我正在使用 Alfresco 4.2.f、CAS-server 4.0.0 和 CAS-client(添加到 share/web-inf/lib 中)。
CAS-server 4.0.0 安装在 server_tomcat 上(端口 8081 和 8444(https 协议(protocol)))。 共享安装在alfresco_tomcat上(端口8080和8443(https协议(protocol))<---标准配置(server.xml):
<Connector port="8080" URIEncoding="UTF-8" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" maxHttpHeaderSize="32768" />
<Connector port="8009" URIEncoding="UTF-8" protocol="AJP/1.3" redirectPort="8443" />
<Connector port="8443" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" keystoreFile="/Applications/alfresco-4.2.f/alf_data/keystore/ssl.keystore" keystorePass="kT9X6oe68t" keystoreType="JCEKS"
secure="true" connectionTimeout="240000" truststoreFile="/Applications/alfresco-4.2.f/alf_data/keystore/ssl.truststore" truststorePass="kT9X6oe68t" truststoreType="JCEKS"
clientAuth="want" sslProtocol="TLS" allowUnsafeLegacyRenegotiation="true" maxHttpHeaderSize="32768" />
)
我在share/WEB-INF/web.xml中评论后:
<!--
<filter>
<description>MT authentication support - NOTE: does not support portlets</description>
<filter-name>MTAuthentationFilter</filter-name>
<filter-class>org.alfresco.web.site.servlet.MTAuthenticationFilter</filter-class>
</filter>
-->
<!--
<filter>
<description>Share SSO authentication support filter.</description>
<filter-name>Authentication Filter</filter-name>
<filter-class>org.alfresco.web.site.servlet.SSOAuthenticationFilter</filter-class>
<init-param>
<param-name>endpoint</param-name>
<param-value>alfresco</param-value>
</init-param>
</filter>
-->
并添加:
org.jasig.cas.client.session.SingleSignOutHttpSessionListener
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://localhost:8444/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://localhost:8444/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
下一步是创建 key 对(ssl): 在终端中,我输入:
1)生成 keystore keytool -genkey -alias sso -keyalg RSA -keysize 1024 -keypass cangeit -valididty 3650 -keystore/path/to/keystore/sso.keystore -storepass changeit
(在这一点上,我应该输入:名字和姓氏:localhost(这是我的主机名)) 2)创建证书 keytool -export -alias ssl -keystore/path/to/keystore/sso.keystore -file/path/to/keystore/sso.crt -storepass changeit
3)添加证书到trustore keytool -import -keystore %JAVA_HOME%/jre/lib/security/cacerts -file/path/to/keystore/sso.crt -alias sso
我在 $tomcat_server$/conf/server.xml 添加后:
<Connector port="8444" URIEncoding="UTF-8" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="/path/to/keystore/sso.keystore"
keystorePass="changeit" keyAlias="sso"/>
然后,我启动了tomcat_server,alfresco_tomcat。
我传递链接:localhost:8080/share(http) 由于 ($alfresco_tomcat/webapps/share/WEB-INF/web.xml) share 将我重定向到 localhost:8444/cas(https),在那里我看到了登录页面。 我输入:用户名:casuser,密码:Mellon <-- 这是标准登录名/密码。
之后我回来重定向到http://localhost:8080/share/ ...,其中验证 key ,但在这一点上我有错误(在浏览器中是 500 错误) 在 $alfresco_tomcat/logs/localhost.log 中:
严重:Servlet.service() for servlet [jsp] 在路径 [/share] 上下文中抛出异常 java.lang.RuntimeException:javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径
在谷歌搜索后,我得到信息,Share 无法验证我的证书(我添加的)。
请帮我解决这个问题...
最佳答案
哦..这对我来说很简单也很愚蠢
我的问题是 cas_tomcat 与 JVM_1 绑定(bind),而 alfresco_tomcat 与 JVM_2 绑定(bind)...
现在,我将 cas_tomcat、alfresco_tomcat 与通用 JVM 绑定(bind)。 keystore 验证成功
关于java - Alfresco+cas 不工作验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28933796/