我在WebLogic服务器版本12.1.2.0.0中部署的Spring MVC应用程序中使用CAS身份验证。
CAS服务器(http://www.jasig.org/cas)
-提供CAS登录网页并认证用户
-问题TGT cookie(票据授予票据),所以用户不必登录每个重定向到CAS服务器
-用ticket=ST-xxx服务票证重定向回应用服务器在url中为CAS客户端检查
—验证应用服务器的CAS服务票证
但是每次刷新页面我都发现票参数不一样,
http://127.0.0.1:7001/devices_admin/welcome/welcome.do?ticket=ST-4857110-xJpv1gJ85niEGKBJHnQ5XZ5Et8pPY2kdXXkRzOlywdipakotoWUodeh4WCcovXPHWWxqbM6M0zNjxDy4uWSuazG-PHslUMVSXYCWTApMlTfLGC-m8dJiJ6e0zsxwwPOhzc5uNsRJh4dpl1mWcPdxaYhj21G
http://127.0.0.1:7001/devices_admin/welcome/welcome.do?ticket=ST-4860089-wzJ3y2wzsMYHmpl8H7CenIURY68LSu0xzSKNB2o0XZiOrR60FGQHN9wSo83MuUraWFavzn3Qlp6VhtOzSEvdfwY-PHslUMVSXYCWTApMlTfLGC-JJBSzIydnDGzcECwzsiDiYCLUVecvzxZHmjIN2kDTewo
所以我得到一个错误404- Not Found in browser
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not Found
The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.
这里是我的weblogic.xml文件
<?xml version="1.0" encoding="UTF-8"?>
<weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/weblogic-web-app"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd
http://www.bea.com/ns/weblogic/weblogic-web-app
http://www.bea.com/ns/weblogic/weblogic-web-app/1.0/weblogic-web-app.xsd">
<!-- Example of a role mapped to a group provided by Ecas -->
<session-descriptor>
<cookie-path>/devices_admin</cookie-path>
<cookie-name>DEVICESJSESSIONID</cookie-name>
<url-rewriting-enabled>false</url-rewriting-enabled>
</session-descriptor>
<context-root>/devices_admin</context-root>
<security-role-assignment>
<role-name>authenticated</role-name>
<principal-name>INTERNET</principal-name>
</security-role-assignment>
<!-- Only needed if you want to allow some resources to be accessed by authenticated users who do not possess any role -->
<container-descriptor>
<allow-all-roles>true</allow-all-roles>
</container-descriptor>
<jsp-descriptor>
<precompile>true</precompile>
</jsp-descriptor>
</weblogic-web-app>
也有一个异常启动WL
javax.security.auth.callback.UnsupportedCallbackException: Unrecognized Callback at weblogic.security.BaseCallbackHandler.handle(BaseCallbackHandler.java:44)
at weblogic.security.BaseCallbackHandler.handle(BaseCallbackHandler.java:32)
at com.bea.common.security.internal.service.CallbackHandlerWrapper.handle(CallbackHandlerWrapper.java:76)
at weblogic.security.service.internal.WLSJAASLoginServiceImpl$CallbackHandlerWrapper.handle(WLSJAASLoginServiceImpl.java:154)
at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:947)
at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:944)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext$SecureCallbackHandler.handle(LoginContext.java:943)
您可以检查您的spring xml文件,其中配置了您的服务属性。你的回调url通常配置在"service"属性中。此URL通常是您的客户机应用程序URL,您希望在CAS通过身份验证后将请求重定向到此URL。