image = project.baseDockerImage
}
to {
image = "${project.group}/${project.name}"
/**
ecr-login: Amazon Elastic Container Registry (ECR)
gcr: Google Container Registry (GCR)
osxkeychain: Docker Hub
*/
credHelper = "osxkeychain"
/**
auth {
username = "*******"
password = "*******"
}
*/
tags = ["v" + casServerVersion]
}
container {
creationTime = "USE_CURRENT_TIMESTAMP"
entrypoint = ['docker/entrypoint.sh']
ports = ['80', '443', '8080', '8443']
labels = [version:casServerVersion, name:project.name, group:project.group]
}
extraDirectories {
paths = 'src/main/jib'
permissions = [
'/docker/entrypoint.sh': '755'
]
}
allowInsecureRegistries = project.allowInsecureRegistries
}
task copyWebAppIntoJib(type: Copy, group: "Docker", description: "Copy the web application into Docker image") {
dependsOn build
from "build/libs/${casWebApplicationBinaryName}"
into "src/main/jib/docker/cas/war"
}
task copyConfigIntoJib(type: Copy, group: "Docker", description: "Copy the CAS configuration into Docker image") {
dependsOn build
from "etc/cas"
into "src/main/jib/docker/cas"
}
task deleteWebAppFromJib(type: Delete, group: "Docker", description: "Explodes the CAS web application archive") {
delete "src/main/jib/docker/cas"
}

101
gradle/springboot.gradle
View File

@ -1,101 +0,0 @@
apply plugin: "org.springframework.boot"
configurations {
bootRunConfig.extendsFrom compileClasspath
}
dependencies {
bootRunConfig "org.apereo.cas:cas-server-webapp-init:${casServerVersion}"
bootRunConfig "org.apereo.cas:cas-server-webapp-tomcat:${casServerVersion}"
bootRunConfig "org.springframework.boot:spring-boot-devtools:${project.springBootVersion}"
}
sourceSets {
bootRunSources {
resources {
srcDirs new File("//etc/cas/templates/"),
new File("${project.getProjectDir()}/src/main/resources/")
}
}
}
bootRun {
classpath = configurations.bootRunConfig + sourceSets.main.compileClasspath + sourceSets.main.runtimeClasspath
doFirst {
sourceResources sourceSets.bootRunSources
systemProperties = System.properties
}
def list = []
list.add("-XX:TieredStopAtLevel=1")
list.add("-Xverify:none")
list.add("--add-modules")
list.add("java.se")
list.add("--add-exports")
list.add("java.base/jdk.internal.ref=ALL-UNNAMED")
list.add("--add-opens")
list.add("java.base/java.lang=ALL-UNNAMED")
list.add("--add-opens")
list.add("java.base/java.nio=ALL-UNNAMED")
list.add("--add-opens")
list.add("java.base/sun.nio.ch=ALL-UNNAMED")
list.add("--add-opens")
list.add("java.management/sun.management=ALL-UNNAMED")
list.add("--add-opens")
list.add("jdk.management/com.sun.management.internal=ALL-UNNAMED")
list.add("-XX:+UnlockExperimentalVMOptions")
list.add("-XX:+EnableJVMCI")
list.add("-XX:+UseJVMCICompiler")
list.add("-Xrunjdwp:transport=dt_socket,address=5000,server=y,suspend=n")
jvmArgs = list
def appArgList = []
args = appArgList
}
springBoot {
buildInfo()
mainClassName = "org.apereo.cas.web.CasWebApplication"
}
bootWar {
def executable = project.hasProperty("executable") && Boolean.valueOf(project.getProperty("executable"))
if (executable) {
logger.info "Including launch script for executable WAR artifact"
launchScript()
} else {
logger.info "WAR artifact is not marked as an executable"
}
archiveName "${casWebApplicationBinaryName}"
baseName "cas"
excludeDevtools = false
entryCompression = ZipEntryCompression.STORED
/*
attachClasses = true
classesClassifier = 'classes'
archiveClasses = true
*/
overlays {
/*
https://docs.freefair.io/gradle-plugins/current/reference/#_io_freefair_war_overlay
Note: The "excludes" property is only for files in the war dependency.
If a jar is excluded from the war, it could be brought back into the final war as a dependency
of non-war dependencies. Those should be excluded via normal gradle dependency exclusions.
*/
cas {
from "org.apereo.cas:cas-server-webapp${project.appServer}:${casServerVersion}@war"
provided = false
/*
excludes = ["WEB-INF/lib/somejar-1.0*"]
enableCompilation = true
includes = ["*.xyz"]
targetPath = "sub-path/bar"
skip = false
*/
}
}
}

331
gradle/tasks.gradle
View File

@ -1,331 +0,0 @@
import org.apache.ivy.util.url.ApacheURLLister
import org.apache.tools.ant.taskdefs.condition.Os
import org.gradle.internal.logging.text.StyledTextOutputFactory
import java.nio.file.Files
import java.nio.file.Paths
import java.nio.file.StandardCopyOption
import static org.gradle.internal.logging.text.StyledTextOutput.Style
buildscript {
repositories {
mavenLocal()
mavenCentral()
jcenter()
maven {
url "https://oss.sonatype.org/content/repositories/snapshots"
mavenContent { snapshotsOnly() }
}
}
dependencies {
classpath "org.apache.ivy:ivy:${project.ivyVersion}"
classpath "org.apereo.cas:cas-server-core-api-configuration-model:${project.'cas.version'}"
classpath "org.apereo.cas:cas-server-core-configuration-metadata-repository:${project.'cas.version'}"
}
}
apply plugin: "de.undercouch.download"
def tomcatDirectory = "${buildDir}/apache-tomcat-${tomcatVersion}"
project.ext."tomcatDirectory" = tomcatDirectory
def explodedDir = "${buildDir}/cas"
def explodedResourcesDir = "${buildDir}/cas-resources"
def resourceJarName = "cas-server-webapp-resources"
task copyCasConfiguration(type: Copy, group: "build", description: "Copy the CAS configuration from this project to /etc/cas/config") {
from "etc/cas/config"
into new File('/etc/cas/config').absolutePath
doFirst {
new File('/etc/cas/config').mkdirs()
}
}
task explodeWarOnly(type: Copy, group: "build", description: "Explodes the CAS web application archive") {
dependsOn 'build'
from zipTree("build/libs/${casWebApplicationBinaryName}")
into explodedDir
}
task explodeWar(type: Copy, group: "build", description: "Explodes the CAS archive and resources jar from the CAS web application archive") {
dependsOn explodeWarOnly
from zipTree("${explodedDir}/WEB-INF/lib/${resourceJarName}-${casServerVersion}.jar")
into explodedResourcesDir
}
task run(group: "build", description: "Run the CAS web application in embedded container mode") {
dependsOn 'build'
doLast {
def casRunArgs = Arrays.asList("-server -noverify -Xmx2048M -XX:+TieredCompilation -XX:TieredStopAtLevel=1".split(" "))
javaexec {
main = "-jar"
jvmArgs = casRunArgs
args = ["build/libs/${casWebApplicationBinaryName}"]
systemProperties = System.properties
logger.info "Started ${commandLine}"
}
}
}
task setExecutable(group: "build", description: "Configure the project to run in executable mode") {
doFirst {
project.setProperty("executable", "true")
logger.info "Configuring the project as executable"
}
}
task executable(type: Exec, group: "build", description: "Run the CAS web application in standalone executable mode") {
dependsOn setExecutable, 'build'
doFirst {
workingDir "."
if (!Os.isFamily(Os.FAMILY_WINDOWS)) {
commandLine "chmod", "+x", bootWar.archivePath
}
logger.info "Running ${bootWar.archivePath}"
commandLine bootWar.archivePath
}
}
task debug(group: "build", description: "Debug the CAS web application in embedded mode on port 5005") {
dependsOn 'build'
doLast {
logger.info "Debugging process is started in a suspended state, listening on port 5005."
def casArgs = Arrays.asList("-Xmx2048M".split(" "))
javaexec {
main = "-jar"
jvmArgs = casArgs
debug = true
args = ["build/libs/${casWebApplicationBinaryName}"]
systemProperties = System.properties
logger.info "Started ${commandLine}"
}
}
}
task downloadShell(group: "shell", description: "Download CAS shell jar from snapshot or release maven repo") {
doFirst {
mkdir "${project.shellDir}"
}
doLast {
def downloadFile
if (isRunningCasServerSnapshot(casServerVersion)) {
def snapshotDir = "https://oss.sonatype.org/content/repositories/snapshots/org/apereo/cas/cas-server-support-shell/${casServerVersion}/"
def files = new ApacheURLLister().listFiles(new URL(snapshotDir))
files = files.sort { it.path }
files.each {
if (it.path.endsWith(".jar")) {
downloadFile = it
}
}
} else {
downloadFile = "https://repo1.maven.org/maven2/org/apereo/cas/cas-server-support-shell/${casServerVersion}/cas-server-support-shell-${casServerVersion}.jar"
}
logger.info "Downloading file: ${downloadFile}"
download {
src downloadFile
dest new File("${project.shellDir}", "cas-server-support-shell-${casServerVersion}.jar")
overwrite false
}
}
}
task runShell(group: "shell", description: "Run the CAS shell") {
dependsOn downloadShell
doLast {
println "Run the following command to launch the shell:\n\tjava -jar ${project.shellDir}/cas-server-support-shell-${casServerVersion}.jar"
}
}
task debugShell(group: "shell", description: "Run the CAS shell with debug options, wait for debugger on port 5005") {
dependsOn downloadShell
doLast {
println """
Run the following command to launch the shell:\n\t
java -Xrunjdwp:transport=dt_socket,address=5000,server=y,suspend=y -jar ${project.shellDir}/cas-server-support-shell-${casServerVersion}.jar
"""
}
}
task showConfiguration(group: "build", description: "Show configurations for each dependency, etc") {
doLast() {
def cfg = project.hasProperty("configuration") ? project.property("configuration") : "compile"
configurations.getByName(cfg).each { println it }
}
}
task allDependenciesInsight(group: "build", type: DependencyInsightReportTask, description: "Produce insight information for all dependencies") {}
task allDependencies(group: "build", type: DependencyReportTask, description: "Display a graph of all project dependencies") {}
task casVersion(group: "build", description: "Display the current CAS version") {
doFirst {
def verbose = project.hasProperty("verbose") && Boolean.valueOf(project.getProperty("verbose"))
if (verbose) {
def out = services.get(StyledTextOutputFactory).create("CAS")
println "******************************************************************"
out.withStyle(Style.Info).println "Apereo CAS $casServerVersion"
out.withStyle(Style.Description).println "Enterprise Single SignOn for all earthlings and beyond"
out.withStyle(Style.SuccessHeader).println "- GitHub: "
out.withStyle(Style.Success).println "https://github.com/apereo/cas"
out.withStyle(Style.SuccessHeader).println "- Docs: "
out.withStyle(Style.Success).println "https://apereo.github.io/cas"
out.withStyle(Style.SuccessHeader).println "- Blog: "
out.withStyle(Style.Success).println "https://apereo.github.io"
println "******************************************************************"
} else {
println casServerVersion
}
}
}
task createKeystore(group: "build", description: "Create CAS keystore") {
doFirst {
mkdir "/etc/cas"
def keystorePath = "/etc/cas/thekeystore"
def dn = "CN=cas.example.org,OU=Example,OU=Org,C=US"
if (project.hasProperty("certificateDn")) {
dn = project.getProperty("certificateDn")
}
def subjectAltName = "dns:example.org,dns:localhost,ip:127.0.0.1"
if (project.hasProperty("certificateSubAltName")) {
subjectAltName = project.getProperty("certificateSubAltName")
}
// this will fail if thekeystore exists and has cert with cas alias already (so delete if you want to recreate)
logger.info "Generating keystore for CAS with DN ${dn}"
exec {
workingDir "."
commandLine "keytool", "-genkeypair", "-alias", "cas",
"-keyalg", "RSA",
"-keypass", "changeit", "-storepass", "changeit",
"-keystore", keystorePath,
"-dname", dn, "-ext", "SAN=${subjectAltName}"
}
logger.info "Exporting cert from keystore..."
exec {
workingDir "."
commandLine "keytool", "-exportcert", "-alias", "cas",
"-storepass", "changeit", "-keystore", keystorePath,
"-file", "/etc/cas/cas.cer"
}
logger.info "Import /etc/cas/cas.cer into your Java truststore (JAVA_HOME/lib/security/cacerts)"
}
}
task listTemplateViews(group: "build", description: "List all CAS views") {
dependsOn explodeWar
doFirst {
fileTree(explodedResourcesDir).matching {
include "**/*.html"
}
.collect { it.name }
.toSorted()
.each { println it }
}
}
task exportConfigMetadata(group: "build", description: "Export collection of CAS properties") {
doLast {
def file = new File(project.rootDir, 'config-metadata.properties')
file.withWriter('utf-8') { writer ->
def metadataRepository = new org.apereo.cas.metadata.CasConfigurationMetadataRepository()
def repository = metadataRepository.repository;
repository.allGroups
.values()
.sort { o1, o2 -> o1.id <=> o2.id }
.each({ group ->
def groupProperties = group.properties
if (!groupProperties.isEmpty()) {
def groupId = group.id.equalsIgnoreCase("_ROOT_GROUP_") ? "" : group.id + "."
writer.writeLine("# Group ${group.id}");
writer.writeLine("# ====================")
groupProperties
.values()
.sort { o1, o2 -> o1.id <=> o2.id }
.each({ property ->
def description = property.shortDescription
if (!property.shortDescription?.equalsIgnoreCase(property.description) && property.description != null) {
description = property.description.replace('\n', '#')
}
writer.writeLine("# ${description}");
writer.writeLine("# Type: ${property.type}");
if (property.deprecated) {
def deprecation = property.deprecation
writer.writeLine("# This setting is deprecated with a severity level of ${deprecation.level}.")
if (deprecation.shortReason != null) {
writer.writeLine("# because ${deprecation.shortReason}")
}
if (deprecation.replacement != null) {
writer.writeLine("# Replace with: ${deprecation.replacement}")
}
}
property.hints.valueHints.each {
if (it.value instanceof Object[]) {
if (it.value[0].toString().contains("RequiresModule")) {
writer.writeLine("# Required module: org.apereo.cas:${it.description}")
writer.writeLine("# Automatically included/available: ${it.value[1]}")
}
}
if (it.value.toString().contains("RequiredProperty")) {
writer.writeLine("# Note: This setting is required!")
}
}
writer.writeLine("${groupId}${property.name}=${property.defaultValue}")
writer.writeLine("")
});
}
});
}
println "Configuration metadata is available at ${file.absolutePath}"
}
}
task getResource(group: "build", description: "Fetch a CAS resource and move it into the overlay") {
dependsOn explodeWar
doFirst {
def resourceName = project.getProperty("resourceName")
def results = fileTree(explodedResourcesDir).matching {
include "**/${resourceName}.*"
include "**/${resourceName}"
}
if (results.isEmpty()) {
println "No resources could be found matching ${resourceName}"
return
}
if (results.size() > 1) {
println "Multiple resources found matching ${resourceName}: ${results}"
return
}
def fromFile = explodedResourcesDir
def resourcesDir = "src/main/resources"
mkdir resourcesDir
def resourceFile = results[0].canonicalPath
def toResourceFile = resourceFile.replace(fromFile, resourcesDir)
def parent = file(toResourceFile).getParent()
mkdir parent
Files.copy(Paths.get(resourceFile), Paths.get(toResourceFile), StandardCopyOption.REPLACE_EXISTING)
println "Copied file ${resourceFile} to ${toResourceFile}"
}
}
def isRunningCasServerSnapshot(casServerVersion) {
return "${casServerVersion}".contains("-SNAPSHOT")
}
task verifyRequiredJavaVersion {
logger.info "Checking current Java version ${JavaVersion.current()} for required Java version ${project.targetCompatibility}"
if (!JavaVersion.current().name.equalsIgnoreCase("${project.targetCompatibility}")) {
throw new GradleException("Current Java version ${JavaVersion.current()} does not match required Java version ${project.targetCompatibility}")
}
}

BIN
gradle/wrapper/gradle-wrapper.jar vendored
View File

Binary file not shown.

5
gradle/wrapper/gradle-wrapper.properties vendored
View File

@ -1,5 +0,0 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-6.2-bin.zip
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists

183
gradlew vendored
View File

@ -1,183 +0,0 @@
#!/usr/bin/env sh
#
# Copyright 2015 the original author or authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
##############################################################################
##
## Gradle start up script for UN*X
##
##############################################################################
# Attempt to set APP_HOME
# Resolve links: $0 may be a link
PRG="$0"
# Need this for relative symlinks.
while [ -h "$PRG" ] ; do
ls=`ls -ld "$PRG"`
link=`expr "$ls" : '.*-> \(.*\)$'`
if expr "$link" : '/.*' > /dev/null; then
PRG="$link"
else
PRG=`dirname "$PRG"`"/$link"
fi
done
SAVED="`pwd`"
cd "`dirname \"$PRG\"`/" >/dev/null
APP_HOME="`pwd -P`"
cd "$SAVED" >/dev/null
APP_NAME="Gradle"
APP_BASE_NAME=`basename "$0"`
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD="maximum"
warn () {
echo "$*"
}
die () {
echo
echo "$*"
echo
exit 1
}
# OS specific support (must be 'true' or 'false').
cygwin=false
msys=false
darwin=false
nonstop=false
case "`uname`" in
CYGWIN* )
cygwin=true
;;
Darwin* )
darwin=true
;;
MINGW* )
msys=true
;;
NONSTOP* )
nonstop=true
;;
esac
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
# Determine the Java command to use to start the JVM.
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
JAVACMD="$JAVA_HOME/jre/sh/java"
else
JAVACMD="$JAVA_HOME/bin/java"
fi
if [ ! -x "$JAVACMD" ] ; then
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
else
JAVACMD="java"
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
# Increase the maximum file descriptors if we can.
if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
MAX_FD_LIMIT=`ulimit -H -n`
if [ $? -eq 0 ] ; then
if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
MAX_FD="$MAX_FD_LIMIT"
fi
ulimit -n $MAX_FD
if [ $? -ne 0 ] ; then
warn "Could not set maximum file descriptor limit: $MAX_FD"
fi
else
warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
fi
fi
# For Darwin, add options to specify how the application appears in the dock
if $darwin; then
GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
fi
# For Cygwin or MSYS, switch paths to Windows format before running java
if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
APP_HOME=`cygpath --path --mixed "$APP_HOME"`
CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
JAVACMD=`cygpath --unix "$JAVACMD"`
# We build the pattern for arguments to be converted via cygpath
ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
SEP=""
for dir in $ROOTDIRSRAW ; do
ROOTDIRS="$ROOTDIRS$SEP$dir"
SEP="|"
done
OURCYGPATTERN="(^($ROOTDIRS))"
# Add a user-defined pattern to the cygpath arguments
if [ "$GRADLE_CYGPATTERN" != "" ] ; then
OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
fi
# Now convert the arguments - kludge to limit ourselves to /bin/sh
i=0
for arg in "$@" ; do
CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
else
eval `echo args$i`="\"$arg\""
fi
i=`expr $i + 1`
done
case $i in
0) set -- ;;
1) set -- "$args0" ;;
2) set -- "$args0" "$args1" ;;
3) set -- "$args0" "$args1" "$args2" ;;
4) set -- "$args0" "$args1" "$args2" "$args3" ;;
5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
esac
fi
# Escape application args
save () {
for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
echo " "
}
APP_ARGS=`save "$@"`
# Collect all arguments for the java command, following the shell quoting and substitution rules
eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
exec "$JAVACMD" "$@"

103
gradlew.bat vendored
View File

@ -1,103 +0,0 @@
@rem
@rem Copyright 2015 the original author or authors.
@rem
@rem Licensed under the Apache License, Version 2.0 (the "License");
@rem you may not use this file except in compliance with the License.
@rem You may obtain a copy of the License at
@rem
@rem https://www.apache.org/licenses/LICENSE-2.0
@rem
@rem Unless required by applicable law or agreed to in writing, software
@rem distributed under the License is distributed on an "AS IS" BASIS,
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
@if "%DEBUG%" == "" @echo off
@rem ##########################################################################
@rem
@rem Gradle startup script for Windows
@rem
@rem ##########################################################################
@rem Set local scope for the variables with windows NT shell
if "%OS%"=="Windows_NT" setlocal
set DIRNAME=%~dp0
if "%DIRNAME%" == "" set DIRNAME=.
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
@rem Resolve any "." and ".." in APP_HOME to make it shorter.
for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
@rem Find java.exe
if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
if "%ERRORLEVEL%" == "0" goto init
echo.
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:findJavaFromJavaHome
set JAVA_HOME=%JAVA_HOME:"=%
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
if exist "%JAVA_EXE%" goto init
echo.
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:init
@rem Get command-line arguments, handling Windows variants
if not "%OS%" == "Windows_NT" goto win9xME_args
:win9xME_args
@rem Slurp the command line arguments.
set CMD_LINE_ARGS=
set _SKIP=2
:win9xME_args_slurp
if "x%~1" == "x" goto execute
set CMD_LINE_ARGS=%*
:execute
@rem Setup the command line
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
@rem Execute Gradle
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
:end
@rem End local scope for the variables with windows NT shell
if "%ERRORLEVEL%"=="0" goto mainEnd
:fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
rem the _cmd.exe /c_ return code!
if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
exit /b 1
:mainEnd
if "%OS%"=="Windows_NT" endlocal
:omega

2
lombok.config
View File

@ -1,2 +0,0 @@
# This file is generated by the 'io.freefair.lombok' Gradle plugin
config.stopBubbling = true

BIN
maven/maven-wrapper.jar Normal file
View File

Binary file not shown.

3
maven/maven-wrapper.properties Normal file
View File

@ -0,0 +1,3 @@
#Maven download properties
#Tue Nov 17 21:07:15 MST 2015
distributionUrl=https\://repository.apache.org/content/repositories/releases/org/apache/maven/apache-maven/3.3.3/apache-maven-3.3.3-bin.zip

234
mvnw vendored Executable file
View File

@ -0,0 +1,234 @@
#!/bin/sh
# ----------------------------------------------------------------------------
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# ----------------------------------------------------------------------------
# ----------------------------------------------------------------------------
# Maven2 Start Up Batch script
#
# Required ENV vars:
# ------------------
# JAVA_HOME - location of a JDK home dir
#
# Optional ENV vars
# -----------------
# M2_HOME - location of maven2's installed home dir
# MAVEN_OPTS - parameters passed to the Java VM when running Maven
# e.g. to debug Maven itself, use
# set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
# MAVEN_SKIP_RC - flag to disable loading of mavenrc files
# ----------------------------------------------------------------------------
if [ -z "$MAVEN_SKIP_RC" ] ; then
if [ -f /etc/mavenrc ] ; then
. /etc/mavenrc
fi
if [ -f "$HOME/.mavenrc" ] ; then
. "$HOME/.mavenrc"
fi
fi
# OS specific support. $var _must_ be set to either true or false.
cygwin=false;
darwin=false;
mingw=false
case "`uname`" in
CYGWIN*) cygwin=true ;;
MINGW*) mingw=true;;
Darwin*) darwin=true
#
# Look for the Apple JDKs first to preserve the existing behaviour, and then look
# for the new JDKs provided by Oracle.
#
if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK ] ; then
#
# Apple JDKs
#
export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home
fi
if [ -z "$JAVA_HOME" ] && [ -L /System/Library/Java/JavaVirtualMachines/CurrentJDK ] ; then
#
# Apple JDKs
#
export JAVA_HOME=/System/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home
fi
if [ -z "$JAVA_HOME" ] && [ -L "/Library/Java/JavaVirtualMachines/CurrentJDK" ] ; then
#
# Oracle JDKs
#
export JAVA_HOME=/Library/Java/JavaVirtualMachines/CurrentJDK/Contents/Home
fi
if [ -z "$JAVA_HOME" ] && [ -x "/usr/libexec/java_home" ]; then
#
# Apple JDKs
#
export JAVA_HOME=`/usr/libexec/java_home`
fi
;;
esac
if [ -z "$JAVA_HOME" ] ; then
if [ -r /etc/gentoo-release ] ; then
JAVA_HOME=`java-config --jre-home`
fi
fi
if [ -z "$M2_HOME" ] ; then
## resolve links - $0 may be a link to maven's home
PRG="$0"
# need this for relative symlinks
while [ -h "$PRG" ] ; do
ls=`ls -ld "$PRG"`
link=`expr "$ls" : '.*-> \(.*\)$'`
if expr "$link" : '/.*' > /dev/null; then
PRG="$link"
else
PRG="`dirname "$PRG"`/$link"
fi
done
saveddir=`pwd`
M2_HOME=`dirname "$PRG"`/..
# make it fully qualified
M2_HOME=`cd "$M2_HOME" && pwd`
cd "$saveddir"
# echo Using m2 at $M2_HOME
fi
# For Cygwin, ensure paths are in UNIX format before anything is touched
if $cygwin ; then
[ -n "$M2_HOME" ] &&
M2_HOME=`cygpath --unix "$M2_HOME"`
[ -n "$JAVA_HOME" ] &&
JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
[ -n "$CLASSPATH" ] &&
CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
fi
# For Migwn, ensure paths are in UNIX format before anything is touched
if $mingw ; then
[ -n "$M2_HOME" ] &&
M2_HOME="`(cd "$M2_HOME"; pwd)`"
[ -n "$JAVA_HOME" ] &&
JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
# TODO classpath?
fi
if [ -z "$JAVA_HOME" ]; then
javaExecutable="`which javac`"
if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
# readlink(1) is not available as standard on Solaris 10.
readLink=`which readlink`
if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
if $darwin ; then
javaHome="`dirname \"$javaExecutable\"`"
javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
else
javaExecutable="`readlink -f \"$javaExecutable\"`"
fi
javaHome="`dirname \"$javaExecutable\"`"
javaHome=`expr "$javaHome" : '\(.*\)/bin'`
JAVA_HOME="$javaHome"
export JAVA_HOME
fi
fi
fi
if [ -z "$JAVACMD" ] ; then
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
JAVACMD="$JAVA_HOME/jre/sh/java"
else
JAVACMD="$JAVA_HOME/bin/java"
fi
else
JAVACMD="`which java`"
fi
fi
if [ ! -x "$JAVACMD" ] ; then
echo "Error: JAVA_HOME is not defined correctly." >&2
echo " We cannot execute $JAVACMD" >&2
exit 1
fi
if [ -z "$JAVA_HOME" ] ; then
echo "Warning: JAVA_HOME environment variable is not set."
fi
CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
# For Cygwin, switch paths to Windows format before running java
if $cygwin; then
[ -n "$M2_HOME" ] &&
M2_HOME=`cygpath --path --windows "$M2_HOME"`
[ -n "$JAVA_HOME" ] &&
JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
[ -n "$CLASSPATH" ] &&
CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
fi
# traverses directory structure from process work directory to filesystem root
# first directory with .mvn subdirectory is considered project base directory
find_maven_basedir() {
local basedir=$(pwd)
local wdir=$(pwd)
while [ "$wdir" != '/' ] ; do
wdir=$(cd "$wdir/.."; pwd)
if [ -d "$wdir"/.mvn ] ; then
basedir=$wdir
break
fi
done
echo "${basedir}"
}
# concatenates all lines of a file
concat_lines() {
if [ -f "$1" ]; then
echo "$(tr -s '\n' ' ' < "$1")"
fi
}
export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-$(find_maven_basedir)}
MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
# Provide a "standardized" way to retrieve the CLI args that will
# work with both Windows and non-Windows executions.
MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@"
export MAVEN_CMD_LINE_ARGS
WRAPPER_LAUNCHER="org.apache.maven.wrapper.MavenWrapperMain"
exec "$JAVACMD" \
$MAVEN_OPTS \
"-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
-classpath \
"$MAVEN_PROJECTBASEDIR/maven/maven-wrapper.jar" \
${WRAPPER_LAUNCHER} "$@"

174
mvnw.bat Executable file
View File

@ -0,0 +1,174 @@
@REM ----------------------------------------------------------------------------
@REM Licensed to the Apache Software Foundation (ASF) under one
@REM or more contributor license agreements. See the NOTICE file
@REM distributed with this work for additional information
@REM regarding copyright ownership. The ASF licenses this file
@REM to you under the Apache License, Version 2.0 (the
@REM "License"); you may not use this file except in compliance
@REM with the License. You may obtain a copy of the License at
@REM
@REM http://www.apache.org/licenses/LICENSE-2.0
@REM
@REM Unless required by applicable law or agreed to in writing,
@REM software distributed under the License is distributed on an
@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
@REM KIND, either express or implied. See the License for the
@REM specific language governing permissions and limitations
@REM under the License.
@REM ----------------------------------------------------------------------------
@REM ----------------------------------------------------------------------------
@REM Maven2 Start Up Batch script
@REM
@REM Required ENV vars:
@REM JAVA_HOME - location of a JDK home dir
@REM
@REM Optional ENV vars
@REM M2_HOME - location of maven2's installed home dir
@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending
@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
@REM e.g. to debug Maven itself, use
@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
@REM ----------------------------------------------------------------------------
@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
@echo off
@REM enable echoing my setting MAVEN_BATCH_ECHO to 'on'
@if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
@REM set %HOME% to equivalent of $HOME
if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
@REM Execute a user defined script before this one
if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
@REM check for pre script, once with legacy .bat ending and once with .cmd ending
if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
:skipRcPre
@setlocal
set ERROR_CODE=0
@REM To isolate internal variables from possible post scripts, we use another setlocal
@setlocal
@REM ==== START VALIDATION ====
if not "%JAVA_HOME%" == "" goto OkJHome
echo.
echo Error: JAVA_HOME not found in your environment. >&2
echo Please set the JAVA_HOME variable in your environment to match the >&2
echo location of your Java installation. >&2
echo.
goto error
:OkJHome
if exist "%JAVA_HOME%\bin\java.exe" goto chkMHome
echo.
echo Error: JAVA_HOME is set to an invalid directory. >&2
echo JAVA_HOME = "%JAVA_HOME%" >&2
echo Please set the JAVA_HOME variable in your environment to match the >&2
echo location of your Java installation. >&2
echo.
goto error
:chkMHome
if not "%M2_HOME%"=="" goto valMHome
SET "M2_HOME=%~dp0.."
if not "%M2_HOME%"=="" goto valMHome
echo.
echo Error: M2_HOME not found in your environment. >&2
echo Please set the M2_HOME variable in your environment to match the >&2
echo location of the Maven installation. >&2
echo.
goto error
:valMHome
:stripMHome
if not "_%M2_HOME:~-1%"=="_\" goto checkMCmd
set "M2_HOME=%M2_HOME:~0,-1%"
goto stripMHome
:checkMCmd
if exist "%M2_HOME%\bin\mvn.cmd" goto init
echo.
echo Error: M2_HOME is set to an invalid directory. >&2
echo M2_HOME = "%M2_HOME%" >&2
echo Please set the M2_HOME variable in your environment to match the >&2
echo location of the Maven installation >&2
echo.
goto error
@REM ==== END VALIDATION ====
:init
set MAVEN_CMD_LINE_ARGS=%*
@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
@REM Fallback to current working directory if not found.
set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
set EXEC_DIR=%CD%
set WDIR=%EXEC_DIR%
:findBaseDir
IF EXIST "%WDIR%"\.mvn goto baseDirFound
cd ..
IF "%WDIR%"=="%CD%" goto baseDirNotFound
set WDIR=%CD%
goto findBaseDir
:baseDirFound
set MAVEN_PROJECTBASEDIR=%WDIR%
cd "%EXEC_DIR%"
goto endDetectBaseDir
:baseDirNotFound
set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
cd "%EXEC_DIR%"
:endDetectBaseDir
IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
@setlocal EnableExtensions EnableDelayedExpansion
for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
:endReadAdditionalConfig
SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\maven\maven-wrapper.jar"
set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
%MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% %WRAPPER_LAUNCHER% %MAVEN_CMD_LINE_ARGS%
if ERRORLEVEL 1 goto error
goto end
:error
set ERROR_CODE=1
:end
@endlocal & set ERROR_CODE=%ERROR_CODE%
if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
@REM check for post script, once with legacy .bat ending and once with .cmd ending
if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
:skipRcPost
@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
if "%MAVEN_BATCH_PAUSE%" == "on" pause
if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
exit /B %ERROR_CODE%

103
pom.xml Executable file
View File

@ -0,0 +1,103 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd ">
<modelVersion>4.0.0</modelVersion>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-overlay</artifactId>
<packaging>war</packaging>
<version>1.0</version>
<build>
<plugins>
<plugin>
<groupId>com.rimerosolutions.maven.plugins</groupId>
<artifactId>wrapper-maven-plugin</artifactId>
<version>0.0.4</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>2.6</version>
<configuration>
<warName>cas</warName>
<overlays>
<overlay>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-webapp</artifactId>
<excludes>
<exclude>WEB-INF/cas.properties</exclude>
<exclude>WEB-INF/classes/log4j2.xml</exclude>
</excludes>
</overlay>
</overlays>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.3</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
</configuration>
</plugin>
<plugin>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-maven-plugin</artifactId>
<version>${maven-jetty-plugin.version}</version>
<configuration>
<jettyXml>${basedir}/etc/jetty/jetty.xml,${basedir}/etc/jetty/jetty-ssl.xml,${basedir}/etc/jetty/jetty-https.xml</jettyXml>
<systemProperties>
<systemProperty>
<name>org.eclipse.jetty.annotations.maxWait</name>
<value>240</value>
</systemProperty>
</systemProperties>
<webApp>
<contextPath>/cas</contextPath>
<overrideDescriptor>${basedir}/etc/jetty/web.xml</overrideDescriptor>
</webApp>
<webAppConfig>
<allowDuplicateFragmentNames>true</allowDuplicateFragmentNames>
</webAppConfig>
<jvmArgs>-Dlog4j.configurationFile=/etc/cas/log4j2.xml -Xdebug -Xrunjdwp:transport=dt_socket,address=5000,server=y,suspend=n</jvmArgs>
</configuration>
</plugin>
</plugins>
<finalName>cas</finalName>
</build>
<dependencies>
<dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-webapp</artifactId>
<version>${cas.version}</version>
<type>war</type>
<scope>runtime</scope>
</dependency>
</dependencies>
<properties>
<cas.version>4.2.7</cas.version>
<maven-jetty-plugin.version>9.3.6.v20151106</maven-jetty-plugin.version>
<maven.compiler.source>1.7</maven.compiler.source>
<maven.compiler.target>1.7</maven.compiler.target>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<repositories>
<repository>
<id>sonatype-releases</id>
<url>http://oss.sonatype.org/content/repositories/releases/</url>
</repository>
<repository>
<id>sonatype-snapshots</id>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</repository>
<repository>
<id>shibboleth-releases</id>
<url>https://build.shibboleth.net/nexus/content/repositories/releases</url>
</repository>
</repositories>
</project>

1
settings.gradle
View File

@ -1 +0,0 @@
rootProject.name='cas'

22
src/main/jib/docker/entrypoint.sh
View File

@ -1,22 +0,0 @@
#!/bin/sh
#echo -e "\nChecking java..."
#java -version
#echo -e "\nCreating CAS configuration directories..."
mkdir -p /etc/cas/config
mkdir -p /etc/cas/services
#echo "Listing provided CAS docker artifacts..."
#ls -R docker/cas
#echo -e "\nMoving CAS configuration artifacts..."
mv docker/cas/thekeystore /etc/cas 2>/dev/null
mv docker/cas/config/*.* /etc/cas/config 2>/dev/null
mv docker/cas/services/*.* /etc/cas/services 2>/dev/null
#echo -e "\nListing CAS configuration under /etc/cas..."
#ls -R /etc/cas
echo -e "\nRunning CAS..."
exec java -Xms512m -Xmx2048M -XX:+TieredCompilation -XX:TieredStopAtLevel=1 -jar docker/cas/war/cas.war

41
src/main/webapp/WEB-INF/spring-configuration/propertyFileConfigurer.xml Executable file
View File

@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to Jasig under one or more contributor license
agreements. See the NOTICE file distributed with this work
for additional information regarding copyright ownership.
Jasig licenses this file to you under the Apache License,
Version 2.0 (the "License"); you may not use this file
except in compliance with the License. You may obtain a
copy of the License at the following location:
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<description>
This file lets CAS know where you've stored the cas.properties file which details some of the configuration options
that are specific to your environment. You can specify the location of the file here. You may wish to place the file outside
of the Servlet context if you have options that are specific to a tier (i.e. test vs. production) so that the WAR file
can be moved between tiers without modification.
</description>
<util:properties id="casProperties" location="file:/etc/cas/cas.properties" />
<context:property-placeholder properties-ref="casProperties" />
</beans>

7
src/main/webapp/WEB-INF/web.xml
View File

@ -1,7 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1"
metadata-complete="true"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
</web-app>