Я выполнил настройку CAS в качестве веб-приложения tomcat на одном сервере.
Я использую этот сервис с другого сервера для проверки пользователя.
во время вызова службы она успешно генерирует билет, а также происходит его предоставление.
Когда билет проверяется, он генерирует исключение.
Фрагмент из которых доступен ниже.
Это для использования CAS с сервера, отличного от того, на котором настроен CAS.
Когда я использую CAS и развертываю свое приложение на том же сервере, он работает нормально.
При развертывании приложения на сервере, отличном от CAS, оно выдает исключение filenot found.
Это мой файл spring-security-cas.xml
http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="${service-url-login}" />
<property name="sendRenew" value="false" />
<property name="authenticateAllArtifacts" value="true" />
</bean>
<bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="proxyGrantingTicketStorage" ref="pgtStorage" />
<property name="proxyReceptorUrl" value="/j_spring_cas_security_proxyreceptor" />
<property name="serviceProperties" ref="serviceProperties" />
<property name="authenticationDetailsSource">
<bean class="org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource">
<constructor-arg ref="serviceProperties" />
</bean>
</property>
</bean>
<bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="${cas-url-login}" />
<property name="serviceProperties" ref="serviceProperties" />
</bean>
<bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="authenticationUserDetailsService">
<bean
class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<constructor-arg ref="userService" />
</bean>
</property>
<property name="serviceProperties" ref="serviceProperties" />
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator">
<constructor-arg value="${cas-url-prefix}" />
<property name="acceptAnyProxy" value="true" />
</bean>
</property>
<property name="statelessTicketCache" ref="ehcacheBasedTicketCache" />
<property name="key" value="an_id_for_this_auth_provider_only" />
<property name="authoritiesMapper" ref="simpleAuthorityMapper" />
</bean>
<bean id="simpleAuthorityMapper" class="org.springframework.security.core.authority.mapping.SimpleAuthorityMapper">
<property name="defaultAuthority" value="ROLE_NORMAL_USER"></property>
<property name="prefix" value="ROLE_"></property>
</bean>
<bean id="ehcacheBasedTicketCache" class="org.springframework.security.cas.authentication.EhCacheBasedTicketCache">
<property name="cache">
<bean class="net.sf.ehcache.Cache" init-method="initialise" destroy-method="dispose">
<constructor-arg value="casTickets" />
<constructor-arg value="50" />
<constructor-arg value="true" />
<constructor-arg value="false" />
<constructor-arg value="3600" />
<constructor-arg value="900" />
<property name="cacheManager">
<bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"></bean>
</property>
</bean>
</property>
</bean>
<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" />
<bean id="requestSingleLogoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg value="${cas-url-logout-service}" />
<constructor-arg>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" >
<property name="invalidateHttpSession" value="true"></property>
<property name="clearAuthentication" value="true"></property>
</bean>
</constructor-arg>
<property name="filterProcessesUrl" value="/j_spring_cas_security_logout" />
</bean>
<bean id="pgtStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />
Это ошибка, которая выдается.
java.lang.RuntimeException: java.io.FileNotFoundException: https://test.nycompany.in/cas/proxyValidate?ticket=ST-10-YA1Eqcdz2lI57fojFazr-&service=https%3A%2F%2Fhub.mycompany.in%2Fj_spring_cas_security_check
org.jasig.cas.client.util.CommonUtils.getResponseFromServer (CommonUtils.java:443)
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer (AbstractCasProtocolUrlBasedTicketValidator.java:41)
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate (AbstractUrlBasedTicketValidator.java:193)
org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow (CasAuthenticationProvider.java:158)
org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate (CasAuthenticationProvider.java:143)
org.springframework.security.authentication.ProviderManager.authenticate (ProviderManager.java:174)
org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication (CasAuthenticationFilter.java:270)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter (AbstractAuthenticationProcessingFilter.java:217)
org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter (FilterChainProxy.java:330)
org.jasig.cas.client.session.SingleSignOutFilter.doFilter (SingleSignOutFilter.java:97)
org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter (FilterChainProxy.java:330)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter (LogoutFilter.java:120)
org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter (FilterChainProxy.java:330)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter (LogoutFilter.java:120)
org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter (FilterChainProxy.java:330)
org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal (HeaderWriterFilter.java:64)
org.springframework.web.filter.OncePerRequestFilter.doFilter (OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter (FilterChainProxy.java:330)
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal (WebAsyncManagerIntegrationFilter.java:53)
org.springframework.web.filter.OncePerRequestFilter.doFilter (OncePerRequestFilter.java:107)
org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter (FilterChainProxy.java:330)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter (SecurityContextPersistenceFilter.java:91)
org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter (FilterChainProxy.java:330)
org.springframework.security.web.FilterChainProxy.doFilterInternal (FilterChainProxy.java:213)
org.springframework.security.web.FilterChainProxy.doFilter (FilterChainProxy.java:176)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate (DelegatingFilterProxy.java:344)org.springframework.web.filter.DelegatingFilterProxy.doFilter (DelegatingFilterProxy.java:261) org.springframework.orm.hibernate4.support.OpenSessionInViewFilter.doFilterInternal (OpenSessionInViewFilter.jworkqu.FilterFerterFerterFerterFerterFerterFF) ()OncePerRequestFilter.java:107) Основная причина
java.io.FileNotFoundException: https://test.mycompany.in/cas/proxyValidate?ticket=ST-10-YA1Eqcdz2lI57fojFazr-&service=https%3A%2F%2Fhub.mycompany.in%2Fj_spring_cas_security_check sun.net.www.protocol.http.HttpURLConnection.getInputStream0 (HttpURLConnection.java:1890) sun.net.www.protocol.http.CommonUtils.java:429) org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer (AbstractCasProtocolUrlBasedTicketValidator.java:41) org.jasig.cas.client.alid..springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow (CasAuthenticationProvider.java:158) org.springframework.security.cas.(ProviderManager.java:174) org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication (CasAuthenticationFilter.java:270) org.springframework.security.web.authentication.AbstractAuthenticationFree.security.web.FilterChainProxy.(FilterChainProxy.java:330) org.springframework.security.web.authentication.logout.LogoutFilter.doFilter (LogoutFilter.java:120) org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter (FilterChainProxy.java:330) org.springframework.security.web.authentication.logout.LogoutFilter.doFilter.doFilter (LogoutFilingf.web.FilterChainProxy $ VirtualFilterChain.doFilter (FilterChainProxy.java:330) org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal (HeaderWriterFilter.java:64) org.springfilterF107) org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter (FilterChainProxy.java:330) org.springframework.security.web.filter.OncePerRequestFilter.doFilter (OncePerRequestFilter.java:107) org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter (FilterChainProxy.java:330) org.springxtrame.SecurityContextPersistenceFilter.doFilter (SecurityContextPersistenceFilter.java:91) org.springframework.security.web.FilterChainProxy $ VirtualFilterChain.doFilter (FilterChainProxy.java:330) org.springframework.xyha.Fha.Ing.Filter.F.in.F.Serf.springframework.security.web.FilterChainProxy.doFilter (FilterChainProxy.java:176) org.springframework.web.filter.DelegatingFilterProxy.261) org.springframework.orm.hibernate4.support.OpenSessionInViewFilter.doFilterInternal (OpenSessionInViewFilter.java:152) org.springframework.web.filter.OncePerRequestFilter.doFilter * OncePerRequest:10свойство host.name в моем CAS, как host.name =Для того чтобы он мог принять запрос от другого сервера домена.
Я ожидаю, что это подтвердит прокси-билет из моего приложения.