yes, but since I cant install the cert in the production JVM i solved setting trustStore property in CasProxyTicketValidator.
TX! 2008/5/8 Scott Battaglia <[EMAIL PROTECTED]>: > Your certificate is not installed correctly in the JVM's cacerts file: > > > 12:09:34,858 DEBUG [CasProcessingFilter] Authentication request > failed: org.acegisecurity.Authenticati > onServiceException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > > > > > > On Thu, May 8, 2008 at 6:45 AM, ::SammyRulez:: <[EMAIL PROTECTED]> wrote: > > > > > > > > > Hi folks > > > > I need to cassify spring app using acegi 1.0.6. > > > > I think I had setted up all right in application xml as follows > > > > ?xml version="1.0" encoding="UTF-8"?> > > <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" > > "http://www.springframework.org/dtd/spring-beans.dtd";> > > <beans default-autowire="byName" > > > > > <bean id="filterChainProxy" > > class="org.acegisecurity.util.FilterChainProxy" lazy-init="false"> > > <property name="filterInvocationDefinitionSource"> > > <value> > > CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON > > PATTERN_TYPE_APACHE_ANT > > > /**=httpSessionContextIntegrationFilter,logoutFilter,casProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor > > </value> > > </property> > > </bean> > > > > <bean id="serviceProperties" > > class="org.acegisecurity.ui.cas.ServiceProperties"> > > <property > name="service"><value>https://sreghenzixp:8443/LIT-Profile_Web/j_acegi_cas_security_check</value></property> > > <property name="sendRenew"><value>false</value></property> > > </bean> > > <bean id="casProcessingFilter" > > class="org.acegisecurity.ui.cas.CasProcessingFilter"> > > <property name="authenticationManager"><ref > > bean="authenticationManager"/></property> > > <property > name="authenticationFailureUrl"><value>/acegijsp/accessDenied.jsp</value></property> > > <property name="defaultTargetUrl"><value>/</value></property> > > <property > name="filterProcessesUrl"><value>/j_acegi_cas_security_check</value></property> > > </bean> > > > > <bean id="casProcessingFilterEntryPoint" > > class="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint"> > > <property > name="loginUrl"><value>https://sreghenzixp:8443/CAS/login</value></property> > > <property name="serviceProperties"><ref > bean="serviceProperties"/></property> > > </bean> > > > > <bean id="httpSessionContextIntegrationFilter" > > class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/> > > > > <bean id="logoutFilter" > class="org.acegisecurity.ui.logout.LogoutFilter"> > > <constructor-arg value="/home.htm"/> <!-- URL redirected to > after logout --> > > <constructor-arg> > > <list> > > > > <bean > class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/> > > </list> > > </constructor-arg> > > </bean> > > > > > > > > <bean id="securityContextHolderAwareRequestFilter" > > > class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/> > > <bean id="exceptionTranslationFilter" > > class="org.acegisecurity.ui.ExceptionTranslationFilter"> > > <property name="authenticationEntryPoint"><ref > > local="casProcessingFilterEntryPoint"/></property> > > </bean> > > > > <bean id="filterInvocationInterceptor" > > class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> > > <property name="authenticationManager" > ref="authenticationManager"/> > > <property name="accessDecisionManager"> > > <bean > class="org.acegisecurity.vote.AffirmativeBased"> > > <property name="allowIfAllAbstainDecisions" > value="false"/> > > <property name="decisionVoters"> > > <list> > > <bean > class="org.acegisecurity.vote.RoleVoter"/> > > <bean > class="org.acegisecurity.vote.AuthenticatedVoter"/> > > </list> > > </property> > > </bean> > > </property> > > <property name="objectDefinitionSource"> > > <value> > > CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON > > PATTERN_TYPE_APACHE_ANT > > /**=IS_AUTHENTICATED_ANONYMOUSLY > > </value> > > </property> > > </bean> > > <!-- > > <bean id="rememberMeServices" > > class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices"> > > <property name="userDetailsService" > ref="userDetailsService"/> > > <property name="key" value="changeThis"/> > > </bean> > > --> > > <bean id="authenticationManager" > > class="org.acegisecurity.providers.ProviderManager"> > > <property name="providers"> > > <list> > > <ref bean="casAuthenticationProvider"/> > > </list> > > </property> > > </bean> > > > > <bean id="casAuthenticationProvider" > > class="org.acegisecurity.providers.cas.CasAuthenticationProvider"> > > <property name="casAuthoritiesPopulator"><ref > > bean="casAuthoritiesPopulator"/></property> > > <property name="casProxyDecider"><ref bean="casProxyDecider"/></property> > > <property name="ticketValidator"><ref > > bean="casProxyTicketValidator"/></property> > > <property name="statelessTicketCache"><ref > > bean="statelessTicketCache"/></property> > > <property > name="key"><value>my_password_for_this_auth_provider_only</value></property> > > </bean> > > > > <bean id="casProxyTicketValidator" > > > class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator"> > > <property > name="casValidate"><value>https://sreghenzixp:8443/CAS/proxyValidate</value></property> > > <property > name="proxyCallbackUrl"><value>https://sreghenzixp:8443/LIT-Profile_Web/casProxy/receptor</value></property> > > <property name="serviceProperties"><ref > bean="serviceProperties"/></property> > > <!-- <property > > > name="trustStore"><value>/some/path/to/your/lib/security/cacerts</value></property> > > --> > > </bean> > > > > <bean id="cacheManager" > > class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"> > > <property name="configLocation"> > > <value>classpath:/ehcache-failsafe.xml</value> > > </property> > > </bean> > > > > <bean id="ticketCacheBackend" > > class="org.springframework.cache.ehcache.EhCacheFactoryBean"> > > <property name="cacheManager"> > > <ref local="cacheManager"/> > > </property> > > <property name="cacheName"> > > <value>ticketCache</value> > > </property> > > </bean> > > > > <bean id="statelessTicketCache" > > class="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache"> > > <property name="cache"><ref local="ticketCacheBackend"/></property> > > </bean> > > > > <bean id="casAuthoritiesPopulator" > > > class="org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator"> > > <property name="userDetailsService"><ref > > bean="userDetailsService"/></property> > > </bean> > > > > <bean id="casProxyDecider" > > class="org.acegisecurity.providers.cas.proxy.RejectProxyTickets"/> > > > > <bean id="userDetailsService" > > class="it.trend.lit.acegisecurity.UserDetailsService"> > > > > </bean> > > > > > > </beans> > > > > cert is installe right in my jboss 4.0.5, calling the webapp with the > > right hostname I'm redirected to cas login, it execute authentication > > right, but then I' redirected I fall on the "cassfailed page" with > > this log in the consolle > > > > > > > > > > 12:09:34,858 DEBUG [ProviderManager] Authentication attempt using > > org.acegisecurity.providers.cas.CasAuthenticationProvider > > 12:09:34,858 DEBUG [XmlWebApplicationContext] Publishing event in > > context > [EMAIL PROTECTED]: > > > [EMAIL PROTECTED]: > > Username: _cas_stateful_; Password: [PROTECTED]; Authenticated: false; > > Details: [EMAIL PROTECTED]: > > RemoteIpAddress: 10.1.225.123; SessionId: > > 534E2A0064A4F867EA0570B381A4F709; Not granted any authorities] > > 12:09:34,858 DEBUG [CasProcessingFilter] Updated SecurityContextHolder > > to contain null Authentication > > 12:09:34,858 DEBUG [CasProcessingFilter] Authentication request > > failed: org.acegisecurity.AuthenticationServiceException: > > sun.security.validator.ValidatorException: PKIX path building failed: > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > > find valid certification path to requested target > > 12:09:34,858 DEBUG [HttpSessionContextIntegrationFilter] > > SecurityContextHolder set to new context, as request processing > > completed > > 12:09:34,873 INFO [ResourceBundleThemeSource] Theme created: name > > 'theme', basename [theme] > > 12:14:40,879 DEBUG [other] CallbackHandler: > > [EMAIL PROTECTED] > > 12:14:40,879 DEBUG [JaasSecurityManagerService] Created > > [EMAIL PROTECTED] > > 12:14:40,879 DEBUG [other] CachePolicy set to: > > [EMAIL PROTECTED] > > > > casProxyTicketValidator is configured and active... I think I'm > > missing something... > > > > > > > > > > > > -- > > ::SammyRulez:: > > http://www.kyub.com/ > > pownce & twitter: sammyrulez > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > -- > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- ::SammyRulez:: http://www.kyub.com/ pownce & twitter: sammyrulez _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
