cas mysql_CAS单点登录之mysql数据库用户验证及常见问题

2023-05-16

前面已经介绍了CAS服务器的搭建，详情见：搭建CAS单点登录服务器。然而前面只是简单地介绍了服务器的搭建，其验证方式是原始的配置文件的方式，这显然不能满足日常的需求。下面介绍下通过mysql数据库认证的方式。

一、CAS认证之mysql数据库认证

1、在mysql中新建一个cas数据库并创建user表

CREATE DATABASE /*!32312 IF NOT EXISTS*/`cas` /*!40100 DEFAULT CHARACTER SET gbk*/;USE`cas`;/*Table structure for table `user`*/

DROP TABLE IF EXISTS `user`;CREATE TABLE `user` (

`id`int(11) NOT NULLAUTO_INCREMENT,

`name`varchar(255) NOT NULL,

`password`varchar(255) NOT NULL,

`used`tinyint(2) NOT NULL,PRIMARY KEY(`id`)

) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=gbk;/*Data for the table `user`*/

insert into `user`(`id`,`name`,`password`,`used`) values (1,'casuser','9414f9301cdb492b4dcd83f8c711d8bb',1);

2、CAS的HTTP模式与HTTPS设置(可省略)

1)cas\WEB-INF\deployerConfigContext.xml，新增p:requireSecure="false"2)cas\WEB-INF\spring-configuration

ticketGrantingTicketCookieGenerator.xml设置p:cookieSecure="false"

warnCookieGenerator.xml设置p:cookieSecure="false"

http://localhost:8080/cas/login，进入登录页面。

默认用户为casuser/Mellon，登录成功即配置完成。

3、设置利用数据库来验证用户

依赖包：

c3p0-0.9.1.2.jar

mysql-connector-java-5.1.21.jar

cas-server-support-jdbc-4.0.0.jar

cas\WEB-INF\deployerConfigContext.xml

1)更换验证方式

class="com.mchange.v2.c3p0.ComboPooledDataSource"

p:driverClass="com.mysql.jdbc.Driver"

p:jdbcUrl="jdbc:mysql://127.0.0.1:3306/cas?useUnicode=true&characterEncoding=UTF-8&zeroDateTimeBehavior=convertToNull"

p:user="root"

p:password="root" />

class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder"

c:encodingAlgorithm="MD5"

p:characterEncoding="UTF-8" />

class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"

p:dataSource-ref="dataSource"

p:sql="select password from user where name=? and used=1"

p:passwordEncoder-ref="passwordEncoder"/>

2)更换验证Handle

http://localhost:8080/cas，进入登录页面。如果没有配置http登录，则需要通过http://localhost:8443/cas进行访问

默认用户为casuser/Mellon，登录成功即配置完成。

二、常见异常

1、证书路径不正确，由于证书未正常导入到jre\lib\security下，因此会出现以下异常。

十一月 09, 2015 4:00:31下午 org.jasig.cas.client.util.CommonUtils getResponseFromServer

严重: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1506)

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)

at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)

at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)

at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)

at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512)

at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)

at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)

at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:311)

at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:291)

at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:32)

at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:187)

at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:164)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:65)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)

at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)

at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)

at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2522)

at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2511)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:745)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)

at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)

at sun.security.validator.Validator.validate(Validator.java:260)

at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1488)

...41more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)

at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)

...47 more

2、客户端中web.xml的casServerUrlPrefix配置错误

java.lang.RuntimeException: java.io.FileNotFoundException: https://localhost:8443/serviceValidate?ticket=ST-1-1HUXO9iETnaNI2jbuvqK-cas01.example.org&service=http%3A%2F%2Flocalhost%3A8080%2FCasClient%2FIndex.jsp

org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:328)

org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:291)

org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:32)

org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:187)

org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:164)

org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102)

root cause

java.io.FileNotFoundException: https://localhost:8443/serviceValidate?ticket=ST-1-1HUXO9iETnaNI2jbuvqK-cas01.example.org&service=http%3A%2F%2Flocalhost%3A8080%2FCasClient%2FIndex.jsp

sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1835)

sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)

sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)

org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:311)

org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:291)

org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:32)

org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:187)

org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:164)

org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102)

正确的应为：

3、缺少数据库连接包

缺少cas-server-support-jdbc-4.0.0.jar、mysql-connector-java-5.1.21.jar、c3p0-0.9.1.2.jar包(在cas-server-4.0.0-release.zip下的modules目录可以找到)

2015-11-10 09:26:24,484 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] -

2015-11-10 09:26:24,812 ERROR [org.springframework.web.context.ContextLoader] - org.springframework.beans.factory.BeanCreationException: Error creating bean with name'centralAuthenticationService' defined in ServletContext resource [/WEB-INF/spring-configuration/applicationContext.xml]: Cannot resolve reference to bean 'authenticationManager' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationManager' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean 'dbAuthHandler' while setting constructor argument; nested exception is org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler] for bean with name 'dbAuthHandler' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]; nested exception is java.lang.ClassNotFoundException: org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler

at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:326)

at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:107)

at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:623)

at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)

at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1075)

at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:979)

at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:487)

at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)

at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:296)

at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)

at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:293)

at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)

at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:628)

at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:932)

at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:479)

at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:389)

at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:294)

at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:112)

at org.jasig.cas.web.init.SafeContextLoaderListener.contextInitialized(SafeContextLoaderListener.java:75)

at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5003)

at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5517)

at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)

at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)

at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)

at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)

at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1095)

at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1960)

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

at java.util.concurrent.FutureTask.run(FutureTask.java:266)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

at java.lang.Thread.run(Thread.java:745)

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name'authenticationManager' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean 'dbAuthHandler' while setting constructor argument; nested exception is org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler] for bean with name 'dbAuthHandler' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]; nested exception is java.lang.ClassNotFoundException: org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler

at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:326)

at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:107)

at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedMap(BeanDefinitionValueResolver.java:375)

at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:162)

at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:637)