CAS部署异常

经过分析，是因为在配置web.xml的过滤器（Filter）时没用主机完整名字，而是用了localhost。

 

HTTP Status 500 -

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

javax.servlet.ServletException: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/serviceValidate] ticket=[ST-3-IxIfbykiwtcpfoXhF4oq-cas] service=[http%3A%2F%2FPC2010090619oxn%3A8080%2FExt_jsp%2Flogin.htm] renew=false]]]
	edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)

root cause

edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/serviceValidate] ticket=[ST-3-IxIfbykiwtcpfoXhF4oq-cas] service=[http%3A%2F%2FPC2010090619oxn%3A8080%2FExt_jsp%2Flogin.htm] renew=false]]]
	edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
	edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
	edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)

root cause

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found
	com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
	com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
	com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
	com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
	com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
	sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:415)
	sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
	sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:979)
	sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
	edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
	edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
	edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
	edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
	edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)

root cause

java.security.cert.CertificateException: No name matching localhost found
	sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:210)
	sun.security.util.HostnameChecker.match(HostnameChecker.java:77)
	com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:264)
	com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:250)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
	com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
	com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
	sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:415)
	sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
	sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:979)
	sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
	edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
	edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
	edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
	edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
	edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)

note The full stack trace of the root cause is available in the Apache Tomcat/6.0.29 logs.