springmvc框架,原来框架是shiro登录验证,现在是整合加入cas做单点登录,cas服务端正常,使用的http访问,需要修改的地方都已经修改,客户端访问,可疑重定位到服务端登录页面,输入用户名密码,验证成功,ticket一直不成功,报错如下:
org.apache.shiro.cas.CasAuthenticationException: Unable to validate ticket [ST-1-sKV93x5u-2j9T5L-6RenQo2ELGUPC-20191208TVTU]
at com.msunsoft.shiro.ShiroCasRealm.doGetAuthenticationInfo(ShiroCasRealm.java:101) ~[zygate-service-0.0.1-SNAPSHOT.jar:na]
at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:571) ~[shiro-core-1.5.3.jar:1.5.3]
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doSingleRealmAuthentication(ModularRealmAuthenticator.java:180) ~[shiro-core-1.5.3.jar:1.5.3]
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:273) ~[shiro-core-1.5.3.jar:1.5.3]
at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) ~[shiro-core-1.5.3.jar:1.5.3]
at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) ~[shiro-core-1.5.3.jar:1.5.3]
at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:275) ~[shiro-core-1.5.3.jar:1.5.3]
at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:260) [shiro-core-1.5.3.jar:1.5.3]
at org.apache.shiro.web.filter.authc.AuthenticatingFilter.executeLogin(AuthenticatingFilter.java:53) ~[shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.cas.CasFilter.onAccessDenied(CasFilter.java:88) [shiro-cas-1.5.3.jar:1.5.3]
at org.apache.shiro.web.filter.AccessControlFilter.onAccessDenied(AccessControlFilter.java:133) [shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.web.filter.AccessControlFilter.onPreHandle(AccessControlFilter.java:162) [shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.web.filter.PathMatchingFilter.isFilterChainContinued(PathMatchingFilter.java:214) [shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.web.filter.PathMatchingFilter.preHandle(PathMatchingFilter.java:189) [shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:131) [shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66) [shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) [shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) [shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) [shiro-core-1.5.3.jar:1.5.3]
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) [shiro-core-1.5.3.jar:1.5.3]
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387) [shiro-core-1.5.3.jar:1.5.3]
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) [shiro-web-1.5.3.jar:1.5.3]
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.5.3.jar:1.5.3]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) [spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) [spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.16]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.16]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121) [spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [catalina.jar:8.5.16]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [catalina.jar:8.5.16]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) [catalina.jar:8.5.16]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [catalina.jar:8.5.16]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) [catalina.jar:8.5.16]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [catalina.jar:8.5.16]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) [catalina.jar:8.5.16]
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624) [catalina.jar:8.5.16]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [catalina.jar:8.5.16]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [catalina.jar:8.5.16]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) [tomcat-coyote.jar:8.5.16]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-coyote.jar:8.5.16]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) [tomcat-coyote.jar:8.5.16]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) [tomcat-coyote.jar:8.5.16]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-coyote.jar:8.5.16]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_191]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_191]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.5.16]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_191]
Caused by: org.jasig.cas.client.validation.TicketValidationException: 鏈兘澶熻瘑鍒嚭鐩爣 'ST-1-sKV93x5u-2j9T5L-6RenQo2ELGUPC-20191208TVTU'绁ㄦ牴
at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:84) ~[cas-client-core-3.3.3.jar:3.3.3]
at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:208) ~[cas-client-core-3.3.3.jar:3.3.3]
at com.msunsoft.shiro.ShiroCasRealm.doGetAuthenticationInfo(ShiroCasRealm.java:80) ~[zygate-service-0.0.1-SNAPSHOT.jar:na]
... 48 common frames omitted
10:07:09.417 [http-nio-8080-exec-9] DEBUG o.a.shiro.web.servlet.SimpleCookie - Found 'shiro.sesssion' cookie value [a16b8f0f-cffe-4dbf-a8be-9477075a5e4a]
10:07:09.572 [http-nio-8080-exec-1] DEBUG o.a.shiro.web.servlet.SimpleCookie - Found 'shiro.sesssion' cookie value [a16b8f0f-cffe-4dbf-a8be-9477075a5e4a]
10:07:09.608 [http-nio-8080-exec-2] DEBUG o.a.shiro.web.servlet.SimpleCookie - Found 'shiro.sesssion' cookie value [a16b8f0f-cffe-4dbf-a8be-9477075a5e4a]
shiro.xml的代码:
<!-- 告诉CasRealm 的CAS服务器地址和回调地址,項目自定义的Realm -->
<!-- <bean id="zyhdShiroDbRealm" class="com.msunsoft.shiro.ZyhdShiroDbRealm" /> -->
<bean id="casRealm" class="com.msunsoft.shiro.ShiroCasRealm">
<property name="sysUsersService1" ref="sysUsersService"/>
<!-- cas服务端地址前缀 -->
<property name="casServerUrlPrefix" value="http://cas.server.org:7070/cas" />
<!-- 应用服务地址,用来接收cas服务端票据,客户端的cas入口 -->
<property name="casService" value="http://cas.client.org:8080/zygate-web/shiro-cas" />
</bean>
<bean id="credentialsMatcher" class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
<property name="hashAlgorithmName" value="MD5"/>
<property name="hashIterations" value="1"/>
</bean>
<!-- session存储的实现 -->
<bean id="shiroSessionDAO" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"/>
<bean id="shiroSimpleCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<constructor-arg name="name" value="SHAREJSESSIONID"/>
<property name="maxAge" value="-1"/>
</bean>
<!-- session管理器 -->
<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<!-- 超时时间 -->
<property name="globalSessionTimeout" value="-1"/>
<!-- session存储的实现 -->
<property name="sessionDAO" ref="shiroSessionDAO"/>
<!-- sessionIdCookie的实现,用于重写覆盖容器默认的JSESSIONID -->
<property name="sessionIdCookie" ref="simpleCookie"/>
<!-- <property name="sessionIdCookie" ref="shiroSimpleCookie"/> -->
<!-- 定时检查失效的session -->
<property name="sessionValidationSchedulerEnabled" value="true"/>
</bean>
<!-- sessionIdCookie的实现,用于重写覆盖容器默认的JSESSIONID -->
<bean id="simpleCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<constructor-arg name="name" value="shiro.sesssion"/>
<property name="path" value="/"/>
</bean>
<bean id="casSubjectFactory" class="org.apache.shiro.cas.CasSubjectFactory"/>
<!-- <bean id="shiroCacheManager" class="org.apache.shiro.cache.MemoryConstrainedCacheManager"/> -->
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<!--单个realm使用realm,如果有多个realm,使用realms属性代替-->
<property name="realm" ref="casRealm"/>
<!-- session 管理器 -->
<property name="sessionManager" ref="sessionManager"/>
<!-- 缓存管理器 -->
<property name="cacheManager" ref="shiroEhcacheManager"/>
<property name="subjectFactory" ref="casSubjectFactory"/>
</bean>
<!-- 用户授权信息Cache, 采用EhCache -->
<bean id="shiroEhcacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManagerConfigFile" value="classpath:spring/ehcache-shiro.xml" />
</bean>
<bean id="casFilter" class="org.apache.shiro.cas.CasFilter">
<!-- 配置验证错误时的失败页面 -->
<property name="failureUrl" value="http://cas.server.org:7070/cas/login?service=http://cas.client.org:8080/zygate-web/jsp/casFailure.jsp"/>
<property name="successUrl" value="http://cas.client.org:8080/zygate-web/shiro-cas"/>
</bean>
<bean id="logoutFilter" class="org.apache.shiro.web.filter.authc.LogoutFilter">
<property name="redirectUrl" value="http://cas.server.org:7070/cas//logout?service=http://cas.client.org:8080/zygate-web/msunLogout"/>
</bean>
<bean id="casLogoutFilter" class="com.msunsoft.shiro.CasLogoutFilter">
<property name="sessionManager" ref="sessionManager"/>
</bean>
<!--shiro过滤器配置,bean的id值须与web中的filter-name的值相同-->
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<!-- 安全管理器 -->
<property name="securityManager" ref="securityManager"/>
<!-- 验证用户未登录时跳转的登录地址 -->
<property name="loginUrl" value="http://cas.server.org:7070/cas/login?service=http://cas.client.org:8080/zygate-web/shiro-cas"/>
<!-- 登陆成功后跳转的url -->
<!-- 验证用户权限的跳转地址 -->
<property name="unauthorizedUrl" value="/" />
<property name="filters">
<map>
<!--添加登出过滤 -->
<entry key="logoutFilter" value-ref="logoutFilter" />
<!--添加cas的过滤器到shiro -->
<entry key="casFilter" value-ref="casFilter"/>
<entry key="casLogout" value-ref="casLogoutFilter" />
</map>
</property>
<property name="filterChainDefinitions">
<value>
/jsp/casFailure.jsp = anon
/shiro-cas=casFilter
/msunLogout = logoutFilter,casLogout
/** = authc
</value>
</property>
</bean>
<!-- 保证实现了Shiro内部lifecycle函数的bean执行 -->
<bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
<!-- AOP式方法级权限检查 -->
<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" depends-on="lifecycleBeanPostProcessor">
<property name="proxyTargetClass" value="true"/>
</bean>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
<property name="securityManager" ref="securityManager"/>
</bean>
<!--============================== SSO结束 ==============================-->
求大神给帮忙看下,多谢!