2019独角兽企业重金招聘Python工程师标准>>> 
1、制作证书时使用IP作为CN值;
2、将制作出来的客户端证书以IP为alias导入证书库(cacerts);
3、重写cas-client-core(我用的是3.4.1)中的CommonUtils.getResponseFromServer(final URL constructedUrl, final HttpURLConnectionFactory factory,
final String encoding)方法;
修改HostnameVerifier的规则
/*** Contacts the remote URL and returns the response.** @param constructedUrl the url to contact.* @param factory connection factory to prepare the URL connection instance* @param encoding the encoding to use.* @return the response.*/public static String getResponseFromServer(final URL constructedUrl, final HttpURLConnectionFactory factory,final String encoding) {HttpURLConnection conn = null;InputStreamReader in = null;try {// 增加的内容if(factory instanceof HttpsURLConnectionFactory) {((HttpsURLConnectionFactory) factory).setHostnameVerifier(new HostnameVerifier() {@Overridepublic boolean verify(String hostname, SSLSession session) {return constructedUrl.getHost().equals(hostname);}});}conn = factory.buildHttpURLConnection(constructedUrl.openConnection());if (CommonUtils.isEmpty(encoding)) {in = new InputStreamReader(conn.getInputStream());} else {in = new InputStreamReader(conn.getInputStream(), encoding);}final StringBuilder builder = new StringBuilder(255);int byteRead;while ((byteRead = in.read()) != -1) {builder.append((char) byteRead);}return builder.toString();} catch (final Exception e) {LOGGER.error(e.getMessage(), e);throw new RuntimeException(e);} finally {closeQuietly(in);if (conn != null) {conn.disconnect();}}}
