CAS Java Client on JBOSS
Srikar Kummamuri
skummamuri at agentrics.com
Mon Jan 7 11:43:35 EST 2008
I am trying to integrate and existing JBOSS application with the CAS
client. I changed the we.xml as shown in java cas client instructions
and added the jar file (casclient-2.1.1.jar ) in lib directory of the
web-inf directory.
As expected, upon accessing the app for the first time, user gets
navigated to the CAS server that was installed on a Tomcat. When the CAS
validates the user, and send the request back to JBOSS, exception is
being thrown by CAS as follows.
11:19:41,105 INFO [STDOUT] 2008-01-07 11:19:41 ERROR
tp.cas.client.CASReceipt -
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate
ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator
proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[h
ttps://alx-dev-wrk04.wwre.org:8444/cas-server-webapp-3.1.1/serviceValida
te] ticket=[ST-13-qYbLWTpYMEcATIcSlPAO]
service=[http%3A%2F%2Falx-dev-lap06.wwre.org
%3A8080%2FMGS-Reporting%2Faction%2FreportingHome.do] renew=false]]]
11:19:41,105 INFO [STDOUT] 2008-01-07 11:19:41 ERROR
cas.client.filter.CASFilter -
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to valida
te ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl
=[https://alx-dev-wrk04.wwre.org:8444/cas-server-webapp-3.1.1/serviceVal
idate] ticket=[ST-13-qYbLWTpYMEcATIcSlPAO]
service=[http%3A%2F%2Falx-dev-lap06.wwre.
org%3A8080%2FMGS-Reporting%2Faction%2FreportingHome.do] renew=false]]]
11:19:41,120 INFO [STDOUT] 2008-01-07 11:19:41 ERROR
web].[localhost].[/MGS-Reporting].[action] - Servlet.service() for
servlet action threw exception
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[
null] [edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://alx-dev-wrk04.wwre.org:8444/cas-server-webapp-3.
1.1/serviceValidate] ticket
=[ST-13-qYbLWTpYMEcATIcSlPAO]
service=[http%3A%2F%2Falx-dev-lap06.wwre.org%3A8080%2FMGS-Reporting%2Fac
tion%2FreportingHome.do] renew=false]]]
at
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
at
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilt
er.java:455)
at
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:173)
at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilte
r.java:96)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:173)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv
e.java:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv
e.java:178)
at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAs
sociationValve.java:175)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator
Base.java:432)
at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.j
ava:74)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:126)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:105)
at
org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnecti
onValve.java:156)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1
48)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:86
9)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.proc
essConnection(Http11BaseProtocol.java:664)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint
.java:527)
at
org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorker
Thread.java:112)
at java.lang.Thread.run(Thread.java:595)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCert
PathBuilderException: unable to find valid certification path to
requested target
at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518
)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHa
ndshaker.java:848)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHands
haker.java:106)
at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:4
33)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java
:818)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSo
cketImpl.java:1030)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.
java:1057)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.
java:1041)
at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402
)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Ab
stractDelegateHttpsURLConnection.java:166)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnec
tion.java:934)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsUR
LConnectionImpl.java:234)
at
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
at
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicket
Validator.java:212)
at
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
... 22 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find
valid certification path to requested target
at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:1
45)
at sun.security.validator.Validator.validate(Validator.java:203)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X50
9TrustManagerImpl.java:172)
at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSL
ContextImpl.java:320)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHa
ndshaker.java:841)
... 36 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPat
hBuilder.java:236)
at
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
... 41 more
My web.xml is,
<filter>
<filter-name>CAS Filter</filter-name>
<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
<param-value>https://alx-dev-wrk04.wwre.org:8444/cas-server-webapp-3.1.1
/login</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
<param-value>https://alx-dev-wrk04.wwre.org:8444/cas-server-webapp-3.1.1
/serviceValidate</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
<param-value>alx-dev-lap06.wwre.org:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>/action/*</url-pattern>
</filter-mapping>
Any idea why I am getting the error here?? Is this something to do with
SSL on the JBOSS side??
Thank a lot
Srikar.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080107/8a06303d/attachment.html
More information about the cas
mailing list