tomcat配置jdk生成证书,https访问问题

使用了jdk生成的证书,安装后,进行访问
https://localhost:8443/
要求输入验证信息是什么意思?
图片说明

1个回答

你这默认的应用配置了个tomcat的容器认证的配置,跟证书没有关系。你不防把争取去掉试验下,也会这样。

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
其他相关推荐
Python+OpenCV计算机视觉

Python+OpenCV计算机视觉

jdk生成ssl自签名证书,修改tomcat配置文件后https访问报404

远程服务器端用jdk生成自签名的证书文件,之后在tomcat中的server.xml中修改配置,端口443,添加keystore路径及密码。本地用https请求服务器地址接口报404

Tomcat配置ssl证书,https 可以用ip访问,但是会提示危险,不能用域名访问

![图片说明](https://img-ask.csdn.net/upload/202003/07/1583581576_335405.png) ![图片说明](https://img-ask.csdn.net/upload/202003/07/1583581635_379035.png) web.xml配置好了,如下 ``` <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" scheme="https" secure="true" keystoreFile="cert/domain.pfx" keystoreType="PKCS12" keystorePass="9La5wA0w" clientAuth="false" SSLProtocol="SSL" ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,、 TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256"/> ``` 请问怎么才能用https+域名访问呢?证书是在阿里云上申请的有效期一年的证书。

Tomcat7配置SSL证书之后浏览器访问显示连接被重置

* netstat -ntlp 之后 8080 和 443端口 都有 * 8080可以正常访问 * 443端口出现 无法访问此网站 连接已重置 * ERR_CONNECTION_RESET * 证书是阿里云购买的 下载下来两个文件 一个.pfx 一个是密码 * server.xml文件如下 ``` <?xml version='1.0' encoding='utf-8'?> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <!-- Note: A "Server" is not itself a "Container", so you may not define subcomponents such as "Valves" at this level. Documentation at /docs/config/server.html --> <Server port="8005" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> <!-- Security listener. Documentation at /docs/config/listeners.html <Listener className="org.apache.catalina.security.SecurityListener" /> --> <!--APR library loader. Documentation at /docs/apr.html --> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html --> <Listener className="org.apache.catalina.core.JasperListener" /> <!-- Prevent memory leaks due to use of particular java/javax APIs--> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> <!-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html --> <GlobalNamingResources> <!-- Editable user database that can also be used by UserDatabaseRealm to authenticate users --> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> </GlobalNamingResources> <!-- A "Service" is a collection of one or more "Connectors" that share a single "Container" Note: A "Service" is not itself a "Container", so you may not define subcomponents such as "Valves" at this level. Documentation at /docs/config/service.html --> <Service name="Catalina"> <!--The connectors can use a shared executor, you can define one or more named thread pools--> <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" maxThreads="150" minSpareThreads="4"/> --> <!-- A "Connector" represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking & non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 --> <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <!-- A "Connector" using the shared thread pool--> <!-- <Connector executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> --> <!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the BIO implementation that requires the JSSE style configuration. When using the APR/native implementation, the OpenSSL style configuration is required as described in the APR/native documentation --> <Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" keystoreFile="/home/tomcat/apache-tomcat-7.0.94/cert/2095350_www.rumination.tech.pfx" keystoreType="PKCS12" keystorePass="hWD5bIfg" clientAuth="false" sslProtocol="TLS" /> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> <!-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). Documentation at /docs/config/engine.html --> <!-- You should set jvmRoute to support load-balancing via AJP ie : <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> --> <Engine name="Catalina" defaultHost="localhost"> <!--For clustering, please take a look at documentation at: /docs/cluster-howto.html (simple how to) /docs/config/cluster.html (reference documentation) --> <!-- <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> --> <!-- Use the LockOutRealm to prevent attempts to guess user passwords via a brute-force attack --> <Realm className="org.apache.catalina.realm.LockOutRealm"> <!-- This Realm uses the UserDatabase configured in the global JNDI resources under the key "UserDatabase". Any edits that are performed against this UserDatabase are immediately available for use by the Realm. --> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> <!-- SingleSignOn valve, share authentication between web applications Documentation at: /docs/config/valve.html --> <!-- <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> --> <!-- Access log processes all example. Documentation at: /docs/config/valve.html Note: The pattern used is equivalent to using pattern="common" --> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %t &quot;%r&quot; %s %b" /> </Host> </Engine> </Service> </Server> ```

配置tomcat的ssl双向配置https页面打不开

我用jdk的keytool工具生成一个密钥库tomcat.keystore文件,然后把根证书导入到密钥库,让其信任,然后配置tomcat的server.xml文件 <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="true" sslProtocol="TLS" keystoreFile="c:\Users\lrq\tomcat.keystore" keystorePass="password" truststoreFile="c:\Users\lrq\tomcat.keystore" truststorePass="password"/> 为什么我进入https页面显示无法显示。 这是jsp里的代码 % try { X509Certificate userCert = null; X509Certificate[] certs = (X509Certificate[]) request .getAttribute( "javax.servlet.request.X509Certificate"); if (("https").equalsIgnoreCase(request.getScheme())) { out.println("没有可用的客户端证书"); return; } if(certs!=null){ userCert = certs[0]; GACertParser gcp = new GACertParser(userCert); String station=gcp.getStation(); request.setAttribute("station", station); } } catch (Exception e) { out.println("获取用户权限时发生错误:" + e); return; }

tomcat https 双向配置走外网访问不了

公司接口要求走https协议,我用jdk自带的生成了服务端和客户端的证书。 ![图片说明](https://img-ask.csdn.net/upload/201603/29/1459220117_633743.png) 部署项目的tomcat里配置是: <Connector port="8843" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:/up/server/serverKeystore.jks" keystorePass="tytell" truststoreFile="C:/up/server/serverTruststore.jks" truststorePass="tytell"/> 调用程序加载是: FileInputStream keyStoreIn = new FileInputStream(new File("D:\\TellingWork\\key\\clientKeystore.jks")); FileInputStream trustStoreIn = new FileInputStream(new File("D:\\TellingWork\\key\\clientTruststore.jks")); try { keyStore.load(keyStoreIn, "tytell".toCharArray()); trustStore.load(trustStoreIn, "tytell".toCharArray()); 调用程序用内网访问https是可以,但外网为啥不行啊??? 用外网抛的错: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? 请教各位啊,有点捉急!!!

tomcat 配置https 异常

1.首先用jdk自带的工具keytool生成一个"服务器证书" JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore C:\tomcat.key 提示输入密码,使用Tomcat的默认值changeit 输入相关信息后确认 将生成PCKS1.2格式的数字证书于C:\tomcat.key 在tomcat server.xml中配置了如下: <Connector className="org.apache.coyote.tomcat5.CoyoteConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystorePass="changeit" keystoreFile="C:/tomcat.key" /> JDK1.5 配置应该没错吧,但是服务器启动的时候出现了下面的异常,也访问不了 java.io.IOException: Cannot recover key at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:125) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88) at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292) at org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:138) at org.apache.catalina.connector.Connector.initialize(Connector.java:1016) at org.apache.catalina.core.StandardService.initialize(StandardService.java:580) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:791) at org.apache.catalina.startup.Catalina.load(Catalina.java:503) at org.apache.catalina.startup.Catalina.load(Catalina.java:523) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412) - Catalina.start LifecycleException: Protocol handler initialization failed: java.io.IOException: Cannot recover key at org.apache.catalina.connector.Connector.initialize(Connector.java:1018) at org.apache.catalina.core.StandardService.initialize(StandardService.java:580) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:791) at org.apache.catalina.startup.Catalina.load(Catalina.java:503) at org.apache.catalina.startup.Catalina.load(Catalina.java:523) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:247) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412) - Initialization processed in 672 ms - Starting service Catalina - Starting Servlet Engine: Apache Tomcat/5.5.16 - XML validation disabled - Starting Coyote HTTP/1.1 on http-7777 - Error starting endpoint java.io.IOException: Cannot recover key at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:125) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88) at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292) at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:312) at org.apache.coyote.http11.Http11BaseProtocol.start(Http11BaseProtocol.java:150) at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:75) at org.apache.catalina.connector.Connector.start(Connector.java:1089) at org.apache.catalina.core.StandardService.start(StandardService.java:459) at org.apache.catalina.core.StandardServer.start(StandardServer.java:709) at org.apache.catalina.startup.Catalina.start(Catalina.java:551) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) - Catalina.start: LifecycleException: service.getName(): "Catalina"; Protocol handler start failed: java.io.IOException: Cannot recover key at org.apache.catalina.connector.Connector.start(Connector.java:1096) at org.apache.catalina.core.StandardService.start(StandardService.java:459) at org.apache.catalina.core.StandardServer.start(StandardServer.java:709) at org.apache.catalina.startup.Catalina.start(Catalina.java:551) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) 是不是还需要在哪配置下呢?

tomcat 中 https 的配置问题

我是按下面的方法进行配置的(网上找的): 1.生成 server key : 以命令行方式切换到目录%TOMCAT_HOME%,在command命令行输入如下命令(jdk1.4以上带的工具): keytool -genkey -alias tomcat -keyalg RSA -keypass changeit -storepass changeit -keystore server.keystore -validity 3600 2.将证书导入的JDK的证书信任库中: (1)keytool -export -trustcacerts -alias tomcat -file server.cer -keystore server.keystore -storepass changeit (2)keytool -import -trustcacerts -alias tomcat -file server.cer -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit 3.Tomcat中的server.xml文件修改: <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" minSpareThreads="5" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keystoreFile="D:\apache-tomcat-6.0.14\server.keystore" keystorePass="changeit"/> 4.验证: https://localhost:8443/ 5.问题来了,输入https://localhost:8443/,页面能出来,但IE地址栏中出现“证书错误”。 [img]/upload/attachment/139891/dd38e952-5a03-373d-a72b-24f46f524d8b.jpg[/img] 6.把刚刚用命令行生成的证书导入到IE中,“证书错误”还是解决不了。 [img]/upload/attachment/139896/353f1b45-d5e3-35aa-a590-daaf8d292d84.jpg[/img] 请问这方面有经验的兄弟,“证书错误”怎么样配置才能消失?谢谢。另:这样做,用https访问的话,是不是就把URL加密了? [b]问题补充:[/b] 我就是按这个进行配置的,启动Tomcat后,访问 https://localhost:8443/是没有问题的,但“证书错误”一直不能摆平,我也试了在IE里导入证书,但不管用。。。

通配型ssl证书可以在同一台服务器中的多个tomcat中使用吗

我在服务器中部署三个tomcat,有一个通配型的证书、一个主域名、两个二级域名。 三个Tomcat中分别部署着不同的项目,我想让这三个tomcat下的项目都能通过htts访问,不知道能实现吗?

jdk中的jre/lib/security目录下为啥要导入证书

之前项目中用httpclient调用第三方接口,走的是https,之前正常运行。后来测试把测试环境的jdk换成了openjdk,后运行报错 报错信息如下 ``` java.lang.RuntimeException: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty ``` 后来排查发现之前jdk的jre/lib/sercurity目录下有cer证书,而新安装的openjdk目录下没有证书,后来把jdk目录下证书拷贝到openjdk目录下,就好了。 想确认下这个证书的作用是什么。是不是可以认为就好比浏览器访问https需要导入证书。

使用yale cas做sso的问题

这段时间在试用下cas做下身份人证发现了个奇怪的问题,在此提出来下,希望知道的同学给解答一下,感激不尽! 证书我已经生成了,证书的cn是localhost,并且tomcat的ssl已经配置好了,证书也导入到jdk了,我访问客户端,如(http://localhost:8080/myapp/test),第一次由于还没有通过cas的身份认证,所以会重定向到(https://localhost:8443/cas/login?service=http%3A%2F%2Flocalhost%3A8080%2Fmyapp%2Ftest)进行身份认证,我输入正确的用户和密码之后,认证成功,返回的地址是(http://localhost:8080/myapp/test?ticket=ST-1-ydkGooyveb6vnb3TLYnm),到此,貌似是正确的.奇怪的是,当我把http://localhost:8080/myapp/test?ticket=ST-1-ydkGooyveb6vnb3TLYnm这个地址拷贝下来,再打开一个浏览器访问http://localhost:8080/myapp/test?ticket=ST-1-ydkGooyveb6vnb3TLYnm的时候,就报错: [myapp] 21:32:38.937 [http-8080-1] ERROR edu.yale.its.tp.cas.client.CASReceipt - validation of [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/proxyValidate] ticket=[ST-1-ydkGooyveb6vnb3TLYnm] service=[http%3A%2F%2Flocalhost%3A8080%2Fmyapp%2Ftest] errorCode=[INVALID_TICKET] errorMessage=[???????? 'ST-1-ydkGooyveb6vnb3TLYnm'??] renew=false entireResponse=[<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationFailure code='INVALID_TICKET'> ???????? 'ST-1-ydkGooyveb6vnb3TLYnm'?? </cas:authenticationFailure> </cas:serviceResponse> ]]]] was not successful. [myapp] 21:32:38.937 [http-8080-1] ERROR edu.yale.its.tp.cas.client.filter.CASFilter - edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/proxyValidate] ticket=[ST-1-ydkGooyveb6vnb3TLYnm] service=[http%3A%2F%2Flocalhost%3A8080%2Fmyapp%2Ftest] errorCode=[INVALID_TICKET] errorMessage=[???????? 'ST-1-ydkGooyveb6vnb3TLYnm'??] renew=false entireResponse=[<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationFailure code='INVALID_TICKET'> ???????? 'ST-1-ydkGooyveb6vnb3TLYnm'?? </cas:authenticationFailure> </cas:serviceResponse> ]]]] 2009-7-5 21:32:38 org.apache.catalina.core.StandardWrapperValve invoke 严重: Servlet.service() for servlet default threw exception edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/proxyValidate] ticket=[ST-1-ydkGooyveb6vnb3TLYnm] service=[http%3A%2F%2Flocalhost%3A8080%2Fmyapp%2Ftest] errorCode=[INVALID_TICKET] errorMessage=[???????? 'ST-1-ydkGooyveb6vnb3TLYnm'??] renew=false entireResponse=[<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationFailure code='INVALID_TICKET'> ???????? 'ST-1-ydkGooyveb6vnb3TLYnm'?? </cas:authenticationFailure> </cas:serviceResponse> ]]]] at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:62) at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455) at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) 我实在是找不出原因来了,请各位同学帮忙了!

cas与shiro整合,通过trick获取不到用户信息

# 配置说明: 服务端:4.0 tomcat:8 JDK:1.8 协议:由于领导要求,所以关闭了https协议,也没有使用证书(不知道有木有影响) =========================================== 客户端:spring boot + shiro(所以要与cas整合) JDK:1.7 =========================================== 由于一直报错,验证不通过,所以我下载了源码,进入到源码中,还是不理解问题,所以问问大家。希望可以给个思路,谢谢。 首先,在访问客户端时,重定向到了服务端的登录界面 ![图片说明](https://img-ask.csdn.net/upload/201705/11/1494492842_446116.jpg) 输入完用户名和密码后,客户端被casFilter拦截,进入到CasFilter中的onAccessDenied(ServletRequest request, ServletResponse response){return executeLogin(request, response);} 进入到executeLogin(request, response)的实现方法中,进入到AuthenticatingFilter实现的executeLogin方法中,相应代码如下: ``` protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception { AuthenticationToken token = createToken(request, response); if (token == null) { String msg = "createToken method implementation returned null. A valid non-null AuthenticationToken " + "must be created in order to execute a login attempt."; throw new IllegalStateException(msg); } try { Subject subject = getSubject(request, response); subject.login(token); return onLoginSuccess(token, subject, request, response); } catch (AuthenticationException e) { return onLoginFailure(token, e, request, response); } } ``` 往下走,首先创建一个CasToken,只有一个参数trick(ST-1-1ZAXXNbLLKfsbB1h5Glz-cas01.example.org),代码如下: ``` protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception { HttpServletRequest httpRequest = (HttpServletRequest) request; String ticket = httpRequest.getParameter(TICKET_PARAMETER); return new CasToken(ticket); } ``` 下一步,根据token开始执行subject.login(token); 走到这一步,我不知道我的客户端配置有没有问题,继续往下看,在DelegatingSubject中实现的login方法: ``` public void login(AuthenticationToken token) throws AuthenticationException { clearRunAsIdentities(); Subject subject = securityManager.**login(this, token)**; PrincipalCollection principals; String host = null; ``` 继续securityManager.login(this, token);进入到类DefaultSecurityManager实现方法中: ``` public Subject login(Subject subject, AuthenticationToken token) throws AuthenticationException { AuthenticationInfo info; try { info = **authenticate(token)**; } catch (AuthenticationException ae) { try { onFailedLogin(token, ae, subject); } catch (Exception e) { if (log.isInfoEnabled()) { log.info("onFailedLogin method threw an " + "exception. Logging and propagating original AuthenticationException.", e); } } throw ae; //propagate } ``` 继续看:info = authenticate(token); 进入到类AuthenticatingSecurityManager实现的方法中: ``` public AuthenticationInfo authenticate(AuthenticationToken token) throws AuthenticationException { return this.authenticator.**authenticate(token)**; } ``` 继续进入实现方法中,在类AbstractAuthenticator中实现的代码如下: ``` public final AuthenticationInfo authenticate(AuthenticationToken token) throws AuthenticationException { if (token == null) { throw new IllegalArgumentException("Method argumet (authentication token) cannot be null."); } log.trace("Authentication attempt received for token [{}]", token); AuthenticationInfo info; try { info = **doAuthenticate(token)**; if (info == null) { String msg = "No account information found for authentication token [" + token + "] by this " + "Authenticator instance. Please check that it is configured correctly."; throw new AuthenticationException(msg); } } catch (Throwable t) { ``` 继续进入到doAuthenticate(token)的实现类ModularRealmAuthenticator中,代码如下,大家注意看我加粗的地方, realm.supports(token) : ``` protected AuthenticationInfo doSingleRealmAuthentication(Realm realm, AuthenticationToken token) { if (!**realm.supports(token)**) { String msg = "Realm [" + realm + "] does not support authentication token [" + token + "]. Please ensure that the appropriate Realm implementation is " + "configured correctly or that the realm accepts AuthenticationTokens of this type."; throw new UnsupportedTokenException(msg); } AuthenticationInfo info = realm.getAuthenticationInfo(token); if (info == null) { String msg = "Realm [" + realm + "] was unable to find account data for the " + "submitted AuthenticationToken [" + token + "]."; throw new UnknownAccountException(msg); } return info; } ``` 继续进入到 realm.supports(token) ;实现类AuthenticatingRealm,方法如下: ``` public boolean supports(AuthenticationToken token) { return token != null && getAuthenticationTokenClass().isAssignableFrom(token.getClass()); } ``` 问题就出在这里,在上面的supports方法中两个class对比一直不匹配, 由于CasRealmh中: ``` public CasRealm() { setAuthenticationTokenClass(CasToken.class); } ``` 而我们之前在刚进入CasFilter中时根据trick新生成的Token也是CasToken。一下图片是我调试时截取的: ![图片说明](https://img-ask.csdn.net/upload/201705/11/1494494629_171082.jpg) ![图片说明](https://img-ask.csdn.net/upload/201705/11/1494494668_486156.jpg) 根据调试结果显示两个class是一模一样的,可是偏偏返回false, 最后在类ModularRealmAuthenticator的方法中报错: ``` protected AuthenticationInfo doSingleRealmAuthentication(Realm realm, AuthenticationToken token) { if (!realm.supports(token)) { **String msg = "Realm [" + realm + "] does not support authentication token [" + token + "]. Please ensure that the appropriate Realm implementation is " + "configured correctly or that the realm accepts AuthenticationTokens of this type."; throw new UnsupportedTokenException(msg);** } AuthenticationInfo info = realm.getAuthenticationInfo(token); if (info == null) { String msg = "Realm [" + realm + "] was unable to find account data for the " + "submitted AuthenticationToken [" + token + "]."; throw new UnknownAccountException(msg); } return info; } ``` 报错内容: ``` String msg = "Realm [" + realm + "] does not support authentication token [" + token + "]. Please ensure that the appropriate Realm implementation is " + "configured correctly or that the realm accepts AuthenticationTokens of this type."; ``` 这里困了我好久了, 实在是不知道怎么解决了, 希望大家可以帮我看看。

2019 Python开发者日-培训

2019 Python开发者日-培训

150讲轻松搞定Python网络爬虫

150讲轻松搞定Python网络爬虫

设计模式(JAVA语言实现)--20种设计模式附带源码

设计模式(JAVA语言实现)--20种设计模式附带源码

YOLOv3目标检测实战:训练自己的数据集

YOLOv3目标检测实战:训练自己的数据集

java后台+微信小程序 实现完整的点餐系统

java后台+微信小程序 实现完整的点餐系统

三个项目玩转深度学习(附1G源码)

三个项目玩转深度学习(附1G源码)

初级玩转Linux+Ubuntu(嵌入式开发基础课程)

初级玩转Linux+Ubuntu(嵌入式开发基础课程)

2019 AI开发者大会

2019 AI开发者大会

玩转Linux:常用命令实例指南

玩转Linux:常用命令实例指南

一学即懂的计算机视觉(第一季)

一学即懂的计算机视觉(第一季)

4小时玩转微信小程序——基础入门与微信支付实战

4小时玩转微信小程序——基础入门与微信支付实战

Git 实用技巧

Git 实用技巧

Python数据清洗实战入门

Python数据清洗实战入门

使用TensorFlow+keras快速构建图像分类模型

使用TensorFlow+keras快速构建图像分类模型

实用主义学Python(小白也容易上手的Python实用案例)

实用主义学Python(小白也容易上手的Python实用案例)

程序员的算法通关课:知己知彼(第一季)

程序员的算法通关课:知己知彼(第一季)

MySQL数据库从入门到实战应用

MySQL数据库从入门到实战应用

机器学习初学者必会的案例精讲

机器学习初学者必会的案例精讲

手把手实现Java图书管理系统(附源码)

手把手实现Java图书管理系统(附源码)

极简JAVA学习营第四期(报名以后加助教微信:eduxy-1)

极简JAVA学习营第四期(报名以后加助教微信:eduxy-1)

.net core快速开发框架

.net core快速开发框架

玩转Python-Python3基础入门

玩转Python-Python3基础入门

Python数据挖掘简易入门

Python数据挖掘简易入门

微信公众平台开发入门

微信公众平台开发入门

程序员的兼职技能课

程序员的兼职技能课

Windows版YOLOv4目标检测实战:训练自己的数据集

Windows版YOLOv4目标检测实战:训练自己的数据集

HoloLens2开发入门教程

HoloLens2开发入门教程

微信小程序开发实战

微信小程序开发实战

Java8零基础入门视频教程

Java8零基础入门视频教程

Python可以这样学(第一季:Python内功修炼)

Python可以这样学(第一季:Python内功修炼)

C++语言基础视频教程

C++语言基础视频教程

Python可以这样学(第四季:数据分析与科学计算可视化)

Python可以这样学(第四季:数据分析与科学计算可视化)

网络工程师小白入门--【思科CCNA、华为HCNA等网络工程师认证】

网络工程师小白入门--【思科CCNA、华为HCNA等网络工程师认证】

Python数据分析与挖掘

Python数据分析与挖掘

微信小程序开发实战之番茄时钟开发

微信小程序开发实战之番茄时钟开发

软件测试2小时入门

软件测试2小时入门

相关热词 c# 开发接口 c# 中方法上面的限制 c# java 时间戳 c#单元测试入门 c# 数组转化成文本 c#实体类主外键关系设置 c# 子函数 局部 c#窗口位置设置 c# list 查询 c# 事件 执行顺序
立即提问
相关内容推荐