使用CAS禁用servlet中的主机名验证程序

时间:2015-08-03 07:46:09

标签: java servlets ssl cas

我将CAS部署在虚拟机上(在jboss中)并且我正在尝试在servlet中使用cas登录,但是在用于身份验证和验证的过滤器中使用SAML协议,我得到javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present 将来我会收到一份合适的证书,但在那之前我想要禁用这个主机名验证器进行测试。我知道我应该@Override一些代码,但我不知道在我的servlet中如何以及在哪里这样做,它通过web.xml中的过滤器连接到CAS。目前我的servlet只是覆盖了doGET方法来打印我应该从CAS收到的东西。有谁可以帮助我吗?

提前谢谢。

更新:这是我在日志中看到的确切错误

ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/casuser].[cas]] (http-localhost-127.0.0.1-8080-1) Servlet.service() for servlet cas threw exception: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
    at org.jasig.cas.client.validation.Saml11TicketValidator.retrieveResponseFromServer(Saml11TicketValidator.java:275) [cas-client-core-3.3.3.jar:3.3.3]
    at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:200) [cas-client-core-3.3.3.jar:3.3.3]
    at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:206) [cas-client-core-3.3.3.jar:3.3.3]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
    at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:100) [cas-client-core-3.3.3.jar:3.3.3]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:489) [jbossweb-7.0.13.Final.jar:]
    at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
    at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_79]
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) [jsse.jar:1.7.0_79]
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904) [jsse.jar:1.7.0_79]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279) [jsse.jar:1.7.0_79]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273) [jsse.jar:1.7.0_79]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446) [jsse.jar:1.7.0_79]
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209) [jsse.jar:1.7.0_79]
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901) [jsse.jar:1.7.0_79]
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:837) [jsse.jar:1.7.0_79]
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023) [jsse.jar:1.7.0_79]
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332) [jsse.jar:1.7.0_79]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359) [jsse.jar:1.7.0_79]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343) [jsse.jar:1.7.0_79]
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) [rt.jar:1.7.0_79]
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) [rt.jar:1.7.0_79]
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1092) [rt.jar:1.7.0_79]
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250) [rt.jar:1.7.0_79]
    at org.jasig.cas.client.validation.Saml11TicketValidator.retrieveResponseFromServer(Saml11TicketValidator.java:259) [cas-client-core-3.3.3.jar:3.3.3]
    ... 19 more
Caused by: java.security.cert.CertificateException: No subject alternative names present
    at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:142) [rt.jar:1.7.0_79]
    at sun.security.util.HostnameChecker.match(HostnameChecker.java:91) [rt.jar:1.7.0_79]
    at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:347) [jsse.jar:1.7.0_79]
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:203) [jsse.jar:1.7.0_79]
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) [jsse.jar:1.7.0_79]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428) [jsse.jar:1.7.0_79]
    ... 31 more

1 个答案:

答案 0 :(得分:1)

您应该为ticketGrantingTicketCookieGenerator设置p:cookieSecure =“false”。

https://wiki.jasig.org/display/CASUM/Securing+Your+New+CAS+Server