Ben Alex wrote:
Hi Julien
This is very strange, for several reasons. Here is the code from CasAuthenticationProvider:
private CasAuthenticationToken authenticateNow(
Authentication authentication) throws AuthenticationException {
// Validate
TicketResponse response = ticketValidator.confirmTicketValid(authentication.getCredentials()
.toString());
// Check proxy list is trusted
this.casProxyDecider.confirmProxyListTrusted(response.getProxyList());
// Build list of granted authorities
GrantedAuthority[] ga = this.casAuthoritiesPopulator.getAuthorities(response
.getUser());
// Construct CasAuthenticationToken return new CasAuthenticationToken(this.key, response.getUser(), authentication.getCredentials(), ga, response.getProxyList(), response.getProxyGrantingTicketIou()); }
What you're seeing is odd because for the method to get to the point of trying to construct CasAuthenticationToken, it has already used the casProxyDecider. If you're using any of the Acegi Security-provided implementations of CasProxyDecider, they use the code:
if (proxyList == null) {
throw new IllegalArgumentException("proxyList cannot be null");
}
So I'm unsure how you even get to the point of CasAuthenticationToken being constructed if the TicketResponse.proxyList is null. Curiously, your stack trace refers to CasAuthenticationProvider.java:226. In CVS HEAD the file stops at line 222. I'm guessing you've added some debug lines, but have you changed any actual code?
It's true that CasAuthenticationToken, CasProxyDecider and others all expect the TicketResponse to contain no null values. Even if you're not using the proxy callback capabilities, the TicketValidator constructor sets up sensible non-null defaults if null is passed in:
public TicketResponse(String user, List proxyList, String proxyGrantingTicketIou) { if (proxyList == null) { proxyList = new Vector(); }
if (proxyGrantingTicketIou == null) { proxyGrantingTicketIou = ""; }
So, how you're ending up with a null in TicketResponse is of interest. There is even a unit test which checks it works (TicketResponseTests):
public void testConstructorAcceptsNullProxyGrantingTicketIOU() {
TicketResponse ticket = new TicketResponse("marissa", new Vector(), null);
assertEquals("", ticket.getProxyGrantingTicketIou());
}
public void testConstructorAcceptsNullProxyList() {
TicketResponse ticket = new TicketResponse("marissa", null,
"PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
assertEquals(new Vector(), ticket.getProxyList());
}
I think it would help if you could confirm your CasAuthenticationToken.authenticateNow method looks like the block above. Then add in a logger.debug(response.toString()) after the ticketValidator.confirmTicketValid line. It will shed some light on whether the TicketResponse contains a null to begin with. It might also help to checkout CVS HEAD (or 0.51 should be fine as the CAS code hasn't changed since then), to ensure we're both using the same code.
Best regards Ben
Hello Ben,
I use the 0.51 release in which I put some logging lines. That is the TicketResponse.getProxyGrantingTicketIou()
that return an empty string that causes the exception to be thrown. When I comment out the test
"".equals(proxyGrantingTicketIou) at line 69 into CasAuthenticationToken.java, everything happens
as expected. The unit test show that there will never be a null value, but also that an empty
string can happen. Perhaps the ticket emptyness should checked only for a non empty list of
proxies :-).
Thanks a lot for your answer,
Julien
PS : Thanks to all Acegi Security developers !
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
