This is copied from a previous thread, but I'm copying into it's own
thread for a more succinct summary (for others who may have the same
problem). If you have tomcat 5.5.16, you may run across the following error:
javax.servlet.ServletException : Unable to validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[
https://myserver:8443/cas/serviceValidate
<https://gammel1.devqa.sersol.il.pqe:8443/cas/serviceValidate>]
ticket=[ST-7-iAwfbTJdvxggYhbfQSSkeFi2YZmbJkaFMM9-20]
service=[http%3A%2F%2Flocalhost%3A8080%2FcasSample%2Findex.html]
errorCode=[INVALID_SERVICE] errorMessage=[ticket
'ST-7-iAwfbTJdvxggYhbfQSSkeFi2YZmbJkaFMM9-20' does not match supplied
service. The original service was
'http://localhost:8080/casSample/index.html
<http://localhost:8080/casSample/index.html>?' and the supplied service was
'http://localhost:8080/casSample/index.html'.
<http://localhost:8080/casSample/index.html%27.>] renew=false
entireResponse=[<cas:serviceResponse xmlns:cas='
http://www.yale.edu/tp/cas' <http://www.yale.edu/tp/cas%27>>
<cas:authenticationFailure code='INVALID_SERVICE'> ticket
'ST-7-iAwfbTJdvxggYhbfQSSkeFi2YZmbJkaFMM9-20' does not match
supplied service.
As you can see, the paths don't match (in one case you have an ending
"?"). The web.xml for the filter contains the following:
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
<param-value>localhost:8080</param-value>
</init-param>
The problem is caused by tomcat incorrectly returning an empty string
when there is no query string (the J2EE spec clearly states it should
return null). The service String is set within
edu/yale/its/tp/cas/client/Util.getService() when the filter is called.
Inside there, the server comes in as "localhost:8080". Right before
being encoded, the return buffer gets set to
"http://localhost:8080/casSample/index.html?";. The trailing "?" is added
because of the block:
if (request.getQueryString() != null) {
is true. It is true, because the query string is an empty string (bad
tomcat). As a result, a "?" is appended.
The problem is solved by moving to a more recent version of Tomcat. If
this is not possible, you can hack the client code, and change the line
in Util.getService() to
if (request.getQueryString() != null &&
request.getQueryString().length > 0) {
That is discouraged, of course, as you would have to that hack every
time you got a new version of the client.
_________________________________________________________________
Discover sweet stuff waiting for you at the Messenger Cafe. Claim your
treat today!
http://www.cafemessenger.com/info/info_sweetstuff.html?ocid=TXT_TAGHM_SeptHMtagline2
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
