CAS with acegi client

Scott Battaglia scott.battaglia at gmail.com
Thu May 8 10:06:16 EDT 2008 

Your certificate is not installed correctly in the JVM's cacerts file:

12:09:34,858 DEBUG [CasProcessingFilter] Authentication request
failed: org.acegisecurity.AuthenticationServiceException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target



On Thu, May 8, 2008 at 6:45 AM, ::SammyRulez:: <sammyrulez at gmail.com> wrote:

> Hi folks
>
> I need to cassify spring app using acegi 1.0.6.
>
> I think I had setted up all right in application xml as follows
>
> ?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
> "http://www.springframework.org/dtd/spring-beans.dtd">
> <beans default-autowire="byName" >
>
>        <bean id="filterChainProxy"
> class="org.acegisecurity.util.FilterChainProxy" lazy-init="false">
>                <property name="filterInvocationDefinitionSource">
>                        <value>
>                                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
>                                PATTERN_TYPE_APACHE_ANT
>
>  /**=httpSessionContextIntegrationFilter,logoutFilter,casProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor
>                        </value>
>                </property>
>        </bean>
>
>        <bean id="serviceProperties"
> class="org.acegisecurity.ui.cas.ServiceProperties">
>  <property name="service"><value>
> https://sreghenzixp:8443/LIT-Profile_Web/j_acegi_cas_security_check
> </value></property>
>  <property name="sendRenew"><value>false</value></property>
> </bean>
> <bean id="casProcessingFilter"
> class="org.acegisecurity.ui.cas.CasProcessingFilter">
>  <property name="authenticationManager"><ref
> bean="authenticationManager"/></property>
>  <property
> name="authenticationFailureUrl"><value>/acegijsp/accessDenied.jsp</value></property>
>  <property name="defaultTargetUrl"><value>/</value></property>
>  <property
> name="filterProcessesUrl"><value>/j_acegi_cas_security_check</value></property>
> </bean>
>
> <bean id="casProcessingFilterEntryPoint"
> class="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint">
>  <property name="loginUrl"><value>https://sreghenzixp:8443/CAS/login
> </value></property>
>  <property name="serviceProperties"><ref
> bean="serviceProperties"/></property>
> </bean>
>
>        <bean id="httpSessionContextIntegrationFilter"
> class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
>
>        <bean id="logoutFilter"
> class="org.acegisecurity.ui.logout.LogoutFilter">
>                <constructor-arg value="/home.htm"/> <!-- URL redirected to
> after logout -->
>                <constructor-arg>
>                        <list>
>
>                                <bean
> class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
>                        </list>
>                </constructor-arg>
>        </bean>
>
>
>
>        <bean id="securityContextHolderAwareRequestFilter"
>
> class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
> <bean id="exceptionTranslationFilter"
> class="org.acegisecurity.ui.ExceptionTranslationFilter">
>  <property name="authenticationEntryPoint"><ref
> local="casProcessingFilterEntryPoint"/></property>
> </bean>
>
>        <bean id="filterInvocationInterceptor"
> class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
>                <property name="authenticationManager"
> ref="authenticationManager"/>
>                <property name="accessDecisionManager">
>                        <bean
> class="org.acegisecurity.vote.AffirmativeBased">
>                                <property name="allowIfAllAbstainDecisions"
> value="false"/>
>                                <property name="decisionVoters">
>                                        <list>
>                                                <bean
> class="org.acegisecurity.vote.RoleVoter"/>
>                                                <bean
> class="org.acegisecurity.vote.AuthenticatedVoter"/>
>                                        </list>
>                                </property>
>                        </bean>
>                </property>
>                <property name="objectDefinitionSource">
>                        <value>
>                                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
>                                PATTERN_TYPE_APACHE_ANT
>                                /**=IS_AUTHENTICATED_ANONYMOUSLY
>                        </value>
>                </property>
>        </bean>
> <!--
>        <bean id="rememberMeServices"
> class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
>                <property name="userDetailsService"
> ref="userDetailsService"/>
>                <property name="key" value="changeThis"/>
>        </bean>
>  -->
>        <bean id="authenticationManager"
> class="org.acegisecurity.providers.ProviderManager">
>  <property name="providers">
>    <list>
>      <ref bean="casAuthenticationProvider"/>
>    </list>
>  </property>
> </bean>
>
> <bean id="casAuthenticationProvider"
> class="org.acegisecurity.providers.cas.CasAuthenticationProvider">
>  <property name="casAuthoritiesPopulator"><ref
> bean="casAuthoritiesPopulator"/></property>
>  <property name="casProxyDecider"><ref bean="casProxyDecider"/></property>
>  <property name="ticketValidator"><ref
> bean="casProxyTicketValidator"/></property>
>  <property name="statelessTicketCache"><ref
> bean="statelessTicketCache"/></property>
>  <property
> name="key"><value>my_password_for_this_auth_provider_only</value></property>
> </bean>
>
> <bean id="casProxyTicketValidator"
>
> class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator">
>  <property name="casValidate"><value>
> https://sreghenzixp:8443/CAS/proxyValidate</value></property>
>  <property name="proxyCallbackUrl"><value>
> https://sreghenzixp:8443/LIT-Profile_Web/casProxy/receptor
> </value></property>
>  <property name="serviceProperties"><ref
> bean="serviceProperties"/></property>
>  <!-- <property
>
> name="trustStore"><value>/some/path/to/your/lib/security/cacerts</value></property>
> -->
> </bean>
>
> <bean id="cacheManager"
> class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
>  <property name="configLocation">
>    <value>classpath:/ehcache-failsafe.xml</value>
>  </property>
> </bean>
>
> <bean id="ticketCacheBackend"
> class="org.springframework.cache.ehcache.EhCacheFactoryBean">
>  <property name="cacheManager">
>    <ref local="cacheManager"/>
>  </property>
>  <property name="cacheName">
>    <value>ticketCache</value>
>  </property>
> </bean>
>
> <bean id="statelessTicketCache"
> class="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache">
>  <property name="cache"><ref local="ticketCacheBackend"/></property>
> </bean>
>
> <bean id="casAuthoritiesPopulator"
>
> class="org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator">
>  <property name="userDetailsService"><ref
> bean="userDetailsService"/></property>
> </bean>
>
> <bean id="casProxyDecider"
> class="org.acegisecurity.providers.cas.proxy.RejectProxyTickets"/>
>
>        <bean id="userDetailsService"
> class="it.trend.lit.acegisecurity.UserDetailsService">
>
>        </bean>
>
>
> </beans>
>
> cert is installe right in my jboss 4.0.5, calling the webapp with the
> right hostname I'm redirected to cas login, it execute authentication
> right, but then I' redirected I fall on the "cassfailed page" with
> this log in the consolle
>
>
>
>
> 12:09:34,858 DEBUG [ProviderManager] Authentication attempt using
> org.acegisecurity.providers.cas.CasAuthenticationProvider
> 12:09:34,858 DEBUG [XmlWebApplicationContext] Publishing event in
> context
> [org.springframework.web.context.support.XmlWebApplicationContext at 1ef3d12
> ]:
>
> org.acegisecurity.event.authentication.AuthenticationFailureServiceExceptionEvent[source=org.acegisecurity.providers.UsernamePasswordAuthenticationToken at f9b29b47
> :
> Username: _cas_stateful_; Password: [PROTECTED]; Authenticated: false;
> Details: org.acegisecurity.ui.WebAuthenticationDetails at 1c07a:
> RemoteIpAddress: 10.1.225.123; SessionId:
> 534E2A0064A4F867EA0570B381A4F709; Not granted any authorities]
> 12:09:34,858 DEBUG [CasProcessingFilter] Updated SecurityContextHolder
> to contain null Authentication
> 12:09:34,858 DEBUG [CasProcessingFilter] Authentication request
> failed: org.acegisecurity.AuthenticationServiceException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
> 12:09:34,858 DEBUG [HttpSessionContextIntegrationFilter]
> SecurityContextHolder set to new context, as request processing
> completed
> 12:09:34,873 INFO  [ResourceBundleThemeSource] Theme created: name
> 'theme', basename [theme]
> 12:14:40,879 DEBUG [other] CallbackHandler:
> org.jboss.security.auth.callback.SecurityAssociationHandler at dce479
> 12:14:40,879 DEBUG [JaasSecurityManagerService] Created
> securityMgr=org.jboss.security.plugins.JaasSecurityManager at 1c2cbee
> 12:14:40,879 DEBUG [other] CachePolicy set to:
> org.jboss.util.TimedCachePolicy at 1da89a0
>
> casProxyTicketValidator is configured and active... I think I'm
> missing something...
>
>
> --
> ::SammyRulez::
> http://www.kyub.com/
> pownce & twitter: sammyrulez
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>



-- 
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080508/d7b82a62/attachment.html

More information about the cas mailing list