David.Turing's blog
          

          

           
          
			
          
				
					
	
          
		
          
			Yale CAS異常問題總結(jié)(1)Unable to validate ProxyTicketValidator之HTTPS hostname wrong:  should be.....
		
          
		
          
				嚴(yán)重: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator prox
          yList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://192.168.1.111:8443/cas/proxyValidate] ticket=[ST-0-9h7Mx5HK3pfsdxRv
          MD3y] service=[http%3A%2F%2F192.168.1.222%3A8080%2Fservlets-examples%2Fservlet%2FHelloWorldExample] renew=false]]]
          
				
          
				
          這個(gè)CAS異常是從CAS Client里面拋出,是當(dāng)我們不使用證書的CN去訪問域名的時(shí)候(比如下文是用IP訪問而且證書的CN是該IP對(duì)應(yīng)的域名而非該IP),CASClient無法信任,因?yàn)槟阕C書的CN命名寫著abc.com,192.168.1.111這個(gè)IP是無法被CAS Client識(shí)別。
          
		
          
				
				edu.yale.its.tp.cas.client.CASAuthenticationException:?Unable?to?validate?ProxyTicketValidator?[[edu.yale.its.tp.cas.client.ProxyTicketValidator?proxyList
				=
				[
				null
				]?[edu.yale.its.tp.cas.client.ServiceTicketValidator?casValidateUrl
				=
				[https:
				//
				192.168.1.111:8443/cas/proxyValidate]?ticket=[ST-0-9h7Mx5HK3pfsdxRvMD3y]?service=[http%3A%2F%2F192.168.1.222%3A8080%2Fservlets-examples%2Fservlet%2FHelloWorldExample]?renew=false]]]
				
						
          
						
				          
				????at?edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:
				52
				)
          ????at?edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:          
				455
				)
          ????at?edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:          
				378
				)
          ????at?org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:          
				202
				)
          ????at?org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:          
				173
				)
          ????at?filters.ExampleFilter.doFilter(ExampleFilter.java:          
				101
				)
          ????at?org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:          
				202
				)
          ????at?org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:          
				173
				)
          ????at?org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:          
				213
				)
          ????at?org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:          
				178
				)
          ????at?org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:          
				432
				)
          ????at?org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:          
				126
				)
          ????at?org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:          
				105
				)
          ????at?org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:          
				107
				)
          ????at?org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:          
				148
				)
          ????at?org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:          
				869
				)
          ????at?org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:          
				664
				)
          ????at?org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:          
				527
				)
          ????at?org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:          
				80
				)
          ????at?org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:          
				684
				)
          ????at?java.lang.Thread.run(Thread.java:          
				595
				)
          Caused?by:?java.io.IOException:?HTTPS?hostname?wrong:??should?be?          
				<
				192.168
				.
				1.111
				>
				
						
          
						????at?sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:          
				493
				)
          ????at?sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:          
				418
				)
          ????at?sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:          
				170
				)
          ????at?sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:          
				905
				)
          ????at?sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:          
				234
				)
          ????at?edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:          
				84
				)
          ????at?edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:          
				212
				)
          ????at?edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:          
				50
				)
		
          
		
          解決辦法:
          用域名訪問,域名就是證書的CN。
		
          
			posted on 2006-09-05 18:20 david.turing 閱讀(9535) 評(píng)論(4)  編輯  收藏  所屬分類: Security異常問題 
		
          
	
          
	
	


	


          
	    
    


          

          評(píng)論
          
	
	
			
          
				# re: Yale CAS異常問題總結(jié)(1)Unable to validate ProxyTicketValidator之HTTPS hostname wrong:  should be.....[未登錄]
					
						2007-03-23 02:32
					
				lulu
			
          
			
          
				client 怎么得到授權(quán)??

          就keytool -import....到j(luò)vm就行了???

          

          但是我還是報(bào)上面的錯(cuò)誤..  回復(fù)  更多評(píng)論
				  
			
          
		
			
          
				# re: Yale CAS異常問題總結(jié)(1)Unable to validate ProxyTicketValidator之HTTPS hostname wrong:  should be.....[未登錄]
					
						2008-12-25 16:04
					
				1
			
          
			
          
				要是別的機(jī)器訪問你的機(jī)器,用ip訪問,cn我也寫的ip,也還是報(bào)同樣錯(cuò)誤  回復(fù)  更多評(píng)論
				  
			
          
		
			
          
				# re: Yale CAS異常問題總結(jié)(1)Unable to validate ProxyTicketValidator之HTTPS hostname wrong:  should be.....[未登錄]
					
						2011-08-30 18:20
					
				小豬
			
          
			
          
				我的也是啊,用ip生成的cn,也是用ip訪問,還是報(bào)這個(gè)錯(cuò)誤啊  回復(fù)  更多評(píng)論
				  
			
          
		
			
          
				# re: Yale CAS異常問題總結(jié)(1)Unable to validate ProxyTicketValidator之HTTPS hostname wrong:  should be.....[未登錄]
					
						2012-10-24 16:55
					
				cx
			
          
			
          
				edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://cx.com:8443/cas/proxyValidate] ticket=[ST-1-BS35zseNBoCQaZwNWjUu-cas] service=[http%3A%2F%2Fcx.com%3A8080%2Fjsp-examples%2F] renew=false]]]

           使用域名依舊錯(cuò)誤……  回復(fù)  更多評(píng)論
				  
			
          
		

          




          








          

				
			
          
			
          
				
					

          導(dǎo)航
          

					

          統(tǒng)計(jì)
          
	
					
					

          常用鏈接
          


          留言簿(110)
          



          我參與的團(tuán)隊(duì)
          


		
          隨筆分類(126)
          
		
				
			
	
		
          隨筆檔案(155)
          
		
				
			
	
		
          文章分類(9)
          
		
				
			
	
		
          文章檔案(19)
          
		
				
			
	
		
          相冊(cè)
          
		
				
			
	



          搜索
          



          積分與排名
          



          最新隨筆
          

          


          


          最新評(píng)論
	
          

          
	
			
		

          


          閱讀排行榜
          

          
	
			
		

          


          評(píng)論排行榜
          

          
	
			
		

          

				
			
          			
			

	

    







          
        
	




主站蜘蛛池模板:
绥中县|
蓬溪县|
呈贡县|
扬州市|
宾阳县|
响水县|
阳城县|
盐边县|
根河市|
日照市|
甘谷县|
镇平县|
丹凤县|
内丘县|
金湖县|
滨海县|
潜江市|
普安县|
苏州市|
兴安盟|
哈尔滨市|
建德市|
枣强县|
南和县|
景东|
纳雍县|
穆棱市|
辽宁省|
克拉玛依市|
贵州省|
太谷县|
彰化县|
钟祥市|
武威市|
湖南省|
永和县|
新河县|
公主岭市|
安顺市|
九寨沟县|
临汾市|