堆栈内存溢出
  简体   繁体   English

获取Jasig Cas客户端验证错误。 PKIX路径构建失败

[英]Getting Jasig Cas Client Validation Error. PKIX path building failed

 原文  2014-02-20 12:29:29       java/ spring-mvc/ ssl-certificate/ single-sign-on/ cas

问题描述

I have been using jasig Java cas client. 我一直在使用jasig Java cas客户端。 I have setup cas server on my local computer which can be assessed using https://localhost:8443/casserver3421/login 我在本地计算机上设置了cas服务器,可以使用https://localhost:8443/casserver3421/login进行评估

when i run the application, it does go to cas login page but after authentication it returns with https://localhost:8443/casserver3421/login?service=https%3A%2F%2Flocalhost%3A8444%2Fmyapplication%2Fj_spring_cas_security_check and then in browser it gives error as "This webpage has a redirect loop". 当我运行应用程序时,它会转到cas登录页面,但在验证后它返回https://localhost:8443/casserver3421/login?service=https%3A%2F%2Flocalhost%3A8444%2Fmyapplication%2Fj_spring_cas_security_check然后在浏览器中它给出错误,因为“此网页有一个重定向循环”。 And i am getting following error as well javax.net.ssl.SSLHandshakeException 我也得到以下错误以及javax.net.ssl.SSLHandshakeException

But i have .keystore file for both, CAS Server and CAS client. 但我有CAS服务器和CAS客户端的.keystore文件。

Here is stack trace 这是堆栈跟踪 

2014-02-20 17:27:09,664 [ERROR ][http-8444-1] org.jasig.cas.client.validation.Cas20ServiceTicketValidator -      javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:35)
at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:178)
at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:140)
at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:126)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.cas.web.CasAuthenticationFilter.attemptAuthentication(CasAuthenticationFilter.java:242)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:195)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:99)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:662)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)

1 个解决方案

解决方案1
 2  2014-04-11 16:30:12

This is a common issue when your JRE do not trust your certificate. 当您的JRE不信任您的证书时,这是一个常见问题。 From your point, you need to install your SSL certificate to your client JRE truststore. 从您的角度来看,您需要将SSL证书安装到客户端JRE信任库。

Refer to following link . 请参阅以下链接

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Javamail 和 gmail,得到“PKIX 路径构建失败” - Javamail and gmail, getting "PKIX path building failed" PKIX路径构建失败: - PKIX path building failed: 设置以避免PKIX路径构建失败错误 - Setup to avoid PKIX path building failed error 突发错误:ValidatorException: PKIX 路径构建失败 - Sudden error: ValidatorException: PKIX path building failed Java“ sun.security.validator.ValidatorException:PKIX路径构建失败”证书验证错误 - Java “sun.security.validator.ValidatorException: PKIX path building failed” certificate validation error 获取错误:PKIX 路径构建失败:无法找到请求目标的有效认证路径 - Getting error: PKIX path building failed: unable to find valid certification path to requested target Java中的客户端SSL证书:PKIX路径构建失败 - Client SSL Certificates in Java: PKIX path building failed 在Centos 7中PKIX路径构建失败 - PKIX path building failed in Centos 7 WEBLOGIC 上出现“PKIX 路径验证失败:java.security.cert.CertPathValidatorException:时间戳检查失败”错误 - Getting "PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed" error on WEBLOGIC PKIX 路径构建在 Eclipse 中失败 - PKIX path building failed in Eclipse
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM