spring security和cas结合报错

wenwen1 发布于 2013/04/16 16:14
阅读 689
收藏 0

我的gvsunxmgl-security-context.xml如下:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:context="http://www.springframework.org/schema/context"
             xmlns:lang="http://www.springframework.org/schema/lang"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans   
                                 http://www.springframework.org/schema/beans/spring-beans-3.1.xsd      
                                 http://www.springframework.org/schema/security    
                                 http://www.springframework.org/schema/security/spring-security-3.1.xsd        http://www.springframework.org/schema/context         http://www.springframework.org/schema/context/spring-context-3.1.xsd">

    <!--
        Enable security, let the casAuthenticationEntryPoint handle all intercepted urls.
        The CAS_FILTER needs to be in the right position within the filter chain.
    -->
    <http entry-point-ref="casAuthenticationEntryPoint" auto-config="true">
        <intercept-url pattern="/**" access="ROLE_USER"></intercept-url>
        <custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></custom-filter>
    </http>
  <!--
        Required for the casProcessingFilter, so define it explicitly set and
        specify an Id Even though the authenticationManager is created by
        default when namespace based config is used.
    -->
    <authentication-manager alias="authenticationManager">
        <authentication-provider ref="casAuthenticationProvider"></authentication-provider>
    </authentication-manager>
    <!--
     This section is used to configure CAS. The service is the
        actual redirect that will be triggered after the CAS login sequence.
    -->
    <beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
        <beans:property name="service" value="http://localhost:8080/gvsunxmgl/j_spring_cas_security_check"></beans:property>
        <beans:property name="sendRenew" value="false"></beans:property>
    </beans:bean>   
        <!--
        The CAS filter handles the redirect from the CAS server and starts the ticket validation.
    -->
    <beans:bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
        <beans:property name="authenticationManager" ref="authenticationManager"></beans:property>
    </beans:bean>
    <!--
        The entryPoint intercepts all the CAS authentication requests.
        It redirects to the CAS loginUrl for the CAS login page.
    -->
    <beans:bean id="casAuthenticationEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
        <beans:property name="loginUrl" value="https://cas.gvsun.com:8443/cas/login"></beans:property>
        <beans:property name="serviceProperties" ref="serviceProperties"></beans:property>
    </beans:bean>
    <!--
        Handles the CAS ticket processing.
     -->
    <beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
        <beans:property name="userDetailsService" ref="userDetailsService"></beans:property>
        <beans:property name="serviceProperties" ref="serviceProperties"></beans:property>
        <beans:property name="ticketValidator">
            <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
                <beans:constructor-arg index="0" value="https://cas.gvsun.com:8443/cas"/>
            </beans:bean>
        </beans:property>
        <beans:property name="key" value="cas"></beans:property>
    </beans:bean>

    <!--
        The users available for this application.

    -->
  <beans:bean class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl" id="userDetailsService">
        <beans:property name="rolePrefix" value="ROLE_"/>
        <beans:property name="dataSource" ref="springSecurityDataSource"/>
        <beans:property name="usersByUsernameQuery" value="SELECT UserName,Password,Enabled FROM user WHERE UserName = ?"/>
        <beans:property name="authoritiesByUsernameQuery" value="SELECT u.UserName, a.AuthorityName FROM user u JOIN user_authority ua on u.ID = ua.User_ID JOIN authority a on ua.Authority_ID = a.ID WHERE u.UserName = ?"/>
    </beans:bean>
</beans:beans>

tomcat中的conf中的server.xml中是如下配置的:

 <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"    
           port="8443" minSpareThreads="5" maxSpareThreads="75"    
           enableLookups="true" disableUploadTimeout="true"      
           acceptCount="100"  maxThreads="200"    
           scheme="https" secure="true" SSLEnabled="true"    
           clientAuth="false" sslProtocol="TLS"    
           keystoreFile="e:/cas.gvsun.keystore"      
           keystorePass="changeit"/>
证书已经导入到了jdk中的security中的cacerts中去了。

为什么我运行之后会报如下错误:

java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:328)
	org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:291)
	org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:32)
	org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:187)
	org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:140)
	org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:126)
	org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
	org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:242)
	org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:65)
	org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
	org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
	org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
	org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
	org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
这该怎么解决啊?

加载中
返回顶部
顶部