jboss版本: jboss-eap-6.4-CVE-2015-7501
jdk版本: 1.7.0_79
cas版本: cas 4.1.3
参考来源:
Nabble: exception.message=Error+decoding+flow+execution
Nabble: Caused by: java.lang.ClassNotFoundException: org.slf4j.impl.Slf4jLogger from [Module "deployment.cas.war:main" from Service Module Loader]
JBoss7.1.1版本和CAS3的集成(未完)
CAS 4.1.1 - JDBC authentication, failed to deploy
Securing JBoss EAP 6 - Implementing SSL
JBoss eap 6.4 mutual (two way) ssl configuration
Tomcat (1) —— Mac下配置Tomcat Https/SSL
在CAS部署到jboss后台启动时会出现下面错误1,如果忽略此问题,在登录成功并且尝试重定会应用的页面时,会在重定向url后面加上&exception.message=Error+decoding+flow+execution字样,下面所描述的错误2。
15:28:30,587 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/cas].[cas]] (http-/0.0.0.0:8443-3) JBWEB000236:
Servlet.service() for servlet cas threw exception: java.lang.ClassNotFoundException:
org.slf4j.impl.Slf4jLogger from [Module "deployment.cas.war:main" from Service Module Loader]
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:213) [jboss-modules.jar:1.3.6.Final-redhat-1]
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:459) [jboss-modules.jar:1.3.6.Final-redhat-1]
at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:408) [jboss-modules.jar:1.3.6.Final-redhat-1]
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:389) [jboss-modules.jar:1.3.6.Final-redhat-1]
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:134) [jboss-modules.jar:1.3.6.Final-redhat-1]
at java.lang.Class.forName0(Native Method) [rt.jar:1.7.0_79]
at java.lang.Class.forName(Class.java:274) [rt.jar:1.7.0_79]
at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:625) [rt.jar:1.7.0_79]
at org.hibernate.internal.util.SerializationHelper$CustomObjectInputStream.resolveClass(SerializationHelper.java:369) [hibernate-core-4.3.10.Final.jar:4.3.10.Final]
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1612) [rt.jar:1.7.0_79]
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1517) [rt.jar:1.7.0_79]
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1771) [rt.jar:1.7.0_79]
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1350) [rt.jar:1.7.0_79]
https://proxy.sso.hoau.com/cas/login?service=https%3A%2F%2Fapp1.hoau.com%3A8413%2Fcas1&exception.message=Error+decoding+flow+execution
在应用中去掉jboss容器自带的slf4j的依赖
新建文件"jboss-deployment-structure.xml"
<jboss-deployment-structure>
<deployment>
<exclusions>
<module name="org.slf4j" />
<module name="org.slf4j.impl" />
<module name="org.slf4j.jcl-over-slf4j" />
<module name="org.slf4j.ext" />
</exclusions>
</deployment>
</jboss-deployment-structure>
依照以上方法就可以解决本文主要关注的两个问题,但是这种方案会使我们引入一个新的问题。在jboss启动的时候服务器仍然会报slf4j的错误SLF4J: Class path contains multiple SLF4J bindings.
14:09:52,144 ERROR [stderr] (ServerService Thread Pool -- 158)
SLF4J: Class path contains multiple SLF4J bindings.
14:09:52,145 ERROR [stderr] (ServerService Thread Pool -- 158)
SLF4J: Found binding in [vfs:/content/cas.war/WEB-INF/lib/cas-server-core-4.1.3.jar/org/slf4j/impl/StaticLoggerBinder.class]
14:09:52,145 ERROR [stderr] (ServerService Thread Pool -- 158)
SLF4J: Found binding in [vfs:/content/cas.war/WEB-INF/lib/log4j-slf4j-impl-2.3.jar/org/slf4j/impl/StaticLoggerBinder.class]
14:09:52,145 ERROR [stderr] (ServerService Thread Pool -- 158)
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
14:09:52,221 ERROR [stderr] (ServerService Thread Pool -- 158)
SLF4J: ILoggerFactory to be used for logging is: org.apache.logging.slf4j.Log4jLoggerFactory
14:09:52,221 ERROR [stderr] (ServerService Thread Pool -- 158)
SLF4J: Actual binding is of type [org.slf4j.impl.CasLoggerFactory]
14:09:52,221 ERROR [stderr] (ServerService Thread Pool -- 158)
SLF4J: The following set of substitute loggers may have been accessed
14:09:52,221 ERROR [stderr] (ServerService Thread Pool -- 158)
SLF4J: during the initialization phase. Logging calls during this
14:09:52,221 ERROR [stderr] (ServerService Thread Pool -- 158)
SLF4J: phase were not honored. However, subsequent logging calls to these
14:09:52,221 ERROR [stderr] (ServerService Thread Pool -- 158)
SLF4J: loggers will work as normally expected.
14:09:52,222 ERROR [stderr] (ServerService Thread Pool -- 158)
SLF4J: See also http://www.slf4j.org/codes.html#substituteLogger
14:09:52,627 ERROR [stderr] (ServerService Thread Pool -- 158)
SLF4J: org.reflections.Reflections
首先我们在 的根目录下,从命令行运行,查看依赖树
/cas-server-webapp$mvn dependency:tree
输出结果:
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building Apereo CAS Web Application 4.1.3
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ cas-server-webapp ---
[INFO] org.jasig.cas:cas-server-webapp:war:4.1.3
[INFO] +- org.jasig.cas:cas-server-webapp-support:jar:4.1.3:compile
[INFO] | +- org.jasig.inspektr:inspektr-support-spring:jar:1.3.GA:runtime
[INFO] | | +- org.jasig.inspektr:inspektr-audit:jar:1.3.GA:compile
[INFO] | | +- org.jasig.inspektr:inspektr-error:jar:1.3.GA:runtime
[INFO] | | +- org.jasig.inspektr:inspektr-common:jar:1.3.GA:compile
[INFO] | | +- org.springframework:spring-web:jar:4.1.8.RELEASE:compile
[INFO] | | +- org.springframework:spring-webmvc:jar:4.1.8.RELEASE:compile
[INFO] | | \- org.springframework:spring-tx:jar:4.1.8.RELEASE:compile
[INFO] | +- org.springframework.security:spring-security-core:jar:4.0.1.RELEASE:compile
[INFO] | | +- aopalliance:aopalliance:jar:1.0:compile
[INFO] | | \- org.springframework:spring-context:jar:4.1.8.RELEASE:compile
[INFO] | +- org.springframework.security:spring-security-web:jar:4.0.1.RELEASE:compile
[INFO] | +- org.springframework.security:spring-security-config:jar:4.0.1.RELEASE:runtime
[INFO] | +- org.springframework:spring-aop:jar:4.1.8.RELEASE:compile
[INFO] | +- org.jasig.cas:cas-server-core:jar:4.1.3:compile
[INFO] | | +- org.jasig.cas:cas-server-core-api:jar:4.1.3:compile
[INFO] | | +- org.jasig.service.persondir:person-directory-impl:jar:1.7.0:compile
[INFO] | | | +- org.ldaptive:ldaptive:jar:1.0.7:compile
[INFO] | | | +- com.sun.xml.bind:jaxb-impl:jar:2.2.7:compile
[INFO] | | | | +- com.sun.xml.bind:jaxb-core:jar:2.2.7:compile
[INFO] | | | | | +- javax.xml.bind:jaxb-api:jar:2.2.7:compile
[INFO] | | | | | \- com.sun.istack:istack-commons-runtime:jar:2.16:compile
[INFO] | | | | \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.12:compile
[INFO] | | | | \- javax.xml.bind:jsr173_api:jar:1.0:compile
[INFO] | | | \- org.jasig.service.persondir:person-directory-api:jar:1.7.0:compile
[INFO] | | +- commons-codec:commons-codec:jar:1.10:compile
[INFO] | | +- org.springframework.webflow:spring-webflow:jar:2.4.1.RELEASE:compile
[INFO] | | | +- opensymphony:ognl:jar:2.6.11:compile
[INFO] | | | +- org.springframework.webflow:spring-binding:jar:2.4.1.RELEASE:compile
[INFO] | | | \- org.springframework.webflow:spring-js:jar:2.4.1.RELEASE:compile
[INFO] | | | \- org.springframework.webflow:spring-js-resources:jar:2.4.1.RELEASE:compile
[INFO] | | +- commons-jexl:commons-jexl:jar:1.1:runtime
[INFO] | | +- commons-io:commons-io:jar:2.4:compile
[INFO] | | +- joda-time:joda-time:jar:2.8.1:compile
[INFO] | | +- org.reflections:reflections:jar:0.9.10:compile
[INFO] | | | +- org.javassist:javassist:jar:3.19.0-GA:compile
[INFO] | | | \- com.google.code.findbugs:annotations:jar:2.0.1:compile
[INFO] | | +- org.apache.httpcomponents:httpclient:jar:4.4.1:compile
[INFO] | | | \- org.apache.httpcomponents:httpcore:jar:4.4.1:compile
[INFO] | | +- javax.cache:cache-api:jar:1.0.0:compile
[INFO] | | +- org.jsr107.ri:cache-ri-impl:jar:1.0.0:runtime
[INFO] | | | \- javax.enterprise:cdi-api:jar:1.0-SP4:runtime
[INFO] | | | +- org.jboss.spec.javax.interceptor:jboss-interceptors-api_1.1_spec:jar:1.0.0.Beta1:runtime
[INFO] | | | +- javax.annotation:jsr250-api:jar:1.0:runtime
[INFO] | | | \- javax.inject:javax.inject:jar:1:runtime
[INFO] | | +- com.google.guava:guava:jar:18.0:compile
[INFO] | | +- org.bitbucket.b_c:jose4j:jar:0.4.1:compile
[INFO] | | \- org.apache.commons:commons-collections4:jar:4.0:compile
[INFO] | +- org.jasig.cas:cas-server-support-generic:jar:4.1.3:runtime
[INFO] | +- org.springframework:spring-context-support:jar:4.1.8.RELEASE:compile
[INFO] | +- org.codehaus.woodstox:woodstox-core-asl:jar:4.4.1:runtime
[INFO] | | +- javax.xml.stream:stax-api:jar:1.0-2:runtime
[INFO] | | \- org.codehaus.woodstox:stax2-api:jar:3.1.4:runtime
[INFO] | +- org.quartz-scheduler:quartz:jar:2.2.1:runtime
[INFO] | +- org.jasig:spring-webflow-client-repo:jar:1.0.0:runtime
[INFO] | | +- org.slf4j:jcl-over-slf4j:jar:1.7.7:runtime
[INFO] | | \- org.cryptacular:cryptacular:jar:1.0:runtime
[INFO] | | \- org.bouncycastle:bcprov-jdk15on:jar:1.50:runtime
[INFO] | +- com.sun.jersey:jersey-core:jar:1.19:compile
[INFO] | | \- javax.ws.rs:jsr311-api:jar:1.1.1:compile
[INFO] | +- com.sun.jersey:jersey-server:jar:1.19:compile
[INFO] | +- com.sun.jersey:jersey-servlet:jar:1.19:compile
[INFO] | +- com.sun.jersey.contribs:jersey-spring:jar:1.19:runtime
[INFO] | \- org.apache.logging.log4j:log4j-web:jar:2.3:runtime
[INFO] +- org.jasig.cas:cas-server-support-jdbc:jar:4.1.3:compile
[INFO] | +- org.apache.commons:commons-lang3:jar:3.4:compile
[INFO] | +- org.springframework:spring-jdbc:jar:4.1.8.RELEASE:compile
[INFO] | +- org.springframework:spring-orm:jar:4.1.8.RELEASE:compile
[INFO] | \- org.apache.shiro:shiro-core:jar:1.2.3:compile
[INFO] | \- commons-beanutils:commons-beanutils:jar:1.8.3:compile
[INFO] +- mysql:mysql-connector-java:jar:5.1.37:compile
[INFO] +- com.mchange:c3p0:jar:0.9.5.1:compile
[INFO] +- com.mchange:mchange-commons-java:jar:0.2.10:compile
[INFO] +- org.hibernate:hibernate-core:jar:4.3.10.Final:compile
[INFO] | +- org.jboss.logging:jboss-logging:jar:3.1.3.GA:compile
[INFO] | +- org.jboss.spec.javax.transaction:jboss-transaction-api_1.2_spec:jar:1.0.0.Final:compile
[INFO] | +- dom4j:dom4j:jar:1.6.1:compile
[INFO] | | \- xml-apis:xml-apis:jar:1.4.01:compile
[INFO] | +- org.hibernate.common:hibernate-commons-annotations:jar:4.0.5.Final:compile
[INFO] | +- antlr:antlr:jar:2.7.7:compile
[INFO] | \- org.jboss:jandex:jar:1.1.0.Final:compile
[INFO] +- org.hibernate:hibernate-entitymanager:jar:4.3.10.Final:compile
[INFO] | \- org.jboss.logging:jboss-logging-annotations:jar:1.2.0.Beta1:compile
[INFO] +- org.hibernate:hibernate-validator:jar:5.1.3.Final:compile
[INFO] | \- com.fasterxml:classmate:jar:1.0.0:compile
[INFO] +- org.hibernate.javax.persistence:hibernate-jpa-2.1-api:jar:1.0.0.Final:compile
[INFO] +- org.springframework:spring-expression:jar:4.1.8.RELEASE:runtime
[INFO] | \- org.springframework:spring-core:jar:4.1.8.RELEASE:compile
[INFO] +- javax.servlet:jstl:jar:1.2:runtime
[INFO] +- taglibs:standard:jar:1.1.2:runtime
[INFO] +- org.jasig.cas:cas-server-security-filter:jar:2.0.4:runtime
[INFO] +- com.ryantenney.metrics:metrics-spring:jar:3.1.0:runtime
[INFO] | +- io.dropwizard.metrics:metrics-core:jar:3.1.2:compile
[INFO] | +- io.dropwizard.metrics:metrics-healthchecks:jar:3.1.2:runtime
[INFO] | +- io.dropwizard.metrics:metrics-annotation:jar:3.1.2:compile
[INFO] | \- org.springframework:spring-beans:jar:4.1.8.RELEASE:compile
[INFO] +- io.dropwizard.metrics:metrics-jvm:jar:3.1.2:runtime
[INFO] +- io.dropwizard.metrics:metrics-servlets:jar:3.1.2:runtime
[INFO] | +- io.dropwizard.metrics:metrics-json:jar:3.1.2:runtime
[INFO] | \- com.fasterxml.jackson.core:jackson-databind:jar:2.5.3:compile
[INFO] | +- com.fasterxml.jackson.core:jackson-annotations:jar:2.5.0:compile
[INFO] | \- com.fasterxml.jackson.core:jackson-core:jar:2.5.3:compile
[INFO] +- junit:junit:jar:4.12:test
[INFO] | \- org.hamcrest:hamcrest-core:jar:1.3:test
[INFO] +- org.mockito:mockito-core:jar:1.10.19:test
[INFO] | \- org.objenesis:objenesis:jar:2.1:test
[INFO] +- org.springframework:spring-test:jar:4.1.8.RELEASE:test
[INFO] +- javax.servlet:javax.servlet-api:jar:3.0.1:provided
[INFO] +- org.aspectj:aspectjrt:jar:1.8.6:compile
[INFO] +- org.aspectj:aspectjweaver:jar:1.8.6:compile
[INFO] +- javax.validation:validation-api:jar:1.1.0.Final:compile
[INFO] +- javax.el:javax.el-api:jar:3.0.0:provided
[INFO] +- org.glassfish.web:javax.el:jar:2.2.6:runtime
[INFO] +- org.slf4j:slf4j-api:jar:1.7.12:compile
[INFO] +- org.slf4j:jul-to-slf4j:jar:1.7.12:runtime
[INFO] +- org.apache.logging.log4j:log4j-api:jar:2.3:runtime
[INFO] +- org.apache.logging.log4j:log4j-core:jar:2.3:runtime
[INFO] +- org.apache.logging.log4j:log4j-slf4j-impl:jar:2.3:runtime
[INFO] +- org.apache.logging.log4j:log4j-jcl:jar:2.3:runtime
[INFO] | \- commons-logging:commons-logging:jar:1.2:runtime
[INFO] \- org.jasig.inspektr:inspektr-aspects:jar:1.3.GA:compile
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.934 s
[INFO] Finished at: 2016-01-12T14:14:58+08:00
[INFO] Final Memory: 21M/439M
经查看发现org.slf4j.impl.StaticLoggerBinder被打入了cas-server-core中,暂时不知道cas的核心开发何故为此,由于cas-server-core是核心jar,我们是否能够直接移除**org.apache.logging.log4j:log4j-slf4j-impl:jar:2.3:runtime**这个依赖?
/*
* Licensed to Apereo under one or more contributor license
* agreements. See the NOTICE file distributed with this work
* for additional information regarding copyright ownership.
* Apereo licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a
* copy of the License at the following location:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.slf4j.impl;
import org.slf4j.ILoggerFactory;
import org.slf4j.spi.LoggerFactoryBinder;
/**
* The static binder for slf4j logging, which allows CAS
* to select its own {@link org.slf4j.ILoggerFactory} instance at runtime.
* Note that this class MUST reside in the <code>org.slf4j.impl</code>
* package so it can be loaded by the runtime dynamic lookup.
* @author Misagh Moayyed
* @since 4.1.0
*/
public final class StaticLoggerBinder implements LoggerFactoryBinder {
/**
* The unique instance of this class.
*/
private static final StaticLoggerBinder SINGLETON = new StaticLoggerBinder();
/**
* The {@link ILoggerFactory} instance returned by the
* {@link #getLoggerFactory} method should always be the same
* object.
*/
private final ILoggerFactory loggerFactory;
/**
* Instantiates a new Static logger binder.
*/
private StaticLoggerBinder() {
this.loggerFactory = new CasLoggerFactory();
}
/**
* Return the singleton of this class.
*
* @return the StaticLoggerBinder singleton
*/
public static StaticLoggerBinder getSingleton() {
return SINGLETON;
}
public ILoggerFactory getLoggerFactory() {
return this.loggerFactory;
}
public String getLoggerFactoryClassStr() {
return CasLoggerFactory.class.getName();
}
}
修改pom.xml
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<configuration>
<warName>cas</warName>
<webResources>
<resource>
<directory>${basedir}/src/main/webapp/WEB-INF</directory>
<filtering>true</filtering>
<targetPath>WEB-INF</targetPath>
<includes>
<include>**/web.xml</include>
</includes>
</resource>
</webResources>
<!--Richard Customized-->
<!--<packagingExcludes>-->
<!--WEB-INF/lib/log4j-slf4j-impl-*.jar-->
<!--</packagingExcludes>-->
</configuration>
</plugin>
如果去掉**org.apache.logging.log4j:log4j-slf4j-impl:jar:2.3:runtime**这个依赖在部署时会出错,可是目前的实现方式是显示的在slf4j中override掉原来的实现,实例化CAS自己的LogFactory
// Line:
private StaticLoggerBinder() {
this.loggerFactory = new CasLoggerFactory();
}
此问题待解
网上很多文章介绍关于jaxb和jersey在jboss下使用方法,但是此处的警告消息warn并不会消除,这是当前6.4版本的一个bug,请参考JBEAP-69