大家好,
我刚刚接触cas,按照网上的配置的方法在我的机器上试了一下,CAS的登录页面出面之后,输入用户名和密码之后就无法进入execute的页面配置过程如下:
设置环境变量C:\jdk1.5.0\bin
在当前administrator的目录下运行
C:\jdk1.5.0\bin\keytool -genkey -alias tomcat -keyalg RSA
然后按照提示填写密码:changeit其他的都写localhost
C:\jdk1.5.0\bin\keytool -export -alias tomcat -file server.crt
C:\jdk1.5.0\bin\keytool -import -file server.crt -keystore C:\jdk1.5.0\jre\lib\security\cacerts -file server.crt -alias tomcat
都提示操作成功。然后修改服务端Tomcat配置文件,启用SSL。修改$CATALINA_HOME\conf\server.xml,去掉有关SSL的那一段的注释,需要在connector字段中加入keystorePass="changeit” keystoreFile=""conf/.keystore"(把第一步生成的.keystore复制到tomcat5.5 \conf下)。
重启Tomcat,测试https:/localhost:8443可以访问,填上相同的用户民和密码可以进到成功页面。CAS Server安装
下载CAS Server 3.0.4,将其中的cas.war复制到 tomcat5.5\webapps下,利用Tomcat自带的servlets-examples(tomcat5.5\webapps\servlets-examples)和jsp-examples(tomcat5.5\webapps\jsp-examples)进行试验,下载最新版本的Java CAS Client,将casclient.jar复制到这两个项目的WEB-INF目录的lib下(在servlets-examples需要新建此目录)。修改两个项目的WEB-INF\web.xml,添加如下的过滤器:
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
<param-value>https://localhost:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
<param-value>https://localhost:8443/cas/proxyValidate</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
<param-value>localhost:8080</param-value>
</init-param>
</filter><filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/servlet/*</url-pattern>
</filter-mapping>在jsp-example中<url-pattern>/servlet/*</url-pattern>改为<url-pattern>/*</url-pattern>重启Tomcat,定位到servlets-examples,执行任何一个例子都会被重定向到CAS登陆页;再定位到jsp-examples,也会被重定向到CAS登陆页;此时登陆(默认的认证Handler只要求username=password,可任意选择用户名);登录后就返回exception页面,
javax.servlet.ServletException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:254)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)
root cause
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:70)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:219)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)
note The full stack trace of the root cause is available in the Apache Tomcat/5.5.9 logs.
请问这是为什么,我搞了两天了,都不知道为什么
我刚刚接触cas,按照网上的配置的方法在我的机器上试了一下,CAS的登录页面出面之后,输入用户名和密码之后就无法进入execute的页面配置过程如下:
设置环境变量C:\jdk1.5.0\bin
在当前administrator的目录下运行
C:\jdk1.5.0\bin\keytool -genkey -alias tomcat -keyalg RSA
然后按照提示填写密码:changeit其他的都写localhost
C:\jdk1.5.0\bin\keytool -export -alias tomcat -file server.crt
C:\jdk1.5.0\bin\keytool -import -file server.crt -keystore C:\jdk1.5.0\jre\lib\security\cacerts -file server.crt -alias tomcat
都提示操作成功。然后修改服务端Tomcat配置文件,启用SSL。修改$CATALINA_HOME\conf\server.xml,去掉有关SSL的那一段的注释,需要在connector字段中加入keystorePass="changeit” keystoreFile=""conf/.keystore"(把第一步生成的.keystore复制到tomcat5.5 \conf下)。
重启Tomcat,测试https:/localhost:8443可以访问,填上相同的用户民和密码可以进到成功页面。CAS Server安装
下载CAS Server 3.0.4,将其中的cas.war复制到 tomcat5.5\webapps下,利用Tomcat自带的servlets-examples(tomcat5.5\webapps\servlets-examples)和jsp-examples(tomcat5.5\webapps\jsp-examples)进行试验,下载最新版本的Java CAS Client,将casclient.jar复制到这两个项目的WEB-INF目录的lib下(在servlets-examples需要新建此目录)。修改两个项目的WEB-INF\web.xml,添加如下的过滤器:
<filter>
<filter-name>CASFilter</filter-name>
<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
<param-value>https://localhost:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
<param-value>https://localhost:8443/cas/proxyValidate</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
<param-value>localhost:8080</param-value>
</init-param>
</filter><filter-mapping>
<filter-name>CASFilter</filter-name>
<url-pattern>/servlet/*</url-pattern>
</filter-mapping>在jsp-example中<url-pattern>/servlet/*</url-pattern>改为<url-pattern>/*</url-pattern>重启Tomcat,定位到servlets-examples,执行任何一个例子都会被重定向到CAS登陆页;再定位到jsp-examples,也会被重定向到CAS登陆页;此时登陆(默认的认证Handler只要求username=password,可任意选择用户名);登录后就返回exception页面,
javax.servlet.ServletException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:254)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)
root cause
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:70)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:219)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)
note The full stack trace of the root cause is available in the Apache Tomcat/5.5.9 logs.
请问这是为什么,我搞了两天了,都不知道为什么
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货