Alfresco+acs 不工作验证
Alfrsco+cas is not working validate
我正在使用 Alfresco 4.2.f、CAS-server 4.0.0 和 CAS-client(在 share/web-inf/lib 中添加)。
CAS 服务器 4.0.0 安装在 server_tomcat(端口 8081 和 8444(https 协议))。
共享安装在 alfresco_tomcat(端口 8080 和 8443(https 协议)<--- 标准配置 (server.xml):
<Connector port="8080" URIEncoding="UTF-8" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" maxHttpHeaderSize="32768" />
<Connector port="8009" URIEncoding="UTF-8" protocol="AJP/1.3" redirectPort="8443" />
<Connector port="8443" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" keystoreFile="/Applications/alfresco-4.2.f/alf_data/keystore/ssl.keystore" keystorePass="kT9X6oe68t" keystoreType="JCEKS"
secure="true" connectionTimeout="240000" truststoreFile="/Applications/alfresco-4.2.f/alf_data/keystore/ssl.truststore" truststorePass="kT9X6oe68t" truststoreType="JCEKS"
clientAuth="want" sslProtocol="TLS" allowUnsafeLegacyRenegotiation="true" maxHttpHeaderSize="32768" />
)
我在share/WEB-INF/web评论后。xml:
<!--
<filter>
<description>MT authentication support - NOTE: does not support portlets</description>
<filter-name>MTAuthentationFilter</filter-name>
<filter-class>org.alfresco.web.site.servlet.MTAuthenticationFilter</filter-class>
</filter>
-->
<!--
<filter>
<description>Share SSO authentication support filter.</description>
<filter-name>Authentication Filter</filter-name>
<filter-class>org.alfresco.web.site.servlet.SSOAuthenticationFilter</filter-class>
<init-param>
<param-name>endpoint</param-name>
<param-value>alfresco</param-value>
</init-param>
</filter>
-->
并添加:
org.jasig.cas.client.session.SingleSignOutHttpSessionListener
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://localhost:8444/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://localhost:8444/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
下一步创建密钥对(ssl):
在终端中,我输入:
1)生成密钥库
keytool -genkey -alias sso -keyalg RSA -keysize 1024 -keypass cangeit -valididty 3650 -keystore /path/to/keystore/sso.keystore -storepass changeit
(在这一点上,我应该输入:名字和姓氏:localhost(这是我的主机名))
2)创建证书
keytool -export -alias ssl -keystore /path/to/keystore/sso.keystore -file /path/to/keystore/sso.crt -storepass changeit
3) 将证书添加到 trustore
keytool -import -keystore %JAVA_HOME%/jre/lib/security/cacerts -file /path/to/keystore/sso.crt -alias sso
在我添加$tomcat_server$/conf/server.xml后:
<Connector port="8444" URIEncoding="UTF-8" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="/path/to/keystore/sso.keystore"
keystorePass="changeit" keyAlias="sso"/>
然后,我开始tomcat_server,alfresco_tomcat。
我通过 link: localhost:8080/share(http)
由于 ($alfresco_tomcat/webapps/share/WEB-INF/web.xml) share 将我重定向到 localhost:8444/cas(https),在那里我看到了登录页面。
我输入:用户名:casuser,密码:Mellon <-- 这是标准的 login/password。
之后我返回重定向到 http://localhost:8080/share/... ,那里是验证密钥,但在这一点上我有错误(在浏览器中是 500 错误)
在 $alfresco_tomcat/logs/localhost.log:
SEVERE:Servlet.service() for servlet [jsp] 在路径 [/share] 的上下文中抛出异常
java.lang.RuntimeException:javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径
用谷歌搜索后,我得到信息,Share 无法验证我的证书(我添加的)。
请帮我解决问题...
哦..这对我来说很简单也很愚蠢
我的问题是 cas_tomcat 与 JVM_1 绑定,alfresco_tomcat 与 JVM_2 绑定...
现在,我将 cas_tomcat、alfresco_tomcat 与通用 JVM 绑定。
密钥库验证成功
我正在使用 Alfresco 4.2.f、CAS-server 4.0.0 和 CAS-client(在 share/web-inf/lib 中添加)。
CAS 服务器 4.0.0 安装在 server_tomcat(端口 8081 和 8444(https 协议))。 共享安装在 alfresco_tomcat(端口 8080 和 8443(https 协议)<--- 标准配置 (server.xml):
<Connector port="8080" URIEncoding="UTF-8" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" maxHttpHeaderSize="32768" />
<Connector port="8009" URIEncoding="UTF-8" protocol="AJP/1.3" redirectPort="8443" />
<Connector port="8443" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" keystoreFile="/Applications/alfresco-4.2.f/alf_data/keystore/ssl.keystore" keystorePass="kT9X6oe68t" keystoreType="JCEKS"
secure="true" connectionTimeout="240000" truststoreFile="/Applications/alfresco-4.2.f/alf_data/keystore/ssl.truststore" truststorePass="kT9X6oe68t" truststoreType="JCEKS"
clientAuth="want" sslProtocol="TLS" allowUnsafeLegacyRenegotiation="true" maxHttpHeaderSize="32768" />
)
我在share/WEB-INF/web评论后。xml:
<!--
<filter>
<description>MT authentication support - NOTE: does not support portlets</description>
<filter-name>MTAuthentationFilter</filter-name>
<filter-class>org.alfresco.web.site.servlet.MTAuthenticationFilter</filter-class>
</filter>
-->
<!--
<filter>
<description>Share SSO authentication support filter.</description>
<filter-name>Authentication Filter</filter-name>
<filter-class>org.alfresco.web.site.servlet.SSOAuthenticationFilter</filter-class>
<init-param>
<param-name>endpoint</param-name>
<param-value>alfresco</param-value>
</init-param>
</filter>
-->
并添加:
org.jasig.cas.client.session.SingleSignOutHttpSessionListener
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://localhost:8444/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://localhost:8444/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
下一步创建密钥对(ssl): 在终端中,我输入:
1)生成密钥库 keytool -genkey -alias sso -keyalg RSA -keysize 1024 -keypass cangeit -valididty 3650 -keystore /path/to/keystore/sso.keystore -storepass changeit
(在这一点上,我应该输入:名字和姓氏:localhost(这是我的主机名)) 2)创建证书 keytool -export -alias ssl -keystore /path/to/keystore/sso.keystore -file /path/to/keystore/sso.crt -storepass changeit
3) 将证书添加到 trustore keytool -import -keystore %JAVA_HOME%/jre/lib/security/cacerts -file /path/to/keystore/sso.crt -alias sso
在我添加$tomcat_server$/conf/server.xml后:
<Connector port="8444" URIEncoding="UTF-8" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="/path/to/keystore/sso.keystore"
keystorePass="changeit" keyAlias="sso"/>
然后,我开始tomcat_server,alfresco_tomcat。
我通过 link: localhost:8080/share(http) 由于 ($alfresco_tomcat/webapps/share/WEB-INF/web.xml) share 将我重定向到 localhost:8444/cas(https),在那里我看到了登录页面。 我输入:用户名:casuser,密码:Mellon <-- 这是标准的 login/password。
之后我返回重定向到 http://localhost:8080/share/... ,那里是验证密钥,但在这一点上我有错误(在浏览器中是 500 错误) 在 $alfresco_tomcat/logs/localhost.log:
SEVERE:Servlet.service() for servlet [jsp] 在路径 [/share] 的上下文中抛出异常 java.lang.RuntimeException:javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径
用谷歌搜索后,我得到信息,Share 无法验证我的证书(我添加的)。
请帮我解决问题...
哦..这对我来说很简单也很愚蠢
我的问题是 cas_tomcat 与 JVM_1 绑定,alfresco_tomcat 与 JVM_2 绑定...
现在,我将 cas_tomcat、alfresco_tomcat 与通用 JVM 绑定。 密钥库验证成功