Fork me on GitHub

cas单点注销失败Error Sending message to url endpoint

  最近在做cas单点登录时,由于是单点登录。必然会涉及到单点注销,然而在做单点注销时由于对cas注销机制不了解加之测试条件所致,所有测试都是在本机下完成(机器性能较低,没用虚拟机);导致折腾了很久。网上说的原因也各式各样,大部分原因集中在:

  1:你的CAS服务器将cookie设置成了浏览器有效,那么表示如果浏览器不关闭,则一直有效。
    在WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml中设置cookie有效期,默认配置cookie有效期为-1

  2:你的应用中注销的filter-mapping没有放在所有mapping之前

  一一尝试过。无论怎么测试都出现了一个诡异的状况;本地测试可以正常退出,服务器端和客户端分离时则单点注销无法正常退出。官网的例子和说明也看了一遍又一遍,无论怎么尝试还是失败。直到操作了一下退出,然后服务器端看了下tomcat的日志,看到了一个WARN、Error日志。

2015-12-10 16:04:05,991 WARN [org.jasig.cas.util.SimpleHttpClient] - <Error Sending message to url endpoint [http://localhost:8080/usercenter//userdetails/add.html]. Error is [http://localhost:8080/usercenter//userdetails/add.html]>

  看到这有种蛋碎了一地的感觉,这是不是服务器端要和客户端通信,而服务端无法正常发送消息给客户端呢?于是

  原单点登录配置

        <!-- ======================== 单点登录开始 ======================== -->
        <!-- 该过滤器用于实现单点登出功能,可选配置。 -->
        <filter>
                <filter-name>CAS Single Sign Out Filter</filter-name>
                <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
        </filter>
        <filter-mapping>
                <filter-name>CAS Single Sign Out Filter</filter-name>
                <url-pattern>/CasClient/*</url-pattern>
        </filter-mapping>
        
        <!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置-->
        <listener>
                <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
        </listener>

        <!-- 该过滤器负责用户的认证工作,必须启用它 -->
        <filter>
                <filter-name>CASFilter</filter-name>
                <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
                <init-param>
                        <param-name>casServerLoginUrl</param-name>
                        <param-value>https://sso.castest.com:8443/cas/login</param-value>
                        <!--这里的server是服务端的IP-->
                </init-param>
                <init-param>
                        <param-name>serverName</param-name>
                        <param-value>http://localhost:8080</param-value>
                </init-param>
        </filter>
        <filter-mapping>
                <filter-name>CASFilter</filter-name>
                <url-pattern>/*</url-pattern>
        </filter-mapping>

        <!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
        <filter>
                <filter-name>CAS Validation Filter</filter-name>
                <filter-class>
                        org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
                <init-param>
                        <param-name>casServerUrlPrefix</param-name>
                        <param-value>https://sso.castest.com:8443/cas/</param-value><!-- 此处必须为登录url/cas/,带有任何其它路径都会报错,如“https://sso.castest.com:8443/cas/login”,这样也会报错。 -->
                </init-param>
                <init-param>
                        <param-name>serverName</param-name>
                        <param-value>http://localhost:8080</param-value>
                </init-param>
        </filter>
        <filter-mapping>
                <filter-name>CAS Validation Filter</filter-name>
                <url-pattern>/*</url-pattern>
        </filter-mapping>

        <!--
                该过滤器负责实现HttpServletRequest请求的包裹,
                比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。
        -->
        <filter>
                <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
                <filter-class>
                        org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
        </filter>
        <filter-mapping>
                <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
                <url-pattern>/*</url-pattern>
        </filter-mapping>

        <!--
                该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。
                比如AssertionHolder.getAssertion().getPrincipal().getName()。
        -->
        <filter>
                <filter-name>CAS Assertion Thread Local Filter</filter-name>
                <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
        </filter>
        <filter-mapping>
                <filter-name>CAS Assertion Thread Local Filter</filter-name>
                <url-pattern>/*</url-pattern>
        </filter-mapping>
        
        <!-- ======================== 单点登录结束 ======================== -->

  修改后单点登录配置

        <!-- ======================== 单点登录开始 ======================== -->
        <!-- 用于单点退出,该过滤器用于实现单点登出功能,可选配置-->
        <listener>
                <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
        </listener>

        <!-- 该过滤器用于实现单点登出功能,可选配置。 -->
        <filter>
                <filter-name>CAS Single Sign Out Filter</filter-name>
                <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
        </filter>
        <filter-mapping>
                <filter-name>CAS Single Sign Out Filter</filter-name>
                <url-pattern>/CasClient/*</url-pattern>
        </filter-mapping>

        <!-- 该过滤器负责用户的认证工作,必须启用它 -->
        <filter>
                <filter-name>CASFilter</filter-name>
                <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
                <init-param>
                        <param-name>casServerLoginUrl</param-name>
                        <param-value>https://sso.castest.com:8443/cas/login</param-value>
                        <!--这里的server是服务端的IP-->
                </init-param>
                <init-param>
                        <param-name>serverName</param-name>
                        <param-value>http://192.168.1.125:8080</param-value>
                </init-param>
        </filter>
        <filter-mapping>
                <filter-name>CASFilter</filter-name>
                <url-pattern>/*</url-pattern>
        </filter-mapping>

        <!-- 该过滤器负责对Ticket的校验工作,必须启用它 -->
        <filter>
                <filter-name>CAS Validation Filter</filter-name>
                <filter-class>
                        org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
                <init-param>
                        <param-name>casServerUrlPrefix</param-name>
                        <param-value>https://sso.castest.com:8443/cas/</param-value><!-- 此处必须为登录url/cas/,带有任何其它路径都会报错,如“https://sso.castest.com:8443/cas/login”,这样也会报错。 -->
                </init-param>
                <init-param>
                        <param-name>serverName</param-name>
                        <param-value>http://192.168.1.125:8080</param-value>
                </init-param>
        </filter>
        <filter-mapping>
                <filter-name>CAS Validation Filter</filter-name>
                <url-pattern>/*</url-pattern>
        </filter-mapping>

        <!--
                该过滤器负责实现HttpServletRequest请求的包裹,
                比如允许开发者通过HttpServletRequest的getRemoteUser()方法获得SSO登录用户的登录名,可选配置。
        -->
        <filter>
                <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
                <filter-class>
                        org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
        </filter>
        <filter-mapping>
                <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
                <url-pattern>/*</url-pattern>
        </filter-mapping>

        <!--
                该过滤器使得开发者可以通过org.jasig.cas.client.util.AssertionHolder来获取用户的登录名。
                比如AssertionHolder.getAssertion().getPrincipal().getName()。
        -->
        <filter>
                <filter-name>CAS Assertion Thread Local Filter</filter-name>
                <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
        </filter>
        <filter-mapping>
                <filter-name>CAS Assertion Thread Local Filter</filter-name>
                <url-pattern>/*</url-pattern>
        </filter-mapping>
        
        <!-- ======================== 单点登录结束 ======================== -->

  改完后,重启tomcat。再次测试,瞬间千万个草泥马呼啸而过。

posted @ 2015-12-10 17:37  秋楓  阅读(2127)  评论(1编辑  收藏  举报