cas登录换用 jdk1.6 报错handshake_failure握手失败
用cas代码搭建demo,jdk版本为1.6,结果报错javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure。
总结百度搜索答案:
-
替换jdk的jar包,即jre\lib\security的local_policy.jar,US_export_policy.jar文件替换掉(jre和jdk中的jre均替换掉),下载地址
http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html;
- 设置参数System.setProperty(“https.protocols”, “TLSv1.2,TLSv1.1,SSLv3”);
试用过第一种,没有解决问题;开始尝试第二种,首先要找到参数添加地址,观察报错:
标明cas.client.util.Commonutils.getResponseFromServer 报错,所以在建立客户端与服务端建立连接时要指定jdk1.6的证书类型,经查证:
故代码设置为 System.setProperty(“https.protocols”, “TLSv1,SSLv3”);即
public static String getResponseFromServer(final URL constructedUrl, final HostnameVerifier hostnameVerifier, final String encoding) {
URLConnection conn = null;
try {
//加入支持证书类型
System.setProperty("https.protocols", "TLSv1,SSLv3");
conn = constructedUrl.openConnection();
if (conn instanceof HttpsURLConnection) {
((HttpsURLConnection)conn).setHostnameVerifier(hostnameVerifier);
}
final BufferedReader in;
if (CommonUtils.isEmpty(encoding)) {
in = new BufferedReader(new InputStreamReader(conn.getInputStream()));
} else {
in = new BufferedReader(new InputStreamReader(conn.getInputStream(), encoding));
}
String line;
final StringBuilder stringBuffer = new StringBuilder(255);
while ((line = in.readLine()) != null) {
stringBuffer.append(line);
stringBuffer.append("\n");
}
return stringBuffer.toString();
} catch (final Exception e) {
LOG.error(e.getMessage(), e);
throw new RuntimeException(e);
} finally {
if (conn != null && conn instanceof HttpURLConnection) {
((HttpURLConnection)conn).disconnect();
}
}
}
重启项目,登录成功。
jdk证书类型部分参考https://blog.csdn.net/tawlang/article/details/80655460;
做一个备忘录,若有不准确还望指正。