经过分析,是因为在配置web.xml的过滤器(Filter)时没用主机完整名字,而是用了localhost。
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
javax.servlet.ServletException: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/serviceValidate] ticket=[ST-3-IxIfbykiwtcpfoXhF4oq-cas] service=[http%3A%2F%2FPC2010090619oxn%3A8080%2FExt_jsp%2Flogin.htm] renew=false]]]
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)
root cause
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/serviceValidate] ticket=[ST-3-IxIfbykiwtcpfoXhF4oq-cas] service=[http%3A%2F%2FPC2010090619oxn%3A8080%2FExt_jsp%2Flogin.htm] renew=false]]]
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
root cause
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:415)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:979)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
root cause
java.security.cert.CertificateException: No name matching localhost found
sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:210)
sun.security.util.HostnameChecker.match(HostnameChecker.java:77)
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:264)
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:250)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:415)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:979)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
note The full stack trace of the root cause is available in the Apache Tomcat/6.0.29 logs.
