Your certificate is not installed correctly in the JVM's cacerts file: 12:09:34,858 DEBUG [CasProcessingFilter] Authentication request failed: org.acegisecurity.AuthenticationServiceException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
On Thu, May 8, 2008 at 6:45 AM, ::SammyRulez:: <[EMAIL PROTECTED]> wrote: > Hi folks > > I need to cassify spring app using acegi 1.0.6. > > I think I had setted up all right in application xml as follows > > ?xml version="1.0" encoding="UTF-8"?> > <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" > "http://www.springframework.org/dtd/spring-beans.dtd";> > <beans default-autowire="byName" > > > <bean id="filterChainProxy" > class="org.acegisecurity.util.FilterChainProxy" lazy-init="false"> > <property name="filterInvocationDefinitionSource"> > <value> > CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON > PATTERN_TYPE_APACHE_ANT > > > /**=httpSessionContextIntegrationFilter,logoutFilter,casProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor > </value> > </property> > </bean> > > <bean id="serviceProperties" > class="org.acegisecurity.ui.cas.ServiceProperties"> > <property name="service"><value> > https://sreghenzixp:8443/LIT-Profile_Web/j_acegi_cas_security_check > </value></property> > <property name="sendRenew"><value>false</value></property> > </bean> > <bean id="casProcessingFilter" > class="org.acegisecurity.ui.cas.CasProcessingFilter"> > <property name="authenticationManager"><ref > bean="authenticationManager"/></property> > <property > name="authenticationFailureUrl"><value>/acegijsp/accessDenied.jsp</value></property> > <property name="defaultTargetUrl"><value>/</value></property> > <property > name="filterProcessesUrl"><value>/j_acegi_cas_security_check</value></property> > </bean> > > <bean id="casProcessingFilterEntryPoint" > class="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint"> > <property name="loginUrl"><value>https://sreghenzixp:8443/CAS/login > </value></property> > <property name="serviceProperties"><ref > bean="serviceProperties"/></property> > </bean> > > <bean id="httpSessionContextIntegrationFilter" > class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/> > > <bean id="logoutFilter" > class="org.acegisecurity.ui.logout.LogoutFilter"> > <constructor-arg value="/home.htm"/> <!-- URL redirected to > after logout --> > <constructor-arg> > <list> > > <bean > class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/> > </list> > </constructor-arg> > </bean> > > > > <bean id="securityContextHolderAwareRequestFilter" > > class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/> > <bean id="exceptionTranslationFilter" > class="org.acegisecurity.ui.ExceptionTranslationFilter"> > <property name="authenticationEntryPoint"><ref > local="casProcessingFilterEntryPoint"/></property> > </bean> > > <bean id="filterInvocationInterceptor" > class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> > <property name="authenticationManager" > ref="authenticationManager"/> > <property name="accessDecisionManager"> > <bean > class="org.acegisecurity.vote.AffirmativeBased"> > <property name="allowIfAllAbstainDecisions" > value="false"/> > <property name="decisionVoters"> > <list> > <bean > class="org.acegisecurity.vote.RoleVoter"/> > <bean > class="org.acegisecurity.vote.AuthenticatedVoter"/> > </list> > </property> > </bean> > </property> > <property name="objectDefinitionSource"> > <value> > CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON > PATTERN_TYPE_APACHE_ANT > /**=IS_AUTHENTICATED_ANONYMOUSLY > </value> > </property> > </bean> > <!-- > <bean id="rememberMeServices" > class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices"> > <property name="userDetailsService" > ref="userDetailsService"/> > <property name="key" value="changeThis"/> > </bean> > --> > <bean id="authenticationManager" > class="org.acegisecurity.providers.ProviderManager"> > <property name="providers"> > <list> > <ref bean="casAuthenticationProvider"/> > </list> > </property> > </bean> > > <bean id="casAuthenticationProvider" > class="org.acegisecurity.providers.cas.CasAuthenticationProvider"> > <property name="casAuthoritiesPopulator"><ref > bean="casAuthoritiesPopulator"/></property> > <property name="casProxyDecider"><ref bean="casProxyDecider"/></property> > <property name="ticketValidator"><ref > bean="casProxyTicketValidator"/></property> > <property name="statelessTicketCache"><ref > bean="statelessTicketCache"/></property> > <property > name="key"><value>my_password_for_this_auth_provider_only</value></property> > </bean> > > <bean id="casProxyTicketValidator" > > class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator"> > <property name="casValidate"><value> > https://sreghenzixp:8443/CAS/proxyValidate</value></property> > <property name="proxyCallbackUrl"><value> > https://sreghenzixp:8443/LIT-Profile_Web/casProxy/receptor > </value></property> > <property name="serviceProperties"><ref > bean="serviceProperties"/></property> > <!-- <property > > name="trustStore"><value>/some/path/to/your/lib/security/cacerts</value></property> > --> > </bean> > > <bean id="cacheManager" > class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"> > <property name="configLocation"> > <value>classpath:/ehcache-failsafe.xml</value> > </property> > </bean> > > <bean id="ticketCacheBackend" > class="org.springframework.cache.ehcache.EhCacheFactoryBean"> > <property name="cacheManager"> > <ref local="cacheManager"/> > </property> > <property name="cacheName"> > <value>ticketCache</value> > </property> > </bean> > > <bean id="statelessTicketCache" > class="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache"> > <property name="cache"><ref local="ticketCacheBackend"/></property> > </bean> > > <bean id="casAuthoritiesPopulator" > > class="org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator"> > <property name="userDetailsService"><ref > bean="userDetailsService"/></property> > </bean> > > <bean id="casProxyDecider" > class="org.acegisecurity.providers.cas.proxy.RejectProxyTickets"/> > > <bean id="userDetailsService" > class="it.trend.lit.acegisecurity.UserDetailsService"> > > </bean> > > > </beans> > > cert is installe right in my jboss 4.0.5, calling the webapp with the > right hostname I'm redirected to cas login, it execute authentication > right, but then I' redirected I fall on the "cassfailed page" with > this log in the consolle > > > > > 12:09:34,858 DEBUG [ProviderManager] Authentication attempt using > org.acegisecurity.providers.cas.CasAuthenticationProvider > 12:09:34,858 DEBUG [XmlWebApplicationContext] Publishing event in > context > [EMAIL PROTECTED] > ]: > > [EMAIL PROTECTED] > : > Username: _cas_stateful_; Password: [PROTECTED]; Authenticated: false; > Details: [EMAIL PROTECTED]: > RemoteIpAddress: 10.1.225.123; SessionId: > 534E2A0064A4F867EA0570B381A4F709; Not granted any authorities] > 12:09:34,858 DEBUG [CasProcessingFilter] Updated SecurityContextHolder > to contain null Authentication > 12:09:34,858 DEBUG [CasProcessingFilter] Authentication request > failed: org.acegisecurity.AuthenticationServiceException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > 12:09:34,858 DEBUG [HttpSessionContextIntegrationFilter] > SecurityContextHolder set to new context, as request processing > completed > 12:09:34,873 INFO [ResourceBundleThemeSource] Theme created: name > 'theme', basename [theme] > 12:14:40,879 DEBUG [other] CallbackHandler: > [EMAIL PROTECTED] > 12:14:40,879 DEBUG [JaasSecurityManagerService] Created > [EMAIL PROTECTED] > 12:14:40,879 DEBUG [other] CachePolicy set to: > [EMAIL PROTECTED] > > casProxyTicketValidator is configured and active... I think I'm > missing something... > > > -- > ::SammyRulez:: > http://www.kyub.com/ > pownce & twitter: sammyrulez > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
