cas client3.4.x部署包1.0.0发布

cas client部署包也搞定了,因为弄cas server的时候要cas client配合,所以cas client也就一起弄了,文档比cas server少多了,今天一天就搞定了,下面是部署包的连接:

cas-client-3.4.x-deployment-package:
https://github.com/Strangeen/cas-client-3.4.x-deployment-package

介绍还是引用我写的文档的概述吧:

cas client用于部署在应用中,与cas server交互实现单点登录功能,每个需要实现单点登录的应用均需要部署cas client。出于达到对后期快速开发的目的,我在研究cas server的同时,也基于cas官方提供的client模板JA-SIG Java Client Simple WebApp Sample对cas client进行配置和封装出一套部署包,该套部署包需要与cas server部署包同时使用

下面再说一下cas server配置https,cas client可能报错的问题,报错信息如下:

java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:443)
at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41)
    .
    .
    .
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:969)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:904)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
	at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:429)
	... 23 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
	at sun.security.validator.Validator.validate(Validator.java:260)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460)
	... 36 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
	... 42 more

这是由于https的证书不受信,就算证书是受信机构发布的也可能出现问题,因为jre的受信证书列表没有该证书,需要按如下方法将证书导入jre的受信证书列表:

1. 执行命令将 crt证书 转换为 der证书,windows需要安装openssl(openssl安装方法可以参看:https://www.juwends.com/usages/how_to_generate_csr.html
如果是keytool生成的keystore证书,该步可以省略,直接使用keytool导出证书,按照下方的第2点导入jre即可

openssl x509 -in etc/pki/incommon-root-cert.pem -out tmp/incommon-root-cert.der -outform DER

2. 执行命令将 der证书 导入jre受信证书列表
– windows:

keytool -import -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -file tmp/incommon-root-cert.der -alias incommon

– linux:

keytool -import -keystore $JAVA_HOME%/jre/lib/security/cacerts -file tmp/incommon-root-cert.der -alias incommon

其他详情参见官方文档:SSL Troubleshooting and Reference Guide

本文《cas client3.4.x部署包1.0.0发布》来自 www.juwends.com ,欢迎转载或CV操作,但请注明出处,谢谢!