如何配置CAS来验证代理票证

时间:2019-04-01 07:16:25

标签: java single-sign-on cas

我已经在一台服务器上将CAS设置为tomcat Webapp。 我正在从另一台服务器使用此服务来验证用户。 调用服务时,它会成功生成票证,并且还会授予票证。

在验证票证时,它会抛出一个未找到的异常文件。 以下是其摘要。

这用于从与配置CAS的服务器不同的服务器使用CAS。 当我使用CAS并将应用程序部署在同一服务器上时,它可以正常工作。 当我在不同于CAS的服务器中部署我的应用程序时,它将引发filenot found异常。

这是我的spring-security-cas.xml文件

http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd         http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd         http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd         http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd“>

<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
    <property name="service" value="${service-url-login}" />
    <property name="sendRenew" value="false" />
    <property name="authenticateAllArtifacts" value="true" />
</bean>

<bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager" />
    <property name="proxyGrantingTicketStorage" ref="pgtStorage" />
    <property name="proxyReceptorUrl" value="/j_spring_cas_security_proxyreceptor" />
    <property name="serviceProperties" ref="serviceProperties" />
    <property name="authenticationDetailsSource">
        <bean class="org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource">
            <constructor-arg ref="serviceProperties" />
        </bean>
    </property>
</bean>

<bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
    <property name="loginUrl" value="${cas-url-login}" />
    <property name="serviceProperties" ref="serviceProperties" />
</bean>

<bean id="casAuthenticationProvider"
    class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
    <property name="authenticationUserDetailsService">
        <bean
            class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
            <constructor-arg ref="userService" />
        </bean>
    </property>
    <property name="serviceProperties" ref="serviceProperties" />
    <property name="ticketValidator">
        <bean class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator">
            <constructor-arg value="${cas-url-prefix}" />
            <property name="acceptAnyProxy" value="true" />
        </bean>
    </property>
    <property name="statelessTicketCache" ref="ehcacheBasedTicketCache" />
    <property name="key" value="an_id_for_this_auth_provider_only" />
    <property name="authoritiesMapper" ref="simpleAuthorityMapper" />
</bean>

<bean id="simpleAuthorityMapper" class="org.springframework.security.core.authority.mapping.SimpleAuthorityMapper">
    <property name="defaultAuthority" value="ROLE_NORMAL_USER"></property>
    <property name="prefix" value="ROLE_"></property>
</bean>

<bean id="ehcacheBasedTicketCache" class="org.springframework.security.cas.authentication.EhCacheBasedTicketCache">
    <property name="cache">
        <bean class="net.sf.ehcache.Cache" init-method="initialise" destroy-method="dispose">
            <constructor-arg value="casTickets" />
            <constructor-arg value="50" />
            <constructor-arg value="true" />
            <constructor-arg value="false" />
            <constructor-arg value="3600" />
            <constructor-arg value="900" />
            <property name="cacheManager">
                <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"></bean>
            </property>
        </bean>
    </property>
</bean>

<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" />

<bean id="requestSingleLogoutFilter"
    class="org.springframework.security.web.authentication.logout.LogoutFilter">
    <constructor-arg value="${cas-url-logout-service}" />
    <constructor-arg>
        <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" >
            <property name="invalidateHttpSession" value="true"></property>
            <property name="clearAuthentication" value="true"></property>
        </bean>
    </constructor-arg>
    <property name="filterProcessesUrl" value="/j_spring_cas_security_logout" />
</bean>

<bean id="pgtStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />

这是引发的错误。

java.lang.RuntimeException:java.io.FileNotFoundException:https://test.nycompany.in/cas/proxyValidate?ticket=ST-10-YA1Eqcdz2lI57fojFazr-&service=https%3A%2F%2Fhub.mycompany.in%2Fj_spring_cas_security_check     org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:443)     org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41)     org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193)     org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:158)     org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:143)     org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)     org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:270)     org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)     org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330)     org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:97)     org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330)     org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)     org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330)     org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)     org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330)     org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)     org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)     org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330)     org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)     org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)     org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330)     org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)     org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330)     org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)     org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)     org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)     org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)     org.springframework.orm.hibernate4.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:152)     org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 根本原因

java.io.FileNotFoundException:https://test.mycompany.in/cas/proxyValidate?ticket=ST-10-YA1Eqcdz2lI57fojFazr-&service=https%3A%2F%2Fhub.mycompany.in%2Fj_spring_cas_security_check     sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1890)     sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)     sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263)     org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:429)     org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41)     org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193)     org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:158)     org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:143)     org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)     org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:270)     org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)     org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330)     org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:97)     org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330)     org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)     org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330)     org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)     org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330)     org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)     org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)     org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330)     org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)     org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)     org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330)     org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)     org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter(FilterChainProxy.java:330)     org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)     org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)     org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)     org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)     org.springframework.orm.hibernate4.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:152)     org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

我已在我的CAS中取消设置host.name属性,例如host.name = 为了使其能够接受来自其他域服务器的请求。

我希望这能验证我的应用程序中的代理票证。

1 个答案:

答案 0 :(得分:0)

我只是遇到了同样的问题。来自浏览器的java.lang.RuntimeException: java.io.FileNotFoundException was reachable之后的消息中的URL,并且该URL在CAS 6.0上正常工作,并已登录用户。

经过几次尝试,我发现运行该应用程序的计算机可以ping请求的域,但是整个URL的curl给出了404。

因此请检查系统设置。