JA-SIG（CAS）学习笔记1

linliangyi2007

浏览: 1003486 次
性别:
来自: 福州

最近访客更多访客>>

anyitzy

pos3721

ymgjava

winco304

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

博客分类：

程序人生

SUN Java .net Security Tomcat

实验背景：
系统环境： Windows XP | SUN JDK1.6U4 | Tomcat6.0.14 | CAS Server 3.1.1 + CAS Client 2.1.1
主机完整名称： Linly
浏览器： FireFox V2.0.0.11

实验步骤：
STEP 1，搭建Java Web服务器环境
安装 JDK + Tomcat 6.0.14 ， HTTP端口8080 ， HTTPS端口8443
JAVA_HOME = D:\Java\jdk1.6.0_04
CATALINA_HOME = D:\Java\apache-tomcat-6.0.14
安装完毕，启动Tomcat ，在浏览器上测试 http://Linly:8080/

出现上述界面，表明系统STEP1成功搭建。

STEP 2，使用Java Keytool工具为系统生成HTTPS证书，并为系统注册
（Java Keytool相关资料可参阅：Java keytool 安全证书学习笔记），在DOS窗体运行以下指令（建议编写一个BAT批处理文件执行）

cls
rem please set the env JAVA_HOME before run this bat file
rem delete alia tomcat if it is existed
keytool -delete -alias tomcatsso -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit
keytool -delete -alias tomcatsso -storepass changeit
（注释：清除系统中可能存在的名字为tomcatsso 的同名证书）
rem list all alias in the cacerts
keytool -list -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit
（注释：列出系统证书仓库中存在证书名称列表）
rem generator a key
keytool -genkey -keyalg RSA -alias tomcatsso -dname "cn=linly" -storepass changeit
（注释：指定使用RSA算法，生成别名为tomcatsso的证书，存贮口令为changeit，证书的DN为"cn=linly" ，这个DN必须同当前主机完整名称一致哦，切记！！！）rem export the key
keytool -export -alias tomcatsso -file %java_home%/jre/lib/security/tomcatsso.crt -storepass changeit
（注释：从keystore中导出别名为tomcatsso的证书，生成文件tomcatsso.crt）rem import into trust cacerts
keytool -import -alias tomcatsso -file %java_home%/jre/lib/security/tomcatsso.crt -keystore %java_home%/jre/lib/security/cacerts -storepass changeit
（注释：将tomcatsso.crt导入jre的可信任证书仓库。注意，安装JDK是有两个jre目录，一个在jdk底下，一个是独立的jre，这里的目录必须同Tomcat使用的jre目录一致，否则后面Tomcat的HTTPS通讯就找不到证书了）
rem list all alias in the cacerts
keytool -list -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit
（注释：列出jre可信任证书仓库中证书名单，验证先前的导入是否成功，如果导入成功，应该在列表中能找到tomcatsso这个别名，如下图）[/quote]

同时，在D:\Java\jdk1.6.0_04\jre\lib\security目录下能找到“tomcatsso.crt”这个文件；在C:\Documents and Settings\Linly目录下能找到“.keystore”文件。
满足上述条件则STEP2部署完成。

STEP 3，配置Tomcat的HTTPS服务
编辑D:\Java\apache-tomcat-6.0.14\conf下的server.xml文件，在connector的配置位置添加以下的配置：

引用

启动Tomcat，访问https://linly:8443/，出现以下界面说明HTTPS配置生效：

STEP 4，为HelloWorldExample程序配置CAS过滤器
访问http://linly:8080/examples/servlets/servlet/HelloWorldExample，出现以下界面说明应用正常启动：

编辑D:\Java\apache-tomcat-6.0.14\webapps\examples\WEB-INF下的web.xml文件，添加如下信息：

引用

<filter>
<filter-name>CAS Filter</filter-name>
<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
<param-value>https://Linly:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
<param-value>https://Linly:8443/cas/serviceValidate</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
<param-value>Linly:8080</param-value>
</init-param>
</filter>

引用

<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>/servlets/servlet/HelloWorldExample</url-pattern>
</filter-mapping>

拷贝casclient.jar文件到目录D:\Java\apache-tomcat-6.0.14\webapps\examples\WEB-INF\lib下。
由于我们使用的是Tomcat6.0.14，因此，还要拷贝commons-logging-1.0.4.jar到该目录下。

STEP 5，部署JA-SIG（CAS）服务器
拷贝cas.war到D:\Java\apache-tomcat-6.0.14\webapps目录下。启动Tomcat，访问网址http://linly:8080/cas/index.jsp,出现以下画面：

输入用户名/密码：linly/linly（任意两个相同的字窜），点击“登录”，出现以下画面：

表示CAS服务器配置运行成功。

STEP 6，测试JA-SIG（CAS）部署结果
启动Tomcat。
测试使用浏览器登陆以下网址：http://linly:8080/examples/servlets/servlet/HelloWorldExample，页面将弹出以下认证框，点击“确定”

页面将重定向到JA-SIG的SSO登录认证页面

输入用户名=密码，如：linly/linly，则通过验证，进入应用的入口界面，如下：

细心的用户将发现，此时的URL不再是：
http://linly:8080/examples/servlets/servlet/HelloWorldExample，
URL的尾端带上了一个ticket参数：
http://linly:8080/examples/servlets/servlet/HelloWorldExample?ticket=ST-2-qTcfDrdFb0bWndWgaqZD
到此，JA-SIG（CAS）服务器的初步SSO部署宣告成功。

65
顶

2
踩

分享到：

JA-SIG（CAS）学习笔记2 | Java keytool 安全证书学习笔记

2008-02-26 23:56
浏览 59162
评论(40)
分类:企业架构
查看更多

40 楼 linzaizai2010 2015-05-20

楼主你好，能问下我axis2里面工具wsdl2java 导出客户端要怎么弄啊为什么一直提示证书未找到啊
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present

39 楼 hngmduyi 2013-09-17

38 楼 liuhangbin 2013-08-06

启动Tomcat，访问https://wm-20111224ulzx:8433/ 一直提示无法显示此网页。什么情况啊求指点啊前面都对 wm-20111224ulzx计算机名

37 楼 sunwang810812 2013-05-03

cowboy5352 写道

javax.servlet.ServletException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:254)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)

root cause

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1026)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:70)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:219)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)

楼主，帮忙解答一下问题吧~~~我憋了两个星期了。CAS还没弄出来。
帮帮慢吧。

帅哥,上面的错误,楼主说的也不对,请参看http://magicmonster.com/kb/prg/java/ssl/pkix_path_building_failed.html,你需要从浏览器中把证书导出来,然后导入jdk/jre/lib/security/下,不知道什么原因,我们自己生成的证书,在浏览器中加入后,序列号发生变化了,因而,验证出错了,我出现了和一样的错误,这么改就哦了,注意,cas服务端,你不需要改任何东西,就改客户端这个就行

36 楼天晴天 2013-02-27

挺好，收藏啦

35 楼 leaow567 2012-03-14

serverName可以用ip地址的

34 楼 yatou_0209 2011-11-02

CAS服务环境搭建对别的环境会不会有影响？

33 楼张小宇 2011-10-27

您好~ 有个问题希望能得到您的帮助 TT
在进入中心服务器准备验证之前，应该取到一串token，而这里取到的是一串乱码，导致后边无法正确认证，如下：
2011-10-27 18:37:02,484 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCrede
ntialsAction] - <SPNEGO Authorization header found with 1672 bytes>
2011-10-27 18:37:02,484 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCrede
ntialsAction] - <Obtained token: `??+爞??袪$0" *咹傳 *咹嗺

+?
???? *咹嗺

额。。。复制不上来，就是很长的一串乱码，不知道是从哪里取到的，应该如何处理这些乱码呢，求教求教，多谢多谢~

32 楼 bobbymxl 2011-03-25

楼主，你好。看了你的帖子对我帮助很大。。我是最近才开始接触cas的。。呵呵。。但是我遇到了如下的问题：在cas界面登陆完后，界面跳转时发生错误：

SEVERE: Servlet.service() for servlet jsp threw exceptionorg.xml.sax.SAXParseException: The reference to entity "ticket" must end with the ';' delimiter.at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1231)at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:522)at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:221)at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:88)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:861)at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1584)at java.lang.Thread.run(Thread.java:619)

开始我怀疑是我keytool的jre跟tomcat的jre不统一造成的。。但是经我查看时统一的。。。。楼主能帮忙看下是怎么回事吗
十分感谢

31 楼 kevindurant 2009-11-18

jdk 安装路径下面有两个jre，，所以有安全证书有两处，，安装版和解压版的tomcat 默认的jre 路径是不一样的。。所以两个地方都加上你的证书就没问题了。。

30 楼 standon80 2009-09-23

standon80 写道

cowboy5352 写道

javax.servlet.ServletException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:254)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)

root cause

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1026)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:70)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:219)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)

我刚又碰到了，可能是你证书在不在 eclispe集成的 tomcat 里，而是在独立的 tomcat里，百度一下出来的

楼主，帮忙解答一下问题吧~~~我憋了两个星期了。CAS还没弄出来。
帮帮慢吧 ~谢谢楼主了。

本人前几天配了一个，一点想法，看是否有帮助
我的环境 winxp tomcat5.5 ...
首先怀疑是的证书位置没有放到你的tomcat认识的位置。
unable to find valid certification path to requested target
官网上有篇文章谈到了
•When prompted for JRE, changed default to %JAVA_HOME%/jre (IMPORTANT: this should be home of new cacerts from step 2)
这里说的是安装tomcat时（采用exe文件的形式安装）提示 jre在那里，它要和你当时配置证书的存放位置一直，就是keytool -import -file server.crt -keypass changeit -keystore ..\jre\lib\security\cacerts
Enter keystore password: changeit
这里就指定了存放位置，我自己是重新安装了tomcat exe版后做的，没出问题，所以具体是不是也不知道，建议，多看看官网文档，全面一些，祝好运！

29 楼 standon80 2009-09-23

cowboy5352 写道

28 楼 cowboy5352 2009-09-22

bluton 写道

好像client2.1.1版本的jar包是有问题的，CASReceipt.java类没有序列化，在用tomcat5.5部署时报异常的。自己改了下代码重新编译下就好了。
有没有client3.1.0的例子啊，和2.1.1版本完全不一样了

哥们能给我发一个你改过的，CASReceipt.java类吗？

27 楼 cowboy5352 2009-09-22

26 楼 auf421 2009-08-18

有个问题请教下楼主

项目描述：
现有服务A（论坛）和服务B（博客）及cas认证中心，对于服务A和B中相关文章是可以在未登录状态下进行浏览的，只是在留言或是发帖的时候才需进行登录

目前状况：
在具体客户服务端配置了casfilter，只对特定页面（比如说发帖、或是博客留言）配置了此filter。

存在问题：
比如说用户从在服务A通过cas认证中心登录了，此时链接到服务B，因为B服务中也是只只针对部分操作设置了casfitler，其结果就是当跳转到B服务的时候，并不能从cas认证中心获取到此用户信息，那么在服务B也无法设置本地服务的一些用户角色其授权信息

疑惑：
通过cas能否有比较好的方法，对于出现的这种情况，可以通过设置，比如说在访问到服务B的时候，仅仅到cas认证中心进行认证，看当前是否登录，如果登录的话，返回用户的登录信息；没有登录的话，直接返回用户原来所访问的页面，而不是目前的登录页面

25 楼 yuting_lv 2009-06-17

谢谢楼主，学习试了下，用的tomcat5.5, examples文件夹直接从tomcat6拷贝过来，可以成功，继续学习第二篇笔记

24 楼 soartju 2009-04-27

够详细，谢谢楼主了：）

23 楼 bluton 2009-04-09

22 楼 linliangyi2007 2009-03-12

猫尾摆摆写道

第四步似乎有问题，按照你的配置，是不是出现网页受保护的提示的，而且也是通过https连接。

应该加上
<filter-mapping> 
    <filter-name>CAS Filter</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping>

兄弟，看到下面这个了嘛！

<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>/servlets/servlet/HelloWorldExample</url-pattern>
</filter-mapping>

例子中就只有过滤这个页面啊，而且使用/*是一种很糟糕的配置哦，至少要是/*.do /*.jsp哦，否则cas的工作量就大了。

出现网页受保护的提示的是你IE的安全信任设置问题，还有我们在实验中用的证书是非正式的。

21 楼 jeffleee 2009-03-12

（注释：将tomcatsso.crt导入jre的可信任证书仓库。注意，安装JDK是有两个jre目录，一个在jdk底下，一个是独立的jre，这里的目录必须同Tomcat使用的jre目录一致，否则后面Tomcat的HTTPS通讯就找不到证书了）

xjq19861009 写道

其他都没什么问题就最后一步输入同样的用户名和密码就报下面的错误谢谢帮我看看

Java代码  javax.servlet.ServletException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://cuytr:8443/CAS/serviceValidate] ticket=[ST-1-7YW9lw0fMbTeW0P1wHxx] service=[http%3A%2F%2Fcuytr%3A8080%2FConairOA%2F] renew=false]]]      edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)      root cause     edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://cuytr:8443/CAS/serviceValidate] ticket=[ST-1-7YW9lw0fMbTeW0P1wHxx] service=[http%3A%2F%2Fcuytr%3A8080%2FConairOA%2F] renew=false]]]      edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)      edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)      edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)      root cause     javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target      com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)      com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)      com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)      com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)      com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)      com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)      com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)      com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)      com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)      com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)      com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)      com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)      sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)      sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)      sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)      sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)      edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)      edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)      edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)      edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)      edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)      root cause     sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target      sun.security.validator.PKIXValidator.doBuild(Unknown Source)      sun.security.validator.PKIXValidator.engineValidate(Unknown Source)      sun.security.validator.Validator.validate(Unknown Source)      com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)      com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)      com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)      com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)      com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)      com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)      com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)      com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)      com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)      com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)      sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)      sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)      sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)      sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)      edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)      edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)      edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)      edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)      edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)      root cause     sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target      sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)      java.security.cert.CertPathBuilder.build(Unknown Source)      sun.security.validator.PKIXValidator.doBuild(Unknown Source)      sun.security.validator.PKIXValidator.engineValidate(Unknown Source)      sun.security.validator.Validator.validate(Unknown Source)      com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)      com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)      com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)      com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)      com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)      com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)      com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)      com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)      com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)      com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)      sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)      sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)      sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)      sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)      edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)      edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)      edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)      edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)      edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)   javax.servlet.ServletException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://cuytr:8443/CAS/serviceValidate] ticket=[ST-1-7YW9lw0fMbTeW0P1wHxx] service=[http%3A%2F%2Fcuytr%3A8080%2FConairOA%2F] renew=false]]]
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)

root cause

edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://cuytr:8443/CAS/serviceValidate] ticket=[ST-1-7YW9lw0fMbTeW0P1wHxx] service=[http%3A%2F%2Fcuytr%3A8080%2FConairOA%2F] renew=false]]]
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)

root cause

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)

root cause

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
sun.security.validator.PKIXValidator.doBuild(Unknown Source)
sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
sun.security.validator.Validator.validate(Unknown Source)
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)

root cause

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
java.security.cert.CertPathBuilder.build(Unknown Source)
sun.security.validator.PKIXValidator.doBuild(Unknown Source)
sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
sun.security.validator.Validator.validate(Unknown Source)
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论