CAS单点登录之mysql数据库用户验证及常见问题

  前面已经介绍了CAS服务器的搭建,详情见:搭建CAS单点登录服务器。然而前面只是简单地介绍了服务器的搭建,其验证方式是原始的配置文件的方式,这显然不能满足日常的需求。下面介绍下通过mysql数据库认证的方式。

  一、CAS认证之mysql数据库认证

  1、在mysql中新建一个cas数据库并创建user表

CREATE DATABASE /*!32312 IF NOT EXISTS*/`cas` /*!40100 DEFAULT CHARACTER SET gbk */;

USE `cas`;

/*Table structure for table `user` */

DROP TABLE IF EXISTS `user`;

CREATE TABLE `user` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(255) NOT NULL,
  `password` varchar(255) NOT NULL,
  `used` tinyint(2) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=gbk;

/*Data for the table `user` */

insert  into `user`(`id`,`name`,`password`,`used`) values (1,‘casuser‘,‘9414f9301cdb492b4dcd83f8c711d8bb‘,1);

  2、CAS的HTTP模式与HTTPS设置(可省略)

      1)cas\WEB-INF\deployerConfigContext.xml,新增p:requireSecure="false"
    <bean id="proxyAuthenticationHandler"          class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
          p:httpClient-ref="httpClient" p:requireSecure="false"/>
      2)cas\WEB-INF\spring-configuration
    ticketGrantingTicketCookieGenerator.xml设置p:cookieSecure="false"
    warnCookieGenerator.xml设置p:cookieSecure="false"

  http://localhost:8080/cas/login,进入登录页面。

  默认用户为casuser/Mellon,登录成功即配置完成。

  3、设置利用数据库来验证用户

依赖包:
c3p0-0.9.1.2.jar
mysql-connector-java-5.1.21.jar
cas-server-support-jdbc-4.0.0.jar

cas\WEB-INF\deployerConfigContext.xml
  1)更换验证方式
<!--
   <bean id="primaryAuthenticationHandler"
          class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">
        <property name="users">
            <map>
                <entry key="casuser" value="Mellon"/>
            </map>
        </property>
    </bean>
    -->
   <!-- Define the DB Connection -->
   <bean id="dataSource"
     class="com.mchange.v2.c3p0.ComboPooledDataSource"
     p:driverClass="com.mysql.jdbc.Driver"
     p:jdbcUrl="jdbc:mysql://127.0.0.1:3306/cas?useUnicode=true&amp;characterEncoding=UTF-8&amp;zeroDateTimeBehavior=convertToNull"
     p:user="root"
     p:password="root" />

     <!-- Define the encode method-->
     <!--<bean id="passwordEncoder"
       class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" autowire="byName">
      <constructor-arg value="MD5"/>
     </bean> -->
    <bean id="passwordEncoder"
      class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"
      c:encodingAlgorithm="MD5"
      p:characterEncoding="UTF-8" />

     <bean id="dbAuthHandler"
      class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
      p:dataSource-ref="dataSource"
      p:sql="select password from user where name=? and used=1"
     p:passwordEncoder-ref="passwordEncoder"/>
     <!-- p:passwordEncoder-ref="passwordEncoder" -->
    2)更换验证Handle
<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">
        <constructor-arg>
            <map>
                <!--
                   | IMPORTANT
                   | Every handler requires a unique name.
                   | If more than one instance of the same handler class is configured, you must explicitly
                   | set its name to something other than its default name (typically the simple class name).
                   -->
                <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
                <entry key-ref="dbAuthHandler" value-ref="primaryPrincipalResolver" />
           <!-- <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" /> -->
            </map>
        </constructor-arg>

  http://localhost:8080/cas,进入登录页面。如果没有配置http登录,则需要通过http://localhost:8443/cas进行访问

  默认用户为casuser/Mellon,登录成功即配置完成。

  二、常见异常

  1、证书路径不正确,由于证书未正常导入到jre\lib\security下,因此会出现以下异常。

十一月 09, 2015 4:00:31 下午 org.jasig.cas.client.util.CommonUtils getResponseFromServer
严重: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1506)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:311)
    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:291)
    at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:32)
    at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:187)
    at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:164)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:65)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2522)
    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2511)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1488)
    ... 41 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
    ... 47 more

  2、客户端中web.xml的casServerUrlPrefix配置错误

java.lang.RuntimeException: java.io.FileNotFoundException: https://localhost:8443/serviceValidate?ticket=ST-1-1HUXO9iETnaNI2jbuvqK-cas01.example.org&service=http%3A%2F%2Flocalhost%3A8080%2FCasClient%2FIndex.jsp
    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:328)
    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:291)
    org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:32)
    org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:187)
    org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:164)
    org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102)

root cause 

java.io.FileNotFoundException: https://localhost:8443/serviceValidate?ticket=ST-1-1HUXO9iETnaNI2jbuvqK-cas01.example.org&service=http%3A%2F%2Flocalhost%3A8080%2FCasClient%2FIndex.jsp
    sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1835)
    sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)
    sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:311)
    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:291)
    org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:32)
    org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:187)
    org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:164)
    org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102)

  正确的应为:

  

  3、缺少数据库连接包

    缺少cas-server-support-jdbc-4.0.0.jar、mysql-connector-java-5.1.21.jar、c3p0-0.9.1.2.jar包(在cas-server-4.0.0-release.zip下的modules目录可以找到)

  

2015-11-10 09:26:24,484 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 1 services.>
2015-11-10 09:26:24,812 ERROR [org.springframework.web.context.ContextLoader] - <Context initialization failed>
org.springframework.beans.factory.BeanCreationException: Error creating bean with name ‘centralAuthenticationService‘ defined in ServletContext resource [/WEB-INF/spring-configuration/applicationContext.xml]: Cannot resolve reference to bean ‘authenticationManager‘ while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name ‘authenticationManager‘ defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean ‘dbAuthHandler‘ while setting constructor argument; nested exception is org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler] for bean with name ‘dbAuthHandler‘ defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]; nested exception is java.lang.ClassNotFoundException: org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:326)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:107)
    at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:623)
    at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1075)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:979)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:487)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:296)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:293)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:628)
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:932)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:479)
    at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:389)
    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:294)
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:112)
    at org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized(SafeContextLoaderListener.java:75)
    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5003)
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5517)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
    at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
    at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
    at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1095)
    at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1960)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name ‘authenticationManager‘ defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean ‘dbAuthHandler‘ while setting constructor argument; nested exception is org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler] for bean with name ‘dbAuthHandler‘ defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]; nested exception is java.lang.ClassNotFoundException: org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:326)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:107)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedMap(BeanDefinitionValueResolver.java:375)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:162)
    at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:637)
    at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1075)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:979)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:487)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:296)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:293)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:320)
    ... 31 more

  4、由于创建证书的域名(创建证书时的名字与姓氏)和在应用中配置的cas服务域名不一致导致

  

java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching sso.castest.com found
    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:328)
    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:291)
    org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:32)
    org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:187)
    org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:164)
    org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102)

root cause 

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching sso.castest.com found
    sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1506)
    sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512)
    sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)
    sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:311)
    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:291)
    org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:32)
    org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:187)
    org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:164)
    org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102)

root cause 

java.security.cert.CertificateException: No name matching sso.castest.com found
    sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:221)
    sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
    sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
    sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
    sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)
    sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
    sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1488)
    sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512)
    sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)
    sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:311)
    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:291)
    org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:32)
    org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:187)
    org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:164)
    org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102)

  三、参考文献

http://ykt.wh.sdu.edu.cn/desktop/doc/introduction.html

http://steven-wiki.readthedocs.org/en/latest/security/cas-tomcat/

http://blog.csdn.net/frinder/article/details/7969925

mysql配置:

  http://steven-wiki.readthedocs.org/en/latest/security/cas-tomcat/

  http://www.cnblogs.com/chenyongjun/p/4770107.html

使用 CAS 在 Tomcat 中实现单点登录:

  http://www.ibm.com/developerworks/cn/opensource/os-cn-cas/

时间: 2024-08-24 16:28:07

CAS单点登录之mysql数据库用户验证及常见问题的相关文章

CAS单点登录(SSO)完整教程

转:http://blog.csdn.net/frinder/article/details/7969925 CAS单点登录(SSO)完整教程(2012-02-01更新) 一.教程说明 前言 教程目的:从头到尾细细道来单点登录服务器及客户端应用的每个步骤 单点登录(SSO):请看百科解释猛击这里打开 本教程使用的SSO服务器是Yelu大学研发的CAS(Central Authentication Server), 官网:http://www.jasig.org/cas 本教程环境: Tomcat

SSO之CAS单点登录详细搭建教程

本教程是我个人编写,花费几个小时的时间,给需要学习的人员学习使用,希望能帮助到你们. [环境说明]:本文演示过程在同一个机器上的(也可以在三台实体机器或者三个的虚拟机上),环境如下: windows7 64位 jdk1.7.0_51 apache-tomcat-7.0.57-windows-x64 cas-server-webapp-4.0.0.war.cas-client-core-3.2.1.jar.commons-logging.jar 确保本地jdk环境已经搭建好 [软件说明]:文档中涉

CAS单点登录配置

无https验证的CAS单点登录配置 一.下载开发环境 CAS服务器:cas-server-3.4.10-release.zip CAS客户端:cas-client-3.2.1-release.zip 二.部署CAS服务器 解压cas-server-3.4.10-release.zip将modules目录下的cas-server-webapp-3.4.10.war改名称为cas.war复制到tomcat的webapps下,启动tomcat,访问:http://localhost:8080/cas

CAS单点登录系列之极速入门于实战教程(4.2.7)

@ 目录 一. SSO简介 1.1 单点登录定义 1.2 单点登录角色 1.3 单点登录分类 二. CAS简介 2.1 CAS简单定义 2.2 CAS体系结构 2.3 CAS原理 三.CAS服务端搭建 3.1 CAS支持Http登录配置 3.2 CAS服务端部署运行 四.CAS客户端接入 五.客户端极速接入 一. SSO简介 1.1 单点登录定义 单点登录(Single sign on),英文名称缩写SSO,SSO的意思就是在多系统的环境中,登录单方系统,就可以在不用再次登录的情况下访问相关受信

cas单点登录实现

前言 此文为记录单点登录实现过程,包括cas服务端和客户端的定制扩展 服务端 单点登录服务端采用cas,以cas-server-webapp版本号为3.5.2.1为基础进行定制扩展实现. 定制实现的源码功能以上传至svn代码库,路径为:svn://192.168.9.16/minxin/Repositories/minxinloan/trunk/mxcas-server-webapp. 此版本的定制扩展实现采用http协议(关闭了https协议),下面对此版的定制扩展进行详细的描述. 关闭htt

cas系列(一)--cas单点登录基本原理

(这段时间打算做单点登录,因此研究了一些cas资料并作为一个系列记录下来,一来可能会帮助一些人,二来对我自己所学知识也是一个巩固.) 一.为什么要实现单点登录 随着信息化不断发展,企业的信息化过程是一个循序渐进的过程,在企业各个业务网站逐步建设的过程中,根据各种业务信息水平的需要构建了相应的应用系统,由于这些应用系统一般是 在不同的时期开发完成的,各应用系统由于功能侧重.设计方法和开发技术都有所不同,也就形成了各自独立的用户库和用户认证体系.随着新的业务网站不断的增 加,用户在每个应用系统中都有

SSO之CAS单点登录实例演示

一.概述 此文的目的就是为了帮助初步接触SSO和CAS 的人员提供一个入门指南,一步一步演示如何实现基于CAS的单点登录. CAS的官网:http://www.jasig.org/cas 二.演示环境 本文演示过程在同一个机器上的(也可以在三台实体机器或者三个的虚拟机上),环境如下: windows7 64位,主机名称:michael-pc JDK 1.6.0_18 Tomcat 6.0.29 CAS-server-3.4.11.CAS-client-3.2.1 根据演示需求, 用修改hosts

cas 单点登录(SSO)实验之二: cas-client

cas 单点登录(SSO)实验之二: cas-client 參考文章: http://my.oschina.net/indestiny/blog/200768#comments http://wenku.baidu.com/view/0bcc0d01e87101f69e319595.html 接上一篇文章: cas 单点登录(SSO)实验之中的一个: jasig cas-server 安装 本文说明怎样写一个web服务(cas-study).使用cas-server提供的验证服务.当用户訪问这个

CAS 单点登录

首先,何谓单点登录.单点登录(Single Sign On),简称为 SSO,是目前比较流行的企业业务整合的解决方案之一.SSO的定义是在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统. cas登录系统中有两个角色,一个是cas server 就是提供登录服务,登录页面,client 校验的一个web应用. 一个是cas client,使用过滤器,在客户应用呗访问的时候会先判断该系统是否登录,无登录则直接重定向到cas server服务上. 在CAS中MVC的控制主要是使用的