项目中要用到YALE 的CAS,
Server端 Tomcat
https://localhost:8443/cas/login 输入nike/nike 提示登录成功
Client端,也是在同一台机器的tomcat下
http://localhost:8080/MyTest/index.jsp页面会出现安全提示警告,确认后跳转到https://localhost:8443/cas/login
输入nike/nike,返回错误提示
- Java code
exception javax.servlet.ServletException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:254) edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)root cause javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source) edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:70) edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212) edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:219) edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184)
下面是我证书生成的过程
- Java code
D:\Tomcat 5.5>keytool -genkey -alias tomcat -keypass changeit -keyalg RSA Enter keystore password: changeit What is your first and last name? [Unknown]: localhost What is the name of your organizational unit? [Unknown]: dev What is the name of your organization? [Unknown]: ghl What is the name of your City or Locality? [Unknown]: sz What is the name of your State or Province? [Unknown]: js What is the two-letter country code for this unit? [Unknown]: ch Is CN=localhost, OU=dev, O=ghl, L=sz, ST=js, C=ch correct? [no]: yD:\Tomcat 5.5>keytool -export -alias tomcat -keypass changeit -file server.crt Enter keystore password: changeit Certificate stored in file <server.crt>D:\Tomcat 5.5>keytool -import -file server.crt -keypass changeit -keystore "D:\Program Files\Java\jdk1.5.0_07\jre\lib\security\cacerts" Enter keystore password: changeit Owner: CN=localhost, OU=dev, O=ghl, L=sz, ST=js, C=ch Issuer: CN=localhost, OU=dev, O=ghl, L=sz, ST=js, C=ch Serial number: 4ad6c7b8 Valid from: Thu Oct 15 14:56:56 CST 2009 until: Wed Jan 13 14:56:56 CST 2010 Certificate fingerprints: MD5: B3:94:76:16:3B:42:0D:F0:EB:EF:3F:23:64:05:F9:38 SHA1: 52:5A:14:38:AB:4D:19:E7:64:2D:E8:51:88:D1:6D:3F:ED:4B:ED:5D Trust this certificate? [no]: yes Certificate was added to keystoreD:\Tomcat 5.5>【/code]客户端配置[code=Java]<?xml version="1.0" encoding="UTF-8"?><web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <filter> <filter-name>CASFilter</filter-name> <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class> <init-param> <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name> <param-value>https://localhost:8443/cas/login</param-value> </init-param> <init-param> <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name> <param-value>https://localhost:8443/cas/proxyValidate</param-value> </init-param> <init-param> <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name> <param-value>localhost:8080</param-value> </init-param> </filter> <filter-mapping> <filter-name>CASFilter</filter-name> <url-pattern>/* </url-pattern> </filter-mapping> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list></web-app>