cas 单点登录出现org.jasig.cas.client.util.CommonUtils.getResponseFromServer - 拒绝连接 Connection refused...

最新推荐文章于 2023-02-14 11:32:22 发布
最新推荐文章于 2023-02-14 11:32:22 发布
阅读量750 收藏
点赞数
文章标签: java
原文链接:https://yq.aliyun.com/articles/319255
版权

cas 单点登录出现org.jasig.cas.client.util.CommonUtils.getResponseFromServer - 拒绝连接 Connection refused

环境:

  • CentOS Linux release 7.2.1511 (Core)
  • cas-client-core-3.1.12.jar

最近在对cas环境进行切换,原来好好的环境。部署在新环境下却出现org.jasig.cas.client.util.CommonUtils.getResponseFromServer - 拒绝连接异常。

2016-08-18 17:05:08.718 [http-bio-8080-exec-9] ERROR org.jasig.cas.client.util.CommonUtils.getResponseFromServer - 拒绝连接
java.net.ConnectException: 拒绝连接
        at java.net.PlainSocketImpl.socketConnect(Native Method) ~[na:1.7.0_80]
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339) ~[na:1.7.0_80]
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200) ~[na:1.7.0_80]
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182) ~[na:1.7.0_80]
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[na:1.7.0_80]
        at java.net.Socket.connect(Socket.java:579) ~[na:1.7.0_80]
        at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:625) ~[na:1.7.0_80]
        at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:160) ~[na:1.7.0_80]
        at sun.net.NetworkClient.doConnect(NetworkClient.java:180) ~[na:1.7.0_80]
        at sun.net.www.http.HttpClient.openServer(HttpClient.java:432) ~[na:1.7.0_80]
        at sun.net.www.http.HttpClient.openServer(HttpClient.java:527) ~[na:1.7.0_80]
        at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264) ~[na:1.7.0_80]
        at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367) ~[na:1.7.0_80]
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191) ~[na:1.7.0_80]
        at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:933) ~[na:1.7.0_80]
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177) ~[na:1.7.0_80]
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1301) ~[na:1.7.0_80]
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) ~[na:1.7.0_80]
        at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:313) [cas-client-core-3.1.12.jar:na]
        at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:291) [cas-client-core-3.1.12.jar:na]
        at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:32) [cas-client-core-3.1.12.jar:na]
        at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:187) [cas-client-core-3.1.12.jar:na]
        at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:164) [cas-client-core-3.1.12.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.68]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.68]
        at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:102) [cas-client-core-3.1.12.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.68]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.68]
        at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:65) [cas-client-core-3.1.12.jar:na]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.68]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.68]
        at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:85) [spring-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.2.2.RELEASE.jar:4.2.2.RELEASE]
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.68]
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.68]
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) [catalina.jar:7.0.68]
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) [catalina.jar:7.0.68]
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) [catalina.jar:7.0.68]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) [catalina.jar:7.0.68]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) [catalina.jar:7.0.68]
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956) [catalina.jar:7.0.68]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) [catalina.jar:7.0.68]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436) [catalina.jar:7.0.68]
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078) [tomcat-coyote.jar:7.0.68]
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625) [tomcat-coyote.jar:7.0.68]
        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316) [tomcat-coyote.jar:7.0.68]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_80]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_80]
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-coyote.jar:7.0.68]
        at java.lang.Thread.run(Thread.java:745) [na:1.7.0_80]

找了很久也找不到是什么原因,最后换了一种链接方式后问题才得以解决。估计这是个bug。

修改org.jasig.cas.client.util.CommonUtils类的public static String getResponseFromServer(final URL constructedUrl, final HostnameVerifier hostnameVerifier, final String encoding)方法。

将原有的

public static String getResponseFromServer(final URL constructedUrl, final HostnameVerifier hostnameVerifier, final String encoding) {
        URLConnection conn = null;
        try {
        conn = constructedUrl.openConnection();
        if (conn instanceof HttpsURLConnection) {
            ((HttpsURLConnection)conn).setHostnameVerifier(hostnameVerifier);
        }
        final BufferedReader in;

        if (CommonUtils.isEmpty(encoding)) {
            in = new BufferedReader(new InputStreamReader(conn.getInputStream()));
        } else {
            in = new BufferedReader(new InputStreamReader(conn.getInputStream(), encoding));
        }

        String line;
        final StringBuilder stringBuffer = new StringBuilder(255);

        while ((line = in.readLine()) != null) {
            stringBuffer.append(line);
            stringBuffer.append("\n");
        }

        return stringBuffer.toString();

    } catch (final Exception e) {
        LOG.error(e.getMessage(), e);
        throw new RuntimeException(e);
    } finally {
        if (conn != null && conn instanceof HttpURLConnection) {
            ((HttpURLConnection)conn).disconnect();
        }
    }

}

cas客户端作如下修改

  • 添加远程连接类:
public class HttpRemote {
    /**
     * 以Post方法访问
     * @param url 请求地址
     * @param argsMap 携带的参数
     * @return String 返回结果
     * @throws Exception
     */
    public static String POSTMethod(String url, Map<String, Object> argsMap) throws Exception {
        byte[] dataByte = null;

        // 创建HttpClientBuilder
        HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
        // HttpClient
        CloseableHttpClient httpClient = httpClientBuilder.build();

        HttpPost httpPost = new HttpPost(url);
        // 设置参数
        UrlEncodedFormEntity encodedFormEntity = new UrlEncodedFormEntity(setHttpParams(argsMap), "UTF-8");
        httpPost.setEntity(encodedFormEntity);
        // 执行请求
        HttpResponse httpResponse = httpClient.execute(httpPost);
        // 获取返回的数据
        HttpEntity httpEntity = httpResponse.getEntity();
        if (httpEntity != null) {
            byte[] responseBytes = getData(httpEntity);
            dataByte = responseBytes;
            httpPost.abort();
        }
        // 将字节数组转换成为字符串
        String result = bytesToString(dataByte);
        return result;
    }
}
  • getResponseFromServer方法修改为:
public static String getResponseFromServer(final URL constructedUrl, final HostnameVerifier hostnameVerifier, final String encoding) {
    URLConnection conn = null;
    try {
//            conn = constructedUrl.openConnection();
//            if (conn instanceof HttpsURLConnection) {
//                ((HttpsURLConnection)conn).setHostnameVerifier(hostnameVerifier);
//            }
//            final BufferedReader in;
//
//            if (CommonUtils.isEmpty(encoding)) {
//                in = new BufferedReader(new InputStreamReader(conn.getInputStream()));
//            } else {
//                in = new BufferedReader(new InputStreamReader(conn.getInputStream(), encoding));
//            }
//
//            String line;
        final StringBuilder stringBuffer = new StringBuilder(255);
//
//            while ((line = in.readLine()) != null) {
//                stringBuffer.append(line);
//                stringBuffer.append("\n");
//            }

        stringBuffer.append(HttpRemote.POSTMethod(constructedUrl.toString(),null));


        return stringBuffer.toString();

    } catch (final Exception e) {
        LOG.error(e.getMessage(), e);
        throw new RuntimeException(e);
    } finally {
        if (conn != null && conn instanceof HttpURLConnection) {
            ((HttpURLConnection)conn).disconnect();
        }
    }

}

重新打包重启即可。

weixin_34318326
关注
org.jasig.cas.client.util.CommonUtils
06-17
org.jasig.cas.client.util.CommonUtils 加入 public static void disableSSLVerification(){ try { // Create a trust manager that does not validate certificate chains TrustManager[] ...
cas java客户端_CAS 客户端 登录报错
weixin_33734005的博客
02-13 797
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check ...
记录- 修复RuntimeException: java.net.ConnectException: Connection timed out;at org.jasig.cas.client.util
q18810146167的博客
04-30 3052
背景:使用springboot 集成的 cas 认证服务,流程如下: 第一次登陆子系统server,子server重定向到cas server, cas server进行登录认证后回调回子系统, 子server 通过返回的url中携带参数ticket来捕获server颁发的ticket, 子server获取到ticket后 再次发送请求到 cas server的validate接口验证tic...
cas-client-core-3.2.1-API文档-中英对照版 (1).zip
07-13
Maven坐标:org.jasig.cas.client:cas-client-core:3.2.1; 标签:jasigclientcas、core、中英对照文档、jar包、java; 使用方法:解压翻译后的API文档,用浏览器打开“index.html”文件,即可纵览文档内容。 ...
cas 单点登录
07-25
### CAS单点登录快速开发指南 #### 一、CAS单点登录简介 CAS(Central Authentication Service)是一种开放源代码的单点登录协议和服务,广泛应用于高等教育机构和其他领域。CAS允许客户端应用通过一个中心认证...
spring boot整合CAS Client实现单点登陆验证的示例
08-28
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>http://127.0.0.1/login</param-value> ...
jasig-cas-4.0.x-overlay-template:ala-casjasig cas 3.4.2升级到4.0.1
05-07
`jasig-cas-4.0.x-overlay-template` 是一个用于辅助升级的模板项目,它可以帮助用户快速搭建与旧版本不同的CAS 4.0.x配置,并提供了一个起点,以便进行自定义和适配。 ### 1. CAS 升级的重要性 升级CAS的主要原因...
cas 登录成功不跳转 CommonUtils.getResponseFromServer
hc1428090104的博客
02-14 1104
cas 登录成功不跳转
配置CAS单点登录出现拒绝连接 [https] Error M essage: 拒绝连接 (Connection refused)
自闭吉普赛的博客
12-29 2309
https://CAS服务端地址/serviceValidate?根据错误日志追踪源码,可知问题出现在客户端回调服务端ticket 验证阶段。改用ip再次curl 发现可达,大概知道原因了。检查客户端服务器是否正确配置CAS服务域名解析。:在客户端服务器hosts文件追加域名解析信息。单点可正常跳转,服务恢复正常。
GetResponse() 基础连接已经关闭:服务器关闭了本应保持活动状态的连接
weixin_33763244的博客
04-13 946
1.原因: (1)KeepAlive默认为true,与internet保持持续连接 ,服务器关闭了连接,使用HttpWebResponse.GetResponse()出错 (2)HttpWebRequest 超过了最大连接数 (3)网络响应慢而导致超时 2.解决: (1) req.KeepAlive = false; (2)设置超时时间req.Timeout = 15000; (3...
CAS单点登录之mysql数据库用户验证及常见问题
gaojiyinhang2的专栏
05-23 3384
前面已经介绍了CAS服务器的搭建,详情见:搭建CAS单点登录服务器。然而前面只是简单地介绍了服务器的搭建,其验证方式是原始的配置文件的方式,这显然不能满足日常的需求。下面介绍下通过mysql数据库认证的方式。   一、CAS认证之mysql数据库认证   1、在mysql中新建一个cas数据库并创建user表 CREATE DATABASE /*!32312 IF NOT EXIST
unable to find valid certification path to requested target的异常解决办法
热门推荐
一一哥
04-23 1万+
unable to find valid certification path to requested target的异常解决办法 一.异常现象 我在利用cas-overlay-template搭建单点登录服务器的时候,服务器正常启动起来,然后我又搭建了一个cas客户端,也配置好了与服务器的连接,结果我在浏览器访问客户端的api时,浏览器提示出现500异常。然后控制台提示信息如下: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeExce
使用cas登录出错,本地没有错误,环境上报错
lipingping951462的专栏
11-29 2736
2017-11-28 17:15:33,934 [http-nio-12000-exec-55] ERROR [org.jasig.cas.client.util.CommonUtils] - sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.Su
CAS 5.x搭建常见问题系列(2).PKIX path building failed
好用的CAS
07-02 1212
错误内容 错误信息如下: Type Exception Report Message javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBui...
IORuntimeException: ConnectException: Connection refused (Connection refused)
最新发布
07-29
引用\[1\]:java.lang.RuntimeException: java.net.ConnectException: 连接超时 (Connection timed out) at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:443) at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41) at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193) at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:204) 。 引用\[2\]:思考一个问题:第一次认证的直接重定向到了cas server,相当于client 发出认证请求到了cas server, 这个时候是正常返回了一个:http://dos.iquantex.com/dos/_getSigutature?backurl=http%3A%2F%2Fdos.iquantex.com%2FdataTree&ticket=ST-854-Cr5NwD57j7ZVrJMCziltFl31d-g-QTBJ-AVA-APP-SSO; 这个时候 ,clinet 拿这个url 再请求 子server, 子server这时候还并不值得 client 是哪个用户, 于是,它只能 拿上面url 里的ticket=ST-854-Cr5NwD57j7ZVrJMCziltFl31d-g-QTBJ-AVA-APP-SSO 再去问 cas server,这个ticket 是谁的? 问题就出现在了 这个地方 :ConnectException: 连接超时 (Connection timed out) 。 引用\[3\]:在启动类上加入exclude就好了,启动日志也不会报错(前期是需要依赖的项目里面不会用到mongo,如果要用到的话,不能用这个方法)。 @SpringBootApplication(exclude = {MongoAutoConfiguration.class, MongoDataAutoConfiguration.class}) 。 问题:IORuntimeException: ConnectException: Connection refused (Connection refused) 回答: 这个错误是由于连接超时或连接拒绝导致的。根据引用\[1\]中的错误信息,可以看出是在CAS客户端验证过程中发生的连接超时错误。在引用\[2\]中提到,当子服务器尝试使用CAS服务器返回的URL进行验证时,如果连接超时或被拒绝,就会出现这个错误。解决这个问题的方法可以参考引用\[3\],在启动类上加入exclude参数,排除与连接超时或连接拒绝相关的配置,可以避免这个错误的发生。 #### 引用[.reference_title] - *1* *2* [记录- 修复RuntimeException: java.net.ConnectException: Connection timed out;at org.jasig.cas.client....](https://blog.csdn.net/q18810146167/article/details/89710481)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v91^insertT0,239^v3^insert_chatgpt"}} ] [.reference_item] - *3* [Caused by: java.net.ConnectException: Connection refused (Connection refused) mongo被依赖项目启动...](https://blog.csdn.net/maybe_fly/article/details/124000110)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v91^insertT0,239^v3^insert_chatgpt"}} ] [.reference_item] [ .reference_list ]
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值