CAS实战の遇到的问题
1、客户端启动报错,报错信息如下:
严重: Exception starting filter CAS Single Sign Out Filter
java.lang.IllegalArgumentException: casServerUrlPrefix cannot be null.
at org.jasig.cas.client.util.CommonUtils.assertNotNull(CommonUtils.java:80)
at org.jasig.cas.client.session.SingleSignOutHandler.init(SingleSignOutHandler.java:142)
at org.jasig.cas.client.session.SingleSignOutFilter.init(SingleSignOutFilter.java:58)
at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:279)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:260)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:105)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4830)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5510)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1575)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1565)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
再确定web.xml文件casServerUrlPrefix配置无误之后,很可能的原因是cas client core版本不对。
2、如发现cas client配置都没问题后,发现客户端A与客户端B之间的跳转需要再登录,很可能问题存在于ticketGrantingTicketCookieGenerator.xml:
<?xml version="1.0" encoding="UTF-8"?> <!-- Licensed to Jasig under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. Jasig licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at the following location: http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> <description> Defines the cookie that stores the TicketGrantingTicket. You most likely should never modify these (especially the "secure" property). You can change the name if you want to make it harder for people to guess. </description> <bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator" p:cookieSecure="false" p:cookieMaxAge="-1" p:cookieName="CASTGC" p:cookiePath="/cas" /> </beans>
p:cookieSecure默认为true,不妨改为fasle试一试。
3、当在cas server登录成功后,准备往客户端跳转,突然发现浏览器空白,且浏览器输入地址栏出现类似http://localhost:8008/j1-center/?ticket=ST-1-51PDs4kgv5XpOW7Vab91-cas01.example.org路径的时候,很有可能是标红的路径配置错误。
<filter> <filter-name>CASFilter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <filter-class>com.founder.ec.sso.filter.CASFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>http://localhost:8082/cas/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:8008/</param-value> </init-param> </filter> <filter-mapping> <filter-name>CASFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>http://localhost:8082/cas/</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://localhost:8008/</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
4、当客户端页面出现:org.jasig.cas.client.validation.TicketValidationException: No principal was found in the response from the CAS server.页面报500的时候,很有可能出现的原因还是在cas client web.xml中cas server路径配置错误,如问题3。