As a part of performance testing, we were seeing following
behavior for OOTB cas. When you go to following url
http://server/cas/login?username=test&password=test<=_cAAAA_kBBB&_eventId=submit
(note it is ‘& lt’ without space and not ‘<’ if displayed incorrectly)
cas goes in a redirect loop. Spring logs, shows following
2011-12-28 15:52:45,328 DEBUG
[org.jasig.cas.web.NoSuchFlowExecutionExceptionResolver] - Error getting flow
information for
URL:/cas/login?username=test&password=test<=_cAAAA_kBBB&_eventId=submit
org.springframework.webflow.execution.repository.NoSuchFlowExecutionException:
No flow execution could be found with key '_cAAAA_kBBB' -- perhaps this
executing flow has ended or expired? This could happen if your users are
relying on browser history (typically via the back button) that references
ended flows.; nested exception is
org.springframework.webflow.conversation.NoSuchConversationException:
No conversation could be found with id 'AAAA' -- perhaps this conversation has
ended?
at
org.springframework.webflow.execution.repository.support.AbstractConversationFlowExecutionRepository.getConversation(AbstractConversationFlowExecutionRepository.java:229)
at
org.springframework.webflow.execution.repository.support.AbstractConversationFlowExecutionRepository.getLock(AbstractConversationFlowExecutionRepository.java:119)
at
org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImpl.java:217)
at
org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:111)
at
org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java:165)
at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:875)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571)
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:501)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at
java.lang.Thread.run(Thread.java:662)
Caused by: org.springframework.webflow.conversation.NoSuchConversationException:
No conversation could be found with id 'AAAA' -- perhaps this conversation has
ended?
at
org.springframework.webflow.conversation.impl.ConversationContainer.getConversation(ConversationContainer.java:107)
at
org.springframework.webflow.conversation.impl.SessionBindingConversationManager.getConversation(SessionBindingConversationManager.java:125)
at
org.springframework.webflow.execution.repository.support.AbstractConversationFlowExecutionRepository.getConversation(AbstractConversationFlowExecutionRepository.java:227)
... 29
more
2011-12-28 15:52:45,328 DEBUG
[org.springframework.web.servlet.DispatcherServlet] - Handler execution
resulted in exception - forwarding to resolved error view: ModelAndView:
materialized View is [org.springframework.web.servlet.view.RedirectView:
unnamed; URL
[/cas/login?username=test&password=test<=_cAAAA_kBBB&_eventId=submit]];
model is null
org.springframework.webflow.execution.repository.NoSuchFlowExecutionException:
No flow execution could be found with key '_cAAAA_kBBB' -- perhaps this
executing flow has ended or expired? This could happen if your users are
relying on browser history (typically via the back button) that references
ended flows.; nested exception is
org.springframework.webflow.conversation.NoSuchConversationException:
No conversation could be found with id 'AAAA' -- perhaps this conversation has
ended?
at
org.springframework.webflow.execution.repository.support.AbstractConversationFlowExecutionRepository.getConversation(AbstractConversationFlowExecutionRepository.java:229)
at
org.springframework.webflow.execution.repository.support.AbstractConversationFlowExecutionRepository.getLock(AbstractConversationFlowExecutionRepository.java:119)
at
org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImpl.java:217)
at
org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:111)
at
org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java:165)
at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:875)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571)
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:501)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at
java.lang.Thread.run(Thread.java:662)
Caused by: org.springframework.webflow.conversation.NoSuchConversationException:
No conversation could be found with id 'AAAA' -- perhaps this conversation has
ended?
at
org.springframework.webflow.conversation.impl.ConversationContainer.getConversation(ConversationContainer.java:107)
at
org.springframework.webflow.conversation.impl.SessionBindingConversationManager.getConversation(SessionBindingConversationManager.java:125)
at
org.springframework.webflow.execution.repository.support.AbstractConversationFlowExecutionRepository.getConversation(AbstractConversationFlowExecutionRepository.java:227)
... 29
more
2011-12-28 15:52:45,328 DEBUG
[org.springframework.web.servlet.DispatcherServlet] - Rendering view
[org.springframework.web.servlet.view.RedirectView: unnamed; URL
[/cas/login?username=test&password=test<=_cAAAA_kBBB&_eventId=submit]]
in DispatcherServlet with name 'cas'
2011-12-28 15:52:45,328 DEBUG
[org.springframework.web.servlet.DispatcherServlet] - Successfully completed
request
2011-12-28 15:52:45,328 DEBUG
[org.springframework.web.servlet.DispatcherServlet]
- DispatcherServlet with name 'cas' determining Last-Modified value for
[/cas/login]
So the spring correctly throws a ‘NoSuchFlowExecutionExceptionResolver’
which is caught by ‘org.jasig.cas.web.NoSuchFlowExecutionExceptionResolver’.
BUT the user is redirected to the same
url containing incorrect ‘lt’ value.
Is this a know bug? Is there any to avoid the redirection or
at least redirect to correct url (without the ‘lt’)? Please advice
PS: I have read the credentials are not to be passed using a
GET request. But this is part of performance test.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev
