I am trying to use CAS in Liferay. I have installed the CAS-sever, and i
have installed the cas client at the liferay side. both run successful. my
LDAP server is Apache Directory Server Service 1.5.0.
the LDAP is very simple: .com
..example
...user(node)
.system
..admin(node)
but when CAS use LDAP (at the same time Liferay use LDAP too), i have error
report:
anyone who knows whats wrong have i done?
2007-05-24 09:11:30,734 ERROR
[org.apache.catalina.core.ContainerBase.[Catalina]
.[localhost].[/cas-web].[cas]] - <Servlet.service() for servlet cas threw
except
ion>
javax.naming.AuthenticationException: [LDAP: error code 49 - Bind failed:
null]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193
)
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.ja
va:136)
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.jav
a:66)
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:6
67)
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247
)
at javax.naming.InitialContext.init(InitialContext.java:223)
at
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:1
34)
at
org.springframework.ldap.support.LdapContextSource.getDirContextInsta
nce(LdapContextSource.java:59)
at
org.springframework.ldap.support.AbstractContextSource.createContext(
AbstractContextSource.java:193)
at
org.springframework.ldap.support.AbstractContextSource.getReadOnlyCon
text(AbstractContextSource.java:104)
at
org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:263)
at
org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:314)
at
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticat
eUsernamePasswordInternal(BindLdapAuthenticationHandler.java:70)
at
org.jasig.cas.authentication.handler.support.AbstractUsernamePassword
AuthenticationHandler.authenticate(AbstractUsernamePasswordAuthenticationHandler
.java:58)
at
org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(A
uthenticationManagerImpl.java:79)
at
org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTi
cket(CentralAuthenticationServiceImpl.java:282)
at
org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(Authenticat
ionViaFormAction.java:116)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.springframework.webflow.util.DispatchMethodInvoker.invoke(Dispatc
hMethodInvoker.java:103)
at
org.springframework.webflow.action.MultiAction.doExecute(MultiAction.
java:136)
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAct
ion.java:203)
at
org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedA
ction.java:142)
at
org.springframework.webflow.engine.ActionExecutor.execute(ActionExecu
tor.java:61)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.ja
va:180)
at org.springframework.webflow.engine.State.enter(State.java:200)
at
org.springframework.webflow.engine.Transition.execute(Transition.java
:229)
at
org.springframework.webflow.engine.TransitionableState.onEvent(Transi
tionableState.java:112)
at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.sig
nalEvent(RequestControlContextImpl.java:207)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.ja
va:185)
at org.springframework.webflow.engine.State.enter(State.java:200)
at
org.springframework.webflow.engine.Transition.execute(Transition.java
:229)
at
org.springframework.webflow.engine.TransitionableState.onEvent(Transi
tionableState.java:112)
at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.sig
nalEvent(RequestControlContextImpl.java:207)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent
(FlowExecutionImpl.java:214)
at
org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExec
utorImpl.java:238)
at
org.springframework.webflow.executor.support.FlowRequestHandler.handl
eFlowRequest(FlowRequestHandler.java:115)
at
org.springframework.webflow.executor.mvc.FlowController.handleRequest
Internal(FlowController.java:170)
at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(
AbstractController.java:153)
at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.ha
ndle(SimpleControllerHandlerAdapter.java:48)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(Dispatch
erServlet.java:819)
at
org.springframework.web.servlet.DispatcherServlet.doService(Dispatche
rServlet.java:754)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(Frame
workServlet.java:399)
at
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServ
let.java:364)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherSe
rvlet.java:115)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:252)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:173)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:178)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:126)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:105)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:148)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
:869)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.p
rocessConnection(Http11BaseProtocol.java:664)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpo
int.java:527)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFol
lowerWorkerThread.java:80)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
ool.java:684)
at java.lang.Thread.run(Thread.java:595)
and this is my deployerConfigContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd";>
<!--
| deployerConfigContext.xml centralizes into one file some of the
declarative configuration that
| all CAS deployers will need to modify.
|
| This file declares some of the Spring-managed JavaBeans that make up a
CAS deployment.
| The beans declared in this file are instantiated at context
initialization time by the Spring
| ContextLoaderListener declared in web.xml. It finds this file because
this
| file is among those declared in the context parameter
"contextConfigLocation".
|
| By far the most common change you will need to make in this file is to
change the last bean
| declaration to replace the default
SimpleTestUsernamePasswordAuthenticationHandler with
| one implementing your approach for authenticating usernames and
passwords.
+-->
<beans>
<!--
| This bean declares our AuthenticationManager. The
CentralAuthenticationService service bean
| declared in applicationContext.xml picks up this AuthenticationManager
by reference to its id,
| "authenticationManager". Most deployers will be able to use the
default AuthenticationManager
| implementation and so do not need to change the class of this bean. We
include the whole
| AuthenticationManager here in the userConfigContext.xml so that you can
see the things you will
| need to change in context.
+-->
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<!--
| This is the List of CredentialToPrincipalResolvers that identify what
Principal is trying to authenticate.
| The AuthenticationManagerImpl considers them in order, finding a
CredentialToPrincipalResolver which
| supports the presented credentials.
|
| AuthenticationManagerImpl uses these resolvers for two purposes.
First, it uses them to identify the Principal
| attempting to authenticate to CAS /login . In the default
configuration, it is the DefaultCredentialsToPrincipalResolver
| that fills this role. If you are using some other kind of credentials
than UsernamePasswordCredentials, you will need to replace
| DefaultCredentialsToPrincipalResolver with a
CredentialsToPrincipalResolver that supports the credentials you are
| using.
|
| Second, AuthenticationManagerImpl uses these resolvers to identify a
service requesting a proxy granting ticket.
| In the default configuration, it is the
HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose.
| You will need to change this list if you are identifying services by
something more or other than their callback URL.
+-->
<property name="credentialsToPrincipalResolvers">
<list>
<!--
| UsernamePasswordCredentialsToPrincipalResolver supports the
UsernamePasswordCredentials that we use for /login
| by default and produces SimplePrincipal instances conveying the
username from the credentials.
|
| If you've changed your LoginFormAction to use credentials other than
UsernamePasswordCredentials then you will also
| need to change this bean declaration (or add additional
declarations) to declare a CredentialsToPrincipalResolver that supports the
| Credentials you are using.
+-->
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
/>
<!--
| HttpBasedServiceCredentialsToPrincipalResolver supports
HttpBasedCredentials. It supports the CAS 2.0 approach of
| authenticating services by SSL callback, extracting the callback URL
from the Credentials and representing it as a
| SimpleService identified by that
callback URL.
|
| If you are representing services by something more or other than an
HTTPS URL whereat they are able to
| receive a proxy callback, you will need to change this bean
declaration (or add additional declarations).
+-->
<bean
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
/>
</list>
</property>
<!--
| Whereas CredentialsToPrincipalResolvers identify who it is some
Credentials might authenticate,
| AuthenticationHandlers actually authenticate credentials. Here we
declare the AuthenticationHandlers that
| authenticate the Principals that the CredentialsToPrincipalResolvers
identified. CAS will try these handlers in turn
| until it finds one that both supports the Credentials presented and
succeeds in authenticating.
+-->
<property name="authenticationHandlers">
<list>
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
<property name="httpClient"
ref="httpClient" />
</bean>
<bean
class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
<property name="filter" value="uid=%u"
/>
<property name="searchBase"
value="ou=system" />
<property name="contextSource"
ref="contextSource" />
</bean>
</list>
</property>
</bean>
<bean id="contextSource"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
<property name="anonymousReadOnly" value="false" />
<property name="userName" value="uid=admin" />
<property name="password" value="userPassword=secret" />
<property name="pooled" value="true" />
<property name="urls">
<list>
<value>ldap://localhost:10389/</value>
</list>
</property>
<property name="baseEnvironmentProperties">
<map>
<entry>
<key><value>java.naming.security.authentication</value></key>
<value>simple</value>
</entry>
</map>
</property>
</bean>
</beans>
_________________________________________________________________
与世界各地的朋友进行交流,免费下载 Live Messenger;
http://get.live.com/messenger/overview
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
