shiro 整合cas Unable to validate ticket [XXXXX] 报错

springmvc框架，原来框架是shiro登录验证，现在是整合加入cas做单点登录，cas服务端正常，使用的http访问，需要修改的地方都已经修改，客户端访问，可疑重定位到服务端登录页面，输入用户名密码，验证成功，ticket一直不成功，报错如下：
org.apache.shiro.cas.CasAuthenticationException: Unable to validate ticket [ST-1-sKV93x5u-2j9T5L-6RenQo2ELGUPC-20191208TVTU]
at com.msunsoft.shiro.ShiroCasRealm.doGetAuthenticationInfo(ShiroCasRealm.java:101) ~[zygate-service-0.0.1-SNAPSHOT.jar:na]
at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:571) ~[shiro-core-1.5.3.jar:1.5.3]
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180) ~[shiro-core-1.5.3.jar:1.5.3]
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:273) ~[shiro-core-1.5.3.jar:1.5.3]
at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) ~[shiro-core-1.5.3.jar:1.5.3]
at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) ~[shiro-core-1.5.3.jar:1.5.3]
at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:275) ~[shiro-core-1.5.3.jar:1.5.3]
at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:260) [shiro-core-1.5.3.jar:1.5.3]
at org.apache.shiro.web.filter.authc.AuthenticatingFilter.executeLogin(AuthenticatingFilter.java:53) ~[shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.cas.CasFilter.onAccessDenied(CasFilter.java:88) [shiro-cas-1.5.3.jar:1.5.3]
at org.apache.shiro.web.filter.AccessControlFilter.onAccessDenied(AccessControlFilter.java:133) [shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:162) [shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.web.filter.PathMatchingFilter.isFilterChainContinued(PathMatchingFilter.java:214) [shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:189) [shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:131) [shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) [shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) [shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) [shiro-core-1.5.3.jar:1.5.3]
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) [shiro-core-1.5.3.jar:1.5.3]
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387) [shiro-core-1.5.3.jar:1.5.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) [shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.5.3.jar:1.5.3]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.16]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.16]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121) [spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.16]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.16]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) [catalina.jar:8.5.16]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [catalina.jar:8.5.16]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) [catalina.jar:8.5.16]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [catalina.jar:8.5.16]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) [catalina.jar:8.5.16]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624) [catalina.jar:8.5.16]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [catalina.jar:8.5.16]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [catalina.jar:8.5.16]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) [tomcat-coyote.jar:8.5.16]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-coyote.jar:8.5.16]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) [tomcat-coyote.jar:8.5.16]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) [tomcat-coyote.jar:8.5.16]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-coyote.jar:8.5.16]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_191]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_191]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.5.16]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_191]
Caused by: org.jasig.cas.client.validation.TicketValidationException: 鏈兘澶熻瘑鍒嚭鐩爣 'ST-1-sKV93x5u-2j9T5L-6RenQo2ELGUPC-20191208TVTU'绁ㄦ牴
at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:84) ~[cas-client-core-3.3.3.jar:3.3.3]
at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:208) ~[cas-client-core-3.3.3.jar:3.3.3]
at com.msunsoft.shiro.ShiroCasRealm.doGetAuthenticationInfo(ShiroCasRealm.java:80) ~[zygate-service-0.0.1-SNAPSHOT.jar:na]
... 48 common frames omitted
10:07:09.417 [http-nio-8080-exec-9] DEBUG o.a.shiro.web.servlet.SimpleCookie - Found 'shiro.sesssion' cookie value [a16b8f0f-cffe-4dbf-a8be-9477075a5e4a]
10:07:09.572 [http-nio-8080-exec-1] DEBUG o.a.shiro.web.servlet.SimpleCookie - Found 'shiro.sesssion' cookie value [a16b8f0f-cffe-4dbf-a8be-9477075a5e4a]
10:07:09.608 [http-nio-8080-exec-2] DEBUG o.a.shiro.web.servlet.SimpleCookie - Found 'shiro.sesssion' cookie value [a16b8f0f-cffe-4dbf-a8be-9477075a5e4a]
shiro.xml的代码：

<!-- 告诉CasRealm 的CAS服务器地址和回调地址,項目自定义的Realm -->
<!-- <bean id="zyhdShiroDbRealm" class="com.msunsoft.shiro.ZyhdShiroDbRealm" /> -->
<bean id="casRealm" class="com.msunsoft.shiro.ShiroCasRealm">
  <property name="sysUsersService1" ref="sysUsersService"/>
  <!-- cas服务端地址前缀 -->
  <property name="casServerUrlPrefix" value="http://cas.server.org:7070/cas" />
  <!-- 应用服务地址，用来接收cas服务端票据,客户端的cas入口 -->
  <property name="casService" value="http://cas.client.org:8080/zygate-web/shiro-cas" />
</bean>

<bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
    <property name="hashAlgorithmName" value="MD5"/>
    <property name="hashIterations" value="1"/>
</bean>
<!-- session存储的实现 -->
<bean id="shiroSessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"/>

<bean id="shiroSimpleCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
  <constructor-arg name="name" value="SHAREJSESSIONID"/>
  <property name="maxAge" value="-1"/>
</bean>

<!-- session管理器 -->
<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<!-- 超时时间 -->
  <property name="globalSessionTimeout" value="-1"/>
  <!-- session存储的实现 -->
  <property name="sessionDAO" ref="shiroSessionDAO"/>
  <!-- sessionIdCookie的实现,用于重写覆盖容器默认的JSESSIONID -->
  <property name="sessionIdCookie" ref="simpleCookie"/>
  <!-- <property name="sessionIdCookie" ref="shiroSimpleCookie"/> -->
  <!-- 定时检查失效的session -->
  <property name="sessionValidationSchedulerEnabled" value="true"/>
</bean>

<!-- sessionIdCookie的实现,用于重写覆盖容器默认的JSESSIONID -->
 <bean id="simpleCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
    <constructor-arg name="name" value="shiro.sesssion"/>
    <property name="path" value="/"/>
 </bean>

<bean id="casSubjectFactory" class="org.apache.shiro.cas.CasSubjectFactory"/>

<!-- <bean id="shiroCacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager"/> -->

<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
 <!--单个realm使用realm,如果有多个realm，使用realms属性代替--> 
  <property name="realm" ref="casRealm"/>
  <!-- session 管理器 -->
  <property name="sessionManager" ref="sessionManager"/>
  <!-- 缓存管理器 -->
  <property name="cacheManager" ref="shiroEhcacheManager"/>
  <property name="subjectFactory" ref="casSubjectFactory"/>
</bean>

    <!-- 用户授权信息Cache, 采用EhCache -->
<bean id="shiroEhcacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
    <property name="cacheManagerConfigFile" value="classpath:spring/ehcache-shiro.xml" />
</bean>

<bean id="casFilter" class="org.apache.shiro.cas.CasFilter">
<!-- 配置验证错误时的失败页面 -->
  <property name="failureUrl" value="http://cas.server.org:7070/cas/login?service=http://cas.client.org:8080/zygate-web/jsp/casFailure.jsp"/>
  <property name="successUrl" value="http://cas.client.org:8080/zygate-web/shiro-cas"/>
</bean>
<bean id="logoutFilter" class="org.apache.shiro.web.filter.authc.LogoutFilter">
  <property name="redirectUrl" value="http://cas.server.org:7070/cas//logout?service=http://cas.client.org:8080/zygate-web/msunLogout"/>
</bean>

 <bean id="casLogoutFilter" class="com.msunsoft.shiro.CasLogoutFilter">
    <property name="sessionManager" ref="sessionManager"/>
</bean>

<!--shiro过滤器配置，bean的id值须与web中的filter-name的值相同--> 
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!-- 安全管理器 -->
  <property name="securityManager" ref="securityManager"/>
  <!-- 验证用户未登录时跳转的登录地址 -->
  <property name="loginUrl" value="http://cas.server.org:7070/cas/login?service=http://cas.client.org:8080/zygate-web/shiro-cas"/>
  <!-- 登陆成功后跳转的url -->

<!-- 验证用户权限的跳转地址 -->
    <property name="unauthorizedUrl" value="/" />
  <property name="filters">
    <map>
        <!--添加登出过滤  --> 
        <entry key="logoutFilter" value-ref="logoutFilter" />
      <!--添加cas的过滤器到shiro  -->
      <entry key="casFilter" value-ref="casFilter"/>
      <entry key="casLogout" value-ref="casLogoutFilter" />
    </map>
  </property>
  <property name="filterChainDefinitions">
    <value>
    /jsp/casFailure.jsp = anon
    /shiro-cas=casFilter
    /msunLogout = logoutFilter,casLogout
    /** = authc
    </value>
  </property>
</bean>

<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>

<!-- AOP式方法级权限检查  -->  
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">
  <property name="proxyTargetClass" value="true"/>
</bean>

<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
  <property name="securityManager" ref="securityManager"/>
</bean>
<!--============================== SSO结束 ==============================-->

求大神给帮忙看下，多谢！

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
threenewbee 2020-07-25 14:35
关注
https://blog.csdn.net/hao01111/article/details/84662888

解决 1
无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

shiro logout()报错 java.net.ConnectException: Connection refused: connect java spring boot 后端有问必答
2021-10-12 11:05

回答 2 已采纳如果你的shiro 用了redis 作为缓存登录的session 信息。检查下当前得redis 是否正常？网络是否正常？
spring-boot整合shiro框架启动报错 intellij-idea java spring
2021-06-11 21:13

回答 1 已采纳在很多SpringBoot项目中，common或者parent 做了shiro依赖，这样其他模块项目总是提示 No bean of type 'org.apache.shiro.realm.Real
springboot使用shiro框架启动报错 java spring spring boot
2022-02-21 11:28

回答 2 已采纳自动注入报错了，核心的错误信息没给出来 0.0 兄弟啊错误信息主要看cause by，根据那玩意去百度，解决方案不少的
基于springboot，cas5.3,shiro,pac4j,rest接口获取ticket不再跳转cas server登录页
2021-09-08 16:30

基于springboot，cas,shiro,pac4j,实现cas rest接口获取ticket，不再跳转cas server登录页
springboot +shiro+maven 打包运行项目报错 java maven tomcat
2019-12-10 16:24

回答 1 已采纳 maven打war吗 springboot打war包是注意把springboot自带的tomcat相关的包排除掉
Shiro框架报错：Authentication failed for token submission eclipse java spring
2020-04-21 12:50

回答 1 已采纳 SecurityRealm类的34行报空指针，你看下34行是啥逻辑
springmvc和shiro整合时出错 spring
2018-08-29 07:07

回答 7 已采纳这个真不好找，自己慢慢琢磨吧，或者看看这位大佬的博客https://blog.csdn.net/acmman/article/list/4
Cas单点登录（整合shiro版本）
2022-04-14 10:25

m0_67392811的博客 CAS框架：CAS（Central Authentication Service）是实现SSO单点登录的框架。逻辑关系图：（注：图为转载） [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-bnslZ5ZI-1649903084532)...
springBoot整合shiro框架的问题 java
2022-04-12 21:19

回答 1 已采纳没有看到shiro的配置文件呢？发配置出来看看。
Springboot整合shiro 拦截失效 java spring spring boot
2022-01-17 14:27

回答 1 已采纳不太懂这个，拦截的路由不应该是userGo吗
spring mvc+shiro 整合问题 intellij-idea java java-ee maven spring
2019-06-02 13:18

回答 2 已采纳有没有人啊困扰我好几天了
shiro学习-shiro集成cas
2016-08-30 13:02

cloudsoft_TaoT的博客公司最近要求全部系统接上CAS（SSO），研究了2天，终于对接上了闲话少叙，先了解CAS的工作原理，注：一定要了解，不然后期很难开展工作直接上图：（注：此图别人画的，目前不晓得出处，所以对不起作者了） ...
shiro中IniSecurityManagerFactory方法可以使用但是DefaultSecurityManager就在报错说用户不存在 java
2023-01-03 10:52

回答 1 已采纳建议你看下这篇博客👉 ：关于shiro中IniSecurityManagerFactory方法过期
Springboot 集成 Shiro 和 CAS 实现单点登录(客户端)
2022-01-04 21:20

BUG弄潮儿的博客前言这里我先要说明一下，我们的项目架构是Springboot+Shiro+Ehcache+ThymeLeaf+Mybaits,在这个基础上，我们再加入了CAS单点登录，虽然前面的框架看着很...
Unable to start embedded Tomcat报错解决方案
2021-08-31 11:29

摸Bug校尉的博客启动Eureka服务报错：org.springframework.context.ApplicationContextException: Unable to start web server; nested exception is org.springframework.boot.web.server.WebServerException: Unable to start ...
没有解决我的问题, 去提问

悬赏问题

¥15 怎么把多于硬盘空间放到根目录下
¥15 Matlab问题解答有两个问题
¥50 Oracle Kubernetes服务器集群主节点无法访问，工作节点可以访问
¥15 LCD12864中文显示
¥15 在使用CH341SER.EXE时不小心把所有驱动文件删除了怎么解决
¥15 gsoap生成onvif框架
¥15 有关sql server business intellige安装，包括SSDT、SSMS。
¥15 stm32的can接口不能收发数据
¥15 目标检测算法移植到arm开发板
¥15 利用JD51设计温度报警系统

shiro 整合cas Unable to validate ticket [XXXXX] 报错

1条回答 默认 最新

悬赏问题

1条回答默认最新