前面已经介绍了CAS服务器的搭建,详情见:搭建CAS单点登录服务器。然而前面只是简单地介绍了服务器的搭建,其验证方式是原始的配置文件的方式,这显然不能满足日常的需求。下面介绍下通过mysql数据库认证的方式。

  一、CAS认证之mysql数据库认证

  1、在mysql中新建一个cas数据库并创建user表

CREATE DATABASE /*!32312 IF NOT EXISTS*/`cas` /*!40100 DEFAULT CHARACTER SET gbk */;

USE `cas`;

/*Table structure for table `user` */

DROP TABLE IF EXISTS `user`;

CREATE TABLE `user` (

  `id` int(11) NOT NULL AUTO_INCREMENT,

  `name` varchar(255) NOT NULL,

  `password` varchar(255) NOT NULL,

  `used` tinyint(2) NOT NULL,

  PRIMARY KEY (`id`)

) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=gbk;

/*Data for the table `user` */

insert  into `user`(`id`,`name`,`password`,`used`) values (1,'casuser','9414f9301cdb492b4dcd83f8c711d8bb',1);

  2、CAS的HTTP模式与HTTPS设置(可省略)

      1)cas\WEB-INF\deployerConfigContext.xml,新增p:requireSecure="false"

    <bean id="proxyAuthenticationHandler"          class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"

          p:httpClient-ref="httpClient" p:requireSecure="false"/>

      2)cas\WEB-INF\spring-configuration

    ticketGrantingTicketCookieGenerator.xml设置p:cookieSecure="false"

    warnCookieGenerator.xml设置p:cookieSecure="false"

  http://localhost:8080/cas/login,进入登录页面。

  默认用户为casuser/Mellon,登录成功即配置完成。

  3、设置利用数据库来验证用户

依赖包:
c3p0-0.9.1.2.jar
mysql-connector-java-5.1.21.jar
cas-server-support-jdbc-4.0.0.jar

cas\WEB-INF\deployerConfigContext.xml

  1)更换验证方式

<!--

   <bean id="primaryAuthenticationHandler"

          class="org.jasig.cas.authentication.AcceptUsersAuthenticationHandler">

        <property name="users">

            <map>

                <entry key="casuser" value="Mellon"/>

            </map>

        </property>

    </bean>

    -->

   <!-- Define the DB Connection -->

   <bean id="dataSource"

     class="com.mchange.v2.c3p0.ComboPooledDataSource"

     p:driverClass="com.mysql.jdbc.Driver"

     p:jdbcUrl="jdbc:mysql://127.0.0.1:3306/cas?useUnicode=true&amp;characterEncoding=UTF-8&amp;zeroDateTimeBehavior=convertToNull"

     p:user="root"

     p:password="root" />

     <!-- Define the encode method-->

     <!--<bean id="passwordEncoder"

       class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" autowire="byName">

      <constructor-arg value="MD5"/>

     </bean> -->

    <bean id="passwordEncoder"

      class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"

      c:encodingAlgorithm="MD5"

      p:characterEncoding="UTF-8" />

     <bean id="dbAuthHandler"

      class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"

      p:dataSource-ref="dataSource"

      p:sql="select password from user where name=? and used=1"

     p:passwordEncoder-ref="passwordEncoder"/>

     <!-- p:passwordEncoder-ref="passwordEncoder" -->

    2)更换验证Handle

<bean id="authenticationManager" class="org.jasig.cas.authentication.PolicyBasedAuthenticationManager">

        <constructor-arg>

            <map>

                <!--

                   | IMPORTANT

                   | Every handler requires a unique name.

                   | If more than one instance of the same handler class is configured, you must explicitly

                   | set its name to something other than its default name (typically the simple class name).

                   -->

                <entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />

                <entry key-ref="dbAuthHandler" value-ref="primaryPrincipalResolver" />

           <!-- <entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" /> -->

            </map>

        </constructor-arg>

  http://localhost:8080/cas,进入登录页面。如果没有配置http登录,则需要通过http://localhost:8443/cas进行访问

  默认用户为casuser/Mellon,登录成功即配置完成。

  二、常见异常

  1、证书路径不正确,由于证书未正常导入到jre\lib\security下,因此会出现以下异常。

十一月 09, 2015 4:00:31 下午 org.jasig.cas.client.util.CommonUtils getResponseFromServer

严重: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1506)

    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)

    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)

    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)

    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)

    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)

    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)

    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)

    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512)

    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)

    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:311)

    at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:291)

    at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:32)

    at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:187)

    at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:164)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:65)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)

    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)

    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)

    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)

    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)

    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)

    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)

    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2522)

    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2511)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

    at java.lang.Thread.run(Thread.java:745)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)

    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)

    at sun.security.validator.Validator.validate(Validator.java:260)

    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)

    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)

    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1488)

    ... 41 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)

    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)

    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)

    ... 47 more

  2、客户端中web.xml的casServerUrlPrefix配置错误

java.lang.RuntimeException: java.io.FileNotFoundException: https://localhost:8443/serviceValidate?ticket=ST-1-1HUXO9iETnaNI2jbuvqK-cas01.example.org&service=http%3A%2F%2Flocalhost%3A8080%2FCasClient%2FIndex.jsp

    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:328)

    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:291)

    org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:32)

    org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:187)

    org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:164)

    org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102)

root cause 

java.io.FileNotFoundException: https://localhost:8443/serviceValidate?ticket=ST-1-1HUXO9iETnaNI2jbuvqK-cas01.example.org&service=http%3A%2F%2Flocalhost%3A8080%2FCasClient%2FIndex.jsp

    sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1835)

    sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)

    sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)

    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:311)

    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:291)

    org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:32)

    org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:187)

    org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:164)

    org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102)

  正确的应为:

  3、缺少数据库连接包

    缺少cas-server-support-jdbc-4.0.0.jar、mysql-connector-java-5.1.21.jar、c3p0-0.9.1.2.jar包(在cas-server-4.0.0-release.zip下的modules目录可以找到)

  

2015-11-10 09:26:24,484 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 1 services.>

2015-11-10 09:26:24,812 ERROR [org.springframework.web.context.ContextLoader] - <Context initialization failed>

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'centralAuthenticationService' defined in ServletContext resource [/WEB-INF/spring-configuration/applicationContext.xml]: Cannot resolve reference to bean 'authenticationManager' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationManager' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean 'dbAuthHandler' while setting constructor argument; nested exception is org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler] for bean with name 'dbAuthHandler' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]; nested exception is java.lang.ClassNotFoundException: org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler

    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:326)

    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:107)

    at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:623)

    at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)

    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1075)

    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:979)

    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:487)

    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)

    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:296)

    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)

    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:293)

    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)

    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:628)

    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:932)

    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:479)

    at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:389)

    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:294)

    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:112)

    at org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized(SafeContextLoaderListener.java:75)

    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5003)

    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5517)

    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)

    at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)

    at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)

    at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)

    at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1095)

    at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1960)

    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

    at java.util.concurrent.FutureTask.run(FutureTask.java:266)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

    at java.lang.Thread.run(Thread.java:745)

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationManager' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean 'dbAuthHandler' while setting constructor argument; nested exception is org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler] for bean with name 'dbAuthHandler' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]; nested exception is java.lang.ClassNotFoundException: org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler

    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:326)

    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:107)

    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedMap(BeanDefinitionValueResolver.java:375)

    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:162)

    at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:637)

    at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)

    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1075)

    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:979)

    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:487)

    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)

    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:296)

    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)

    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:293)

    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)

    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:320)

    ... 31 more

  4、由于创建证书的域名(创建证书时的名字与姓氏)和在应用中配置的cas服务域名不一致导致

  

java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching sso.castest.com found

    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:328)

    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:291)

    org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:32)

    org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:187)

    org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:164)

    org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102)

root cause 

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching sso.castest.com found

    sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

    sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)

    sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)

    sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)

    sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1506)

    sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)

    sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)

    sun.security.ssl.Handshaker.process_record(Handshaker.java:914)

    sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)

    sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)

    sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)

    sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)

    sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)

    sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)

    sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512)

    sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)

    sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)

    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:311)

    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:291)

    org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:32)

    org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:187)

    org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:164)

    org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102)

root cause 

java.security.cert.CertificateException: No name matching sso.castest.com found

    sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:221)

    sun.security.util.HostnameChecker.match(HostnameChecker.java:95)

    sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)

    sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)

    sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)

    sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)

    sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1488)

    sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)

    sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)

    sun.security.ssl.Handshaker.process_record(Handshaker.java:914)

    sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)

    sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)

    sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)

    sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)

    sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)

    sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)

    sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512)

    sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)

    sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)

    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:311)

    org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:291)

    org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:32)

    org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:187)

    org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:164)

    org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102)

  三、参考文献

http://ykt.wh.sdu.edu.cn/desktop/doc/introduction.html

http://steven-wiki.readthedocs.org/en/latest/security/cas-tomcat/

http://blog.csdn.net/frinder/article/details/7969925

mysql配置:

  http://steven-wiki.readthedocs.org/en/latest/security/cas-tomcat/

  http://www.cnblogs.com/chenyongjun/p/4770107.html

使用 CAS 在 Tomcat 中实现单点登录:

  http://www.ibm.com/developerworks/cn/opensource/os-cn-cas/

CAS单点登录之mysql数据库用户验证及常见问题的更多相关文章

  1. CAS单点登录之支持数据库认证

    本博客介绍一下基于CAS4.2.7的配置,之前博客CAS4.2.7服务端配置已经介绍了怎么部署CAS服务端,不过在登录机制是用固定的账号密码登录,实际项目肯定不可以这样做,所以本博客怎么配置CAS服务 ...

  2. Cas单点登录配置数据查询用户

    <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.sp ...

  3. CAS 单点登录【2】自定义用户验证

       基础不太熟的同学可以先去看:CAS 单点登录[1]入门 方案1:CAS默认的JDBC扩展方案: CAS自带了两种简单的通过JDBC方式验证用户的处理器. 1.QueryDatabaseAuthe ...

  4. CAS单点登录(SSO)服务端的部署和配置---连接MySQL进行身份认证

    一.修改系统host,加入 127.0.0.1 server.test.com127.0.0.1 client1.test.com127.0.0.1 client2.test.com 二.安装grad ...

  5. SSO之CAS单点登录详细搭建教程

    本教程是我个人编写,花费几个小时的时间,给需要学习的人员学习使用,希望能帮助到你们. [环境说明]:本文演示过程在同一个机器上的(也可以在三台实体机器或者三个的虚拟机上),环境如下: windows7 ...

  6. CAS单点登录(SSO)完整教程

    转:http://blog.csdn.net/frinder/article/details/7969925 CAS单点登录(SSO)完整教程(2012-02-01更新) 一.教程说明 前言 教程目的 ...

  7. CAS单点登录服务器搭建

    关于cas单点登录的原理及介绍这里不做说明了,直接开始: 1.war包下载 去官网(https://www.apereo.org/projects/cas/download-cas)下载cas_ser ...

  8. Spring boot security权限管理集成cas单点登录

    挣扎了两周,Spring security的cas终于搞出来了,废话不多说,开篇! Spring boot集成Spring security本篇是使用spring security集成cas,因此,先 ...

  9. CAS单点登录系列之极速入门于实战教程(4.2.7)

    @ 目录 一. SSO简介 1.1 单点登录定义 1.2 单点登录角色 1.3 单点登录分类 二. CAS简介 2.1 CAS简单定义 2.2 CAS体系结构 2.3 CAS原理 三.CAS服务端搭建 ...

随机推荐

  1. 新建maven项目

    1.新建maven project 注意:勾上create a new simple project 2.填写相关信息, Grounp id为大项目名字,Artifact id为小项目的名字.注意:P ...

  2. 项目总结—jQuery EasyUI- DataGrid使用

    http://blog.csdn.net/zwk626542417/article/details/18839349 概要 jQuery EasyUI是一个基于jquery的集成了各种用户界面的框架, ...

  3. curl 学习保存

    原文地址 http://www.jb51.net/article/48866.htm php中的curl使用入门教程和常见用法实例 作者: 字体:[增加 减小] 类型:转载   起先cURL是做为一种 ...

  4. chrome 阻止跨域操作的解决方法 --disable-web-security

    做chrome插件时,遇到https页面上请求htttp页面资源时被blocked的问题,初苦寻解决方法未果,最后找到: 给chrome加上 --disable-web-security 参数

  5. U盘中的autorun.inf

    怎么删除u盘里的autorun.inf 如果U盘中毒,刚插进机子时按住SHIFT五秒,这样就可以跳过预读,这样防止了预读时把病毒感染到机子上,在U盘盘符上点右键,看看有没有“Auto”选项: 1.如果 ...

  6. hdu 1049 Climbing Worm

    解题思路: 1. 两种情况,0x1:井深度小于一次跳的高度.0x2:井深度大于一次跳的高度 2.如果 属于 0x1 则一次跳出 3.否则 本次解题中直接枚举跳的次数 一直循环,直到 [每次跳的真实高度 ...

  7. 生成元(Digit Generator ,ACM/ICPC Seoul 2005 ,UVa 1583)

    生成元:如果 x 加上 x 各个数字之和得到y,则说x是y的生成元. n(1<=n<=100000),求最小生成元,无解输出0. 例如:n=216 , 解是:198 198+1+9+8=2 ...

  8. (翻译)初学者的object-C指南

    初学者的object-C指南 英文原文:http://blog.teamtreehouse.com/the-beginners-guide-to-objective-c-language-and-va ...

  9. C语言or和and运算

    #include <stdio.h> void main () { printf( | ); printf( | ); printf( | ); printf( | ); printf( ...

  10. Percona XtraDB Cluster(转)

    Percona XtraDB Cluster是针对MySQL用户的高可用性和扩展性解决方案,基于Percona Server .其包括了Write Set REPlication补丁,使用Galera ...