Alfresco + cas无效验证

Question

我使用的是Alfresco 4.2.f，CAS-server 4.0.0和CAS-client（在share / web-inf / lib中添加）。

在server_tomcat上安装CAS-server 4.0.0（端口8081和8444（https协议））。 安装在alfresco_tomcat上的共享（端口8080和8443（https协议）＆lt; ---标准配置（server.xml）：

<Connector port="8080" URIEncoding="UTF-8" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" maxHttpHeaderSize="32768" />
    <Connector port="8009" URIEncoding="UTF-8" protocol="AJP/1.3" redirectPort="8443" />

        <Connector port="8443" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
                   maxThreads="150" scheme="https" keystoreFile="/Applications/alfresco-4.2.f/alf_data/keystore/ssl.keystore" keystorePass="kT9X6oe68t" keystoreType="JCEKS"
     secure="true" connectionTimeout="240000" truststoreFile="/Applications/alfresco-4.2.f/alf_data/keystore/ssl.truststore" truststorePass="kT9X6oe68t" truststoreType="JCEKS"
                   clientAuth="want" sslProtocol="TLS" allowUnsafeLegacyRenegotiation="true" maxHttpHeaderSize="32768" />

）

我在share / WEB-INF / web.xml中发表评论后：

 <!--

   <filter>

      <description>MT authentication support - NOTE: does not support portlets</description>

      <filter-name>MTAuthentationFilter</filter-name>

      <filter-class>org.alfresco.web.site.servlet.MTAuthenticationFilter</filter-class>

   </filter>

   -->

 <!--

   <filter>

      <description>Share SSO authentication support filter.</description>

      <filter-name>Authentication Filter</filter-name>

      <filter-class>org.alfresco.web.site.servlet.SSOAuthenticationFilter</filter-class>

      <init-param>

         <param-name>endpoint</param-name>

         <param-value>alfresco</param-value>

      </init-param>

   </filter>

 -->

并补充说：

            org.jasig.cas.client.session.SingleSignOutHttpSessionListener         

    <filter>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>CAS Single Sign Out Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter>
        <filter-name>CAS Filter</filter-name>
        <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
        <init-param>
            <param-name>casServerLoginUrl</param-name>
            <param-value>https://localhost:8444/cas/login</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://localhost:8080</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>CAS Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>CAS Validation Filter</filter-name>
        <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>https://localhost:8444/cas</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>http://localhost:8080</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>CAS Validation Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <filter>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

下一步是创建对密钥（ssl）： 在终端，我打字：

1）生成密钥库 keytool -genkey -alias sso -keyalg RSA -keysize 1024 -keypass cangeit -valididty 3650 -keystore /path/to/keystore/sso.keystore -storepass changeit

（在这一点上，我应该输入：FirstName和LastName：localhost（它是我的主机名）） 2）创建证书 keytool -export -alias ssl -keystore /path/to/keystore/sso.keystore -file /path/to/keystore/sso.crt-storepass changeit

3）向Trustore添加证书 keytool -import -keystore％JAVA_HOME％/ jre / lib / security / cacerts -file /path/to/keystore/sso.crt -alias sso

在我添加$ tomcat_server $ / conf / server.xml后：

<Connector port="8444" URIEncoding="UTF-8" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="/path/to/keystore/sso.keystore" 
               keystorePass="changeit" keyAlias="sso"/>

然后，我启动了tomcat_server，alfresco_tomcat。

我传递链接：localhost：8080 / share（http） 由于（$ alfresco_tomcat / webapps / share / WEB-INF / web.xml）共享将我重定向到localhost：8444 / cas（https），在那里我看到了登录页面。 我键入：用户名：casuser，密码：Mellon＆lt; - 它的标准登录名/密码。

之后我又重新定向到http://localhost:8080/share/ ...，验证密钥，但是我有错误（在浏览器中是500错误） 在$ alfresco_tomcat / logs / localhost.log中：

SEVERE：servlet [jsp]的Servlet.service（）在路径[/ share]的上下文中引发了异常 java.lang.RuntimeException：javax.net.ssl.SSLHandshakeException：sun.security.validator.ValidatorException：PKIX路径构建失败：sun.security.provider.certpath.SunCertPathBuilderException：无法找到所请求目标的有效证书路径

用谷歌搜索后，我得到了一些信息，即共享无法验证我的证书（我已添加）。

请帮我解决这个问题...

Answer 1

哦......对我来说这很容易和愚蠢

我的问题是cas_tomcat与JVM_1绑定，alfresco_tomcat与JVM_2绑定...

现在，我将cas_tomcat，alfresco_tomcat与常见的JVM绑定在一起。 密钥库验证成功