hi.
i use cas server in may web site and for authenticate use Active
directory(Ldap) when login page present i enter username and pass then this
exception throws :
2008-01-14 14:16:24,484 ERROR [org.apache.catalina.core.ContainerBase
.[Catalina].[localhost].[/cas].[cas]] - <Servlet.service() for servlet cas
threw exception>
java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java :333)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:723)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord
(SSLSocketImpl.java:622)
at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush (BufferedOutputStream.java:123)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:390)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334)
at com.sun.jndi.ldap.LdapClient.authenticate (LdapClient.java:192)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2637)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java
:175)
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext
(LdapCtxFactory.java:66)
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
at javax.naming.InitialContext.init (InitialContext.java:223)
at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at
org.springframework.ldap.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:59)
at
org.springframework.ldap.support.AbstractContextSource.createContext(AbstractContextSource.java:193)
at
org.springframework.ldap.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java
:104)
at org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:263)
at org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:314)
at
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUsernamePasswordInternal
(BindLdapAuthenticationHandler.java:70)
at
org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler.authenticate(AbstractUsernamePasswordAuthenticationHandler.java:58)
at org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate
(AuthenticationManagerImpl.java:79)
at
org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(CentralAuthenticationServiceImpl.java:282)
at org.jasig.cas.web.flow.AuthenticationViaFormAction.submit
(AuthenticationViaFormAction.java:116)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.springframework.webflow.util.DispatchMethodInvoker.invoke(DispatchMethodInvoker.java:103)
at org.springframework.webflow.action.MultiAction.doExecute
(MultiAction.java:136)
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:203)
at
org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.java:142)
at
org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.java:61)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180)
at org.springframework.webflow.engine.State.enter (State.java:200)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
at
org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
at org.springframework.webflow.engine.Flow.onEvent (Flow.java:572)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:207)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java
:185)
at org.springframework.webflow.engine.State.enter(State.java:200)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
at org.springframework.webflow.engine.TransitionableState.onEvent
(TransitionableState.java:112)
at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java
:207)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowExecutionImpl.java:214)
at
org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImpl.java:238)
at
org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:115)
at
org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java:170)
at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java
:48)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:819)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:754)
at org.springframework.web.servlet.FrameworkServlet.processRequest
(FrameworkServlet.java:399)
at
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:364)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service (HttpServlet.java:803)
at
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
at org.apache.catalina.core.StandardContextValve.invoke
(StandardContextValve.java:174)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke
(StandardEngineValve.java:108)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection
(Http11BaseProtocol.java:665)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java
:81)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
at java.lang.Thread.run(Thread.java:595)
my deployerConfigContext.xml is this :
<?xml version=" 1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd ">
<!--
| deployerConfigContext.xml centralizes into one file some of the
declarative configuration that
| all CAS deployers will need to modify.
|
| This file declares some of the Spring-managed JavaBeans that make up a
CAS deployment.
| The beans declared in this file are instantiated at context
initialization time by the Spring
| ContextLoaderListener declared in web.xml. It finds this file because
this
| file is among those declared in the context parameter
"contextConfigLocation".
|
| By far the most common change you will need to make in this file is to
change the last bean
| declaration to replace the default
SimpleTestUsernamePasswordAuthenticationHandler with
| one implementing your approach for authenticating usernames and
passwords.
+-->
<beans>
<!--
| This bean declares our AuthenticationManager. The
CentralAuthenticationService service bean
| declared in applicationContext.xml picks up this
AuthenticationManager by reference to its id,
| "authenticationManager". Most deployers will be able to use the
default AuthenticationManager
| implementation and so do not need to change the class of this
bean. We include the whole
| AuthenticationManager here in the userConfigContext.xml so that
you can see the things you will
| need to change in context.
+-->
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<!--
| This is the List of CredentialToPrincipalResolvers that
identify what Principal is trying to authenticate.
| The AuthenticationManagerImpl considers them in order, finding
a CredentialToPrincipalResolver which
| supports the presented credentials.
|
| AuthenticationManagerImpl uses these resolvers for two
purposes. First, it uses them to identify the Principal
| attempting to authenticate to CAS /login . In the default
configuration, it is the DefaultCredentialsToPrincipalResolver
| that fills this role. If you are using some other kind of
credentials than UsernamePasswordCredentials, you will need to replace
| DefaultCredentialsToPrincipalResolver with a
CredentialsToPrincipalResolver that supports the credentials you are
| using.
|
| Second, AuthenticationManagerImpl uses these resolvers to
identify a service requesting a proxy granting ticket.
| In the default configuration, it is the
HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose.
| You will need to change this list if you are identifying
services by something more or other than their callback URL.
+-->
<property name="credentialsToPrincipalResolvers">
<list>
<!--
| UsernamePasswordCredentialsToPrincipalResolver
supports the UsernamePasswordCredentials that we use for /login
| by default and produces SimplePrincipal instances
conveying the username from the credentials.
|
| If you've changed your LoginFormAction to use
credentials other than UsernamePasswordCredentials then you will also
| need to change this bean declaration (or add
additional declarations) to declare a CredentialsToPrincipalResolver that
supports the
| Credentials you are using.
+-->
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/>
<!--
| HttpBasedServiceCredentialsToPrincipalResolver
supports HttpBasedCredentials. It supports the CAS 2.0 approach of
| authenticating services by SSL callback, extracting
the callback URL from the Credentials and representing it as a
| SimpleService identified by that callback URL.
|
| If you are representing services by something more or
other than an HTTPS URL whereat they are able to
| receive a proxy callback, you will need to change this
bean declaration (or add additional declarations).
+-->
<bean
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
/>
</list>
</property>
<!--
| Whereas CredentialsToPrincipalResolvers identify who it is
some Credentials might authenticate,
| AuthenticationHandlers actually authenticate credentials.
Here we declare the AuthenticationHandlers that
| authenticate the Principals that the
CredentialsToPrincipalResolvers identified. CAS will try these handlers in
turn
| until it finds one that both supports the Credentials
presented and succeeds in authenticating.
+-->
<property name="authenticationHandlers">
<list>
<!--
| This is the authentication handler that authenticates
services by means of callback via SSL, thereby validating
| a server side SSL certificate.
+-->
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler
">
<property
name="httpClient"
ref="httpClient" />
</bean>
<!--
| This is the authentication handler declaration that
every CAS deployer will need to change before deploying CAS
| into production. The default
SimpleTestUsernamePasswordAuthenticationHandler authenticates
UsernamePasswordCredentials
| where the username equals the password. You will need
to replace this with an AuthenticationHandler that implements your
| local authentication strategy. You might accomplish
this by coding a new such handler and declaring
| edu.someschool.its.cas.MySpecialHandler here, or you
might use one of the handlers provided in the adaptors modules.
+-->
<bean class="
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler">
<property name="filter" value="uid=%u" />
<property name="searchBase" value="cn=Users,dc=z,dc=z"
/>
<property name="contextSource" ref="contextSource" />
<property name="ignorePartialResultException"
value="yes" />
</bean>
</list>
</property>
</bean>
<bean id="contextSource"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
<property name="urls">
<list>
<value>ldaps://z.z/</value>
</list>
</property>
<property name="userName" value="{cn=z,cn=Users,dc=z,dc=z}"/>
<property name="password" value="{zzz}"/>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key>
<value>java.naming.security.authentication</value>
</key>
<value>simple</value>
</entry>
</map>
</property>
</bean>
</beans>
thanks.
--
View this message in context:
http://www.nabble.com/Problem-to-connect-to-LDAP-with-Cas-for-Authenticate-tp14799250p14799250.html
Sent from the CAS Users mailing list archive at Nabble.com.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
