Forgive me if this is posted twice, I didn't see the original reply. Also,
In this forum thread: http://forum.springframework.org/showthread.php?t=21693&page=3 It looks like the same problem I am experiencing. The user writes: >> It turned out that zonealarm blocked cookies set by localhost...... The app worked when I used my laptop which rose my suspicion. I have never heard of >> such stupidity from both me and zonelabs..... Could I be suffering from the same issue? My test server is a VM in a zone. Any reply would be appreciated! MG -----Original Message----- From: Griffith, Michael * Sent: Monday, March 02, 2009 1:07 PM To: 'List for Spring users' Subject: RE: [Springframework-user] Authentication Stuck in a loop! This is definitely starting to smell like an Acegi configuration problem. Increasing the debug level on the app shows additional info. As far as I can tell, the user is authenticated, but has no authorization. This shouldn't be the case, as the original URL request "/Repository/component/list.action" should be allowed to ROLE_ANONYMOUS: <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /event/**=ROLE_USER /**=ROLE_ANONYMOUS,ROLE_USER </value> </property> </bean> I tried replacing cas/serviceValidate with cas/proxyValidate and I get the exact same error... Does the log reveal any additional info I am overlooking? 2009-03-02 13:54:09,061 INFO [STDOUT] [Repository] DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes(106) | Converted URL to lowercase, from: '/component/list.action'; to: '/component/list.action' 2009-03-02 13:54:09,061 INFO [STDOUT] [Repository] DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes(118) | Candidate is: '/component/list.action'; pattern is /**; matched=true 2009-03-02 13:54:09,077 INFO [STDOUT] [Repository] DEBUG - FilterChainProxy$VirtualFilterChain.doFilter(270) | /component/list.action at position 1 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.securechannel.channelprocessingfil...@1f5ba55' 2009-03-02 13:54:09,077 INFO [STDOUT] [Repository] DEBUG - RegExpBasedFilterInvocationDefinitionMap.lookupAttributes(107) | Converted URL to lowercase, from: '/component/list.action'; to: '/component/list.action' 2009-03-02 13:54:09,077 INFO [STDOUT] [Repository] DEBUG - RegExpBasedFilterInvocationDefinitionMap.lookupAttributes(117) | Candidate is: '/component/list.action'; pattern is \A/secure/.*\Z; matched=false 2009-03-02 13:54:09,077 INFO [STDOUT] [Repository] DEBUG - RegExpBasedFilterInvocationDefinitionMap.lookupAttributes(117) | Candidate is: '/component/list.action'; pattern is \A/j_acegi_cas_security_check.*\Z; matched=false 2009-03-02 13:54:09,077 INFO [STDOUT] [Repository] DEBUG - RegExpBasedFilterInvocationDefinitionMap.lookupAttributes(117) | Candidate is: '/component/list.action'; pattern is \A.*\Z; matched=true 2009-03-02 13:54:09,093 INFO [STDOUT] [Repository] DEBUG - ChannelProcessingFilter.doFilter(128) | Request: FilterInvocation: URL: /component/list.action; ConfigAttributes: [REQUIRES_INSECURE_CHANNEL] 2009-03-02 13:54:09,093 INFO [STDOUT] [Repository] DEBUG - FilterChainProxy$VirtualFilterChain.doFilter(270) | /component/list.action at position 2 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.context.httpsessioncontextintegrationfil...@16a16ae' 2009-03-02 13:54:09,093 INFO [STDOUT] [Repository] DEBUG - HttpSessionContextIntegrationFilter.readSecurityContextFromSession(288) | No HttpSession currently exists 2009-03-02 13:54:09,093 INFO [STDOUT] [Repository] DEBUG - HttpSessionContextIntegrationFilter.doFilter(223) | New SecurityContext instance will be associated with SecurityContextHolder 2009-03-02 13:54:09,108 INFO [STDOUT] [Repository] DEBUG - FilterChainProxy$VirtualFilterChain.doFilter(270) | /component/list.action at position 3 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.ui.logout.logoutfil...@8b49e4' 2009-03-02 13:54:09,108 INFO [STDOUT] [Repository] DEBUG - FilterChainProxy$VirtualFilterChain.doFilter(270) | /component/list.action at position 4 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.ui.cas.casprocessingfil...@a01a10' 2009-03-02 13:54:09,108 INFO [STDOUT] [Repository] DEBUG - FilterChainProxy$VirtualFilterChain.doFilter(270) | /component/list.action at position 5 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.ui.basicauth.basicprocessingfil...@10f3bd7' 2009-03-02 13:54:09,108 INFO [STDOUT] [Repository] DEBUG - BasicProcessingFilter.doFilter(115) | Authorization header: null 2009-03-02 13:54:09,108 INFO [STDOUT] [Repository] DEBUG - FilterChainProxy$VirtualFilterChain.doFilter(270) | /component/list.action at position 6 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.ui.exceptiontranslationfil...@121cef5' 2009-03-02 13:54:09,108 INFO [STDOUT] [Repository] DEBUG - FilterChainProxy$VirtualFilterChain.doFilter(270) | /component/list.action at position 7 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.intercept.web.filtersecurityintercep...@9a5a48' 2009-03-02 13:54:09,124 INFO [STDOUT] [Repository] DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes(106) | Converted URL to lowercase, from: '/component/list.action'; to: '/component/list.action' 2009-03-02 13:54:09,124 INFO [STDOUT] [Repository] DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes(118) | Candidate is: '/component/list.action'; pattern is /event/**; matched=false 2009-03-02 13:54:09,124 INFO [STDOUT] [Repository] DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes(118) | Candidate is: '/component/list.action'; pattern is /**; matched=true 2009-03-02 13:54:09,124 INFO [STDOUT] [Repository] DEBUG - AbstractSecurityInterceptor.beforeInvocation(284) | Secure object: FilterInvocation: URL: /component/list.action; ConfigAttributes: [ROLE_ANONYMOUS, ROLE_USER] 2009-03-02 13:54:09,124 INFO [STDOUT] [Repository] DEBUG - ExceptionTranslationFilter.handleException(166) | Authentication exception occurred; redirecting to authentication entry point org.acegisecurity.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext at org.acegisecurity.intercept.AbstractSecurityInterceptor.credentialsNotFo und(AbstractSecurityInterceptor.java:375) at org.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation (AbstractSecurityInterceptor.java:288) 2009-03-02 13:54:09,155 INFO [STDOUT] [Repository] DEBUG - ExceptionTranslationFilter.sendStartAuthentication(216) | Authentication entry point being called; SavedRequest added to Session: SavedRequest[http://fdswa061.fda.gov:8080/Repository/component/list.acti on] 2009-03-02 13:54:09,171 INFO [STDOUT] [Repository] DEBUG - HttpSessionContextIntegrationFilter.doFilter(269) | SecurityContextHolder now cleared, as request processing completed 2009-03-02 13:54:09,858 INFO [STDOUT] [Repository] DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes(106) | Converted URL to lowercase, from: '/j_acegi_cas_security_check'; to: '/j_acegi_cas_security_check' 2009-03-02 13:54:09,858 INFO [STDOUT] [Repository] DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes(118) | Candidate is: '/j_acegi_cas_security_check'; pattern is /**; matched=true 2009-03-02 13:54:09,858 INFO [STDOUT] [Repository] DEBUG - FilterChainProxy$VirtualFilterChain.doFilter(270) | /j_acegi_cas_security_check?ticket=ST-1198-VqgVa3hJn3hmH2kH6d1p-cas at position 1 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.securechannel.channelprocessingfil...@1f5ba55' 2009-03-02 13:54:09,874 INFO [STDOUT] [Repository] DEBUG - RegExpBasedFilterInvocationDefinitionMap.lookupAttributes(107) | Converted URL to lowercase, from: '/j_acegi_cas_security_check?ticket=st-1198-vqgva3hjn3hmh2kh6d1p-cas'; to: '/j_acegi_cas_security_check?ticket=st-1198-vqgva3hjn3hmh2kh6d1p-cas' 2009-03-02 13:54:09,874 INFO [STDOUT] [Repository] DEBUG - RegExpBasedFilterInvocationDefinitionMap.lookupAttributes(117) | Candidate is: '/j_acegi_cas_security_check?ticket=st-1198-vqgva3hjn3hmh2kh6d1p-cas'; pattern is \A/secure/.*\Z; matched=false 2009-03-02 13:54:09,874 INFO [STDOUT] [Repository] DEBUG - RegExpBasedFilterInvocationDefinitionMap.lookupAttributes(117) | Candidate is: '/j_acegi_cas_security_check?ticket=st-1198-vqgva3hjn3hmh2kh6d1p-cas'; pattern is \A/j_acegi_cas_security_check.*\Z; matched=true 2009-03-02 13:54:09,874 INFO [STDOUT] [Repository] DEBUG - ChannelProcessingFilter.doFilter(128) | Request: FilterInvocation: URL: /j_acegi_cas_security_check?ticket=ST-1198-VqgVa3hJn3hmH2kH6d1p-cas; ConfigAttributes: [REQUIRES_SECURE_CHANNEL] 2009-03-02 13:54:09,874 INFO [STDOUT] [Repository] DEBUG - RetryWithHttpsEntryPoint.commence(91) | Redirecting to: https://fdswa061.fda.gov:8443/Repository/j_acegi_cas_security_check?tick et=ST-1198-VqgVa3hJn3hmH2kH6d1p-cas 2009-03-02 13:54:11,764 INFO [STDOUT] [Repository] DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes(106) | Converted URL to lowercase, from: '/j_acegi_cas_security_check'; to: '/j_acegi_cas_security_check' 2009-03-02 13:54:11,843 INFO [STDOUT] [Repository] DEBUG - PathBasedFilterInvocationDefinitionMap.lookupAttributes(118) | Candidate is: '/j_acegi_cas_security_check'; pattern is /**; matched=true 2009-03-02 13:54:11,843 INFO [STDOUT] [Repository] DEBUG - FilterChainProxy$VirtualFilterChain.doFilter(270) | /j_acegi_cas_security_check?ticket=ST-1198-VqgVa3hJn3hmH2kH6d1p-cas at position 1 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.securechannel.channelprocessingfil...@1f5ba55' 2009-03-02 13:54:11,858 INFO [STDOUT] [Repository] DEBUG - RegExpBasedFilterInvocationDefinitionMap.lookupAttributes(107) | Converted URL to lowercase, from: '/j_acegi_cas_security_check?ticket=st-1198-vqgva3hjn3hmh2kh6d1p-cas'; to: '/j_acegi_cas_security_check?ticket=st-1198-vqgva3hjn3hmh2kh6d1p-cas' 2009-03-02 13:54:11,858 INFO [STDOUT] [Repository] DEBUG - RegExpBasedFilterInvocationDefinitionMap.lookupAttributes(117) | Candidate is: '/j_acegi_cas_security_check?ticket=st-1198-vqgva3hjn3hmh2kh6d1p-cas'; pattern is \A/secure/.*\Z; matched=false 2009-03-02 13:54:11,858 INFO [STDOUT] [Repository] DEBUG - RegExpBasedFilterInvocationDefinitionMap.lookupAttributes(117) | Candidate is: '/j_acegi_cas_security_check?ticket=st-1198-vqgva3hjn3hmh2kh6d1p-cas'; pattern is \A/j_acegi_cas_security_check.*\Z; matched=true 2009-03-02 13:54:11,874 INFO [STDOUT] [Repository] DEBUG - ChannelProcessingFilter.doFilter(128) | Request: FilterInvocation: URL: /j_acegi_cas_security_check?ticket=ST-1198-VqgVa3hJn3hmH2kH6d1p-cas; ConfigAttributes: [REQUIRES_SECURE_CHANNEL] 2009-03-02 13:54:11,874 INFO [STDOUT] [Repository] DEBUG - FilterChainProxy$VirtualFilterChain.doFilter(270) | /j_acegi_cas_security_check?ticket=ST-1198-VqgVa3hJn3hmH2kH6d1p-cas at position 2 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.context.httpsessioncontextintegrationfil...@16a16ae' 2009-03-02 13:54:11,874 INFO [STDOUT] [Repository] DEBUG - HttpSessionContextIntegrationFilter.readSecurityContextFromSession(300) | HttpSession returned null object for ACEGI_SECURITY_CONTEXT 2009-03-02 13:54:11,874 INFO [STDOUT] [Repository] DEBUG - HttpSessionContextIntegrationFilter.doFilter(223) | New SecurityContext instance will be associated with SecurityContextHolder 2009-03-02 13:54:11,874 INFO [STDOUT] [Repository] DEBUG - FilterChainProxy$VirtualFilterChain.doFilter(270) | /j_acegi_cas_security_check?ticket=ST-1198-VqgVa3hJn3hmH2kH6d1p-cas at position 3 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.ui.logout.logoutfil...@8b49e4' 2009-03-02 13:54:11,874 INFO [STDOUT] [Repository] DEBUG - FilterChainProxy$VirtualFilterChain.doFilter(270) | /j_acegi_cas_security_check?ticket=ST-1198-VqgVa3hJn3hmH2kH6d1p-cas at position 4 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.ui.cas.casprocessingfil...@a01a10' -----Original Message----- From: CV - Peinado Rodrigo [mailto:[email protected]] Sent: Monday, March 02, 2009 7:12 AM To: List for Spring users Subject: Re: [Springframework-user] Authentication Stuck in a loop! Are you sure about this bean's configuration? It's pointing to a HTTPS service and the "trustStore" properties is not defined, also I think "casValidate" should be cas/proxyValidate not cas/serviceValidate <bean id="casProxyTicketValidator" class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketVal idat or"> <property name="casValidate" value="https://fdssa144d.fda.gov:8443/cas/serviceValidate"/> <!-- <property name="proxyCallbackUrl" value="http://localhost:8443/contacts-cas/casProxy/receptor"/> --> <property name="serviceProperties"><ref local="serviceProperties"/></property> <!-- <property name="trustStore"><value>/some/path/to/your/lib/security/cacerts</value> </pr operty> --> </bean> If you put Acegi and Spring logger in debug level you will see why is not authenticating: -Add log4j.jar to WEB-INF/lib -Add log4j.xml to WEB-INF/classes with this text inside: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE log4j:configuration SYSTEM "log4j.dtd"> <log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/";> <appender name="logfile" class="org.apache.log4j.RollingFileAppender"> <param name="file" value="cas-application.log"/> <layout class="org.apache.log4j.PatternLayout"> <param name="ConversionPattern" value="%d-%5p(%F:%L)%m%n"/> </layout> </appender> <root> <level value="DEBUG" /> <appender-ref ref="logfile" /> </root> </log4j:configuration> You will get a file named cas-application.log. -----Mensaje original----- De: Griffith, Michael * [mailto:[email protected]] Enviado el: Viernes, 27 de Febrero de 2009 08:59 p.m. Para: List for Spring users Asunto: Re: [Springframework-user] Authentication Stuck in a loop! This is really strange to me. The exact same application works on my local machine, and goes into an infinite loop on the test server. I even removed Apache and mod_jk from the equation to eliminate them from the mix. The only thing that changes from my local host to my test server is the serviceProperties element. On my local host, I can use either localhost or the host name of the computer, and it works just fine. <bean id="serviceProperties" class="org.acegisecurity.ui.cas.ServiceProperties"> <!-- <property name="service" value="http://localhost:8080/Repository/j_acegi_cas_security_check"/> --> <property name="service" value="http://ocl00822257.fda.gov/Repository/j_acegi_cas_security_check"; /> <property name="sendRenew" value="false"/> </bean> On the test server, it keeps sending the request over and over and over... Any help would be appreciated. My Spring bean configuration for Acegi and CAS is attached... MG -----Original Message----- From: Griffith, Michael * [mailto:[email protected]] Sent: Friday, February 27, 2009 2:17 PM To: List for Spring users Subject: Re: [Springframework-user] Authentication Stuck in a loop! Rodrigo, Again, thanks for the reply! My filterInvocationInterceptor is configured as follows: <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /event/**=ROLE_USER /**=ROLE_ANONYMOUS,ROLE_USER </value> </property> </bean> The way I read it, the authenticationFailureUrl is effectively bypassed, isn't it? MG -----Original Message----- From: CV - Peinado Rodrigo [mailto:[email protected]] Sent: Friday, February 27, 2009 2:06 PM To: List for Spring users Subject: Re: [Springframework-user] Authentication Stuck in a loop! Keep that URL but configure filterInvocationInterceptor (org.acegisecurity.intercept.web.FilterSecurityInterceptor) to bypass authentication for that URL. -----Mensaje original----- De: Griffith, Michael * [mailto:[email protected]] Enviado el: Viernes, 27 de Febrero de 2009 05:51 p.m. Para: List for Spring users Asunto: Re: [Springframework-user] Authentication Stuck in a loop! Rodrigo, Thanks for your reply! In my case, the property is set to: <property name="authenticationFailureUrl"><value>/public/login.action?login_error= 1</value></property> Which explains the infinite loop. If I have a casFailure.jsp, what would be the appropriate way to show the login failure, with as much technical detail as possible? mg -----Original Message----- From: CV - Peinado Rodrigo [mailto:[email protected]] Sent: Friday, February 27, 2009 1:01 PM To: List for Spring users Subject: Re: [Springframework-user] Authentication Stuck in a loop! Hi Michael. In the first log when authentication fails it should be redirecting to an 'authenticationFailureUrl' configured in the 'CasProcessingFilter' of your application. That URL must not be secured so it can be reached without authentication (if not it will enter in loop). Usually that URL points to a page 'casfailed.jsp' that shows an error message. If you put Acegi and Spring logger in debug level maybe we can get more information. Rodrigo. -----Mensaje original----- De: Griffith, Michael * [mailto:[email protected]] Enviado el: Viernes, 27 de Febrero de 2009 04:00 p.m. Para: List for Spring users Asunto: [Springframework-user] Authentication Stuck in a loop! Hello Fellow List Readers ... I'm not sure if this is an Apache problem or CAS problem, or possibly a problem with my application Acegi configuration. I'm hoping someone can give me a shove in the right direction. We have a CAS server 3.3.1 running under Jboss 4.0.2. The CAS Server is configured to use the SPNEGO Authentication Handler. I have a custom Java application which is a client, running under Jboss 4.2.3, fronted by Apache 2.2. using mod_jk. In my local environment, authentication works exactly right, however, when I deploy the application on my test server it looks as if the authentication fails at the application level, but the log file from the CAS server doesn't seem to indicate it. Both localhost and test server are configured exactly the same way, except I am logged into my localhost and I am not on the Test Server. Below is the access log files from Apache. You can see what is happening with my test server is that it is going into an infinite loop, not being able to log in. Test Server Apache Access Log (Not working) 10.148.9.69 - - [26/Feb/2009:16:28:58 -0500] "GET /Repository/component/list.action HTTP/1.1" 302 - 10.148.9.69 - - [26/Feb/2009:16:28:59 -0500] "GET /Repository/j_acegi_cas_security_check?ticket=ST-2172-FxfuJJVqXkwqflT5Ru 3d-cas HTTP/1.1" 302 - 10.148.9.69 - - [26/Feb/2009:16:28:59 -0500] "GET /Repository/public/login.action?login_error=1 HTTP/1.1" 302 - 10.148.9.69 - - [26/Feb/2009:16:29:00 -0500] "GET /Repository/j_acegi_cas_security_check?ticket=ST-2173-fj6p5HesGJygB5Kh6O He-cas HTTP/1.1" 302 - 10.148.9.69 - - [26/Feb/2009:16:29:00 -0500] "GET /Repository/public/login.action?login_error=1 HTTP/1.1" 302 - LocalHost Apache Access Log (Works fine) 10.148.9.69 - - [26/Feb/2009:14:14:08 -0600] "GET /Repository/component/list.action HTTP/1.1" 302 - 10.148.9.69 - - [26/Feb/2009:14:14:09 -0600] "GET /Repository/j_acegi_cas_security_check;jsessionid=5EA5A6CA0FFF90402D9598 4401F4BA26?ticket=ST-1435-puHmdwa6WMzRsR5tq3K7-cas HTTP/1.1" 302 - 10.148.9.69 - - [26/Feb/2009:14:14:09 -0600] "GET /Repository/j_acegi_cas_security_check?ticket=ST-1435-puHmdwa6WMzRsR5tq3 K7-cas HTTP/1.1" 302 - 10.148.9.69 - - [26/Feb/2009:14:14:12 -0600] "GET /Repository/component/list.action HTTP/1.1" 200 4080 My custom web app is using Acegi Security, configured to authenticate using the CAS client. You can see in the log file that the login appears to fail, and it goes into an infinite loop. A response is never returned to the browser, and the log file continues to grow with the same entries over and over. Below is the log from the CAS Server, as far as I can tell, the CAS server is not throwing any exceptions, or having trouble verifying the user. From what I can tell, I think I have the debug info from one login request below: Any reply would be greatly appreciated! ++++ 2009-02-26 21:45:29,107 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.InitialFlowSetupAction - Action 'InitialFlowSetupAction' completed execution; result is 'success' 2009-02-26 21:45:29,175 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction - Action 'SpnegoNegociateCredentialsAction' beginning execution 2009-02-26 21:45:29,177 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction - Authorization header not found. Sending WWW-Authenticate header 2009-02-26 21:45:29,178 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction - Action 'SpnegoNegociateCredentialsAction' completed execution; result is 'success' 2009-02-26 21:45:29,178 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction - Action 'SpnegoCredentialsAction' beginning execution 2009-02-26 21:45:29,179 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction - Action 'SpnegoCredentialsAction' completed execution; result is 'error' 2009-02-26 21:45:29,179 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' beginning execution 2009-02-26 21:45:29,189 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - Executing setupForm 2009-02-26 21:45:29,191 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - Creating new form object with name 'credentials' 2009-02-26 21:45:29,192 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] 2009-02-26 21:45:29,193 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials' 2009-02-26 21:45:29,194 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - Creating new form errors for object with name 'credentials' 2009-02-26 21:45:29,221 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - No property editor registrar set, no custom editors to register 2009-02-26 21:45:29,234 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - Putting form errors instance in scope Flash 2009-02-26 21:45:29,235 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' completed execution; result is 'success' 2009-02-26 21:45:29,235 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' beginning execution 2009-02-26 21:45:29,236 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' completed execution; result is 'success' 2009-02-26 21:45:34,587 [http-0.0.0.0-8080-1] DEBUG org.jasig.cas.web.flow.InitialFlowSetupAction - Action 'InitialFlowSetupAction' beginning execution 2009-02-26 21:45:34,587 [http-0.0.0.0-8080-1] DEBUG org.jasig.cas.web.support.CasArgumentExtractor - Extractor did not generate service. 2009-02-26 21:45:34,588 [http-0.0.0.0-8080-1] DEBUG org.jasig.cas.web.support.SamlArgumentExtractor - Extractor did not generate service. 2009-02-26 21:45:34,588 [http-0.0.0.0-8080-1] DEBUG org.jasig.cas.web.flow.InitialFlowSetupAction - Action 'InitialFlowSetupAction' completed execution; result is 'success' 2009-02-26 21:45:34,590 [http-0.0.0.0-8080-1] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction - Action 'SpnegoNegociateCredentialsAction' beginning execution 2009-02-26 21:45:34,591 [http-0.0.0.0-8080-1] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction - Action 'SpnegoNegociateCredentialsAction' completed execution; result is 'success' 2009-02-26 21:45:34,591 [http-0.0.0.0-8080-1] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction - Action 'SpnegoCredentialsAction' beginning execution 2009-02-26 21:45:34,592 [http-0.0.0.0-8080-1] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction - SPNEGO Authorization header found with 3796 bytes 2009-02-26 21:45:34,604 [http-0.0.0.0-8080-1] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction - Obtained token! 2009-02-26 21:45:34,614 [http-0.0.0.0-8080-1] DEBUG org.jasig.cas.CentralAuthenticationServiceImpl - Attempting to create TicketGrantingTicket for Principal is null Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator true KeyTab is /opt/appian/FDSACASSPNacct.keytab refreshKrb5Config is false principal is HTTP/[email protected] tryFirstPass is false useFirstPass is false storePass is false clearPass is false >>> KeyTabInputStream, readName(): FDA.GOV KeyTabInputStream, >>> readName(): HTTP KeyTabInputStream, readName(): fdssa144d.fda.gov >>> KeyTab: load() entry length: 57; type: 3 Added key: 3version: 6 Ordering keys wrt default_tkt_enctypes list Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 3 1 23 16 17. principal's key obtained from the keytab Acquire TGT using AS Exchange Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 3 1 23 16 17. >>> KrbAsReq calling createMessage >>> KrbAsReq in createMessage >>> KrbKdcReq send: kdc=frs02.fda.gov UDP:88, timeout=30000, number of retries =3, #bytes=145 >>> KDCCommunication: kdc=frs02.fda.gov UDP:88, timeout=30000,Attempt =1, #bytes=145 >>> KrbKdcReq send: #bytes read=207 >>> KrbKdcReq send: #bytes read=207 >>> KDCRep: init() encoding tag is 126 req type is 11 >>>KRBError: sTime is Thu Feb 26 21:45:34 GMT 2009 1235684734000 suSec is 189462 error code is 25 error Message is Additional pre-authentication required realm is FDA.GOV sname is krbtgt/FDA.GOV eData provided. msgType is 30 >>>Pre-Authentication Data: PA-DATA type = 11 PA-ETYPE-INFO etype = 3 >>>Pre-Authentication Data: PA-DATA type = 2 PA-ENC-TIMESTAMP >>>Pre-Authentication Data: PA-DATA type = 15 AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ Updated salt from pre-auth = FDA.GOVHTTPfdssa144d.fda.gov >>>KrbAsReq salt is FDA.GOVHTTPfdssa144d.fda.gov Pre-Authenticaton: find key for etype = 3 AS-REQ: Add PA_ENC_TIMESTAMP now >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType >>> KrbAsReq calling createMessage >>> KrbAsReq in createMessage >>> KrbKdcReq send: kdc=frs02.fda.gov UDP:88, timeout=30000, number of retries =3, #bytes=229 >>> KDCCommunication: kdc=frs02.fda.gov UDP:88, timeout=30000,Attempt =1, #bytes=229 >>> KrbKdcReq send: #bytes read=1300 >>> KrbKdcReq send: #bytes read=1300 >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType >>> KrbAsRep cons in KrbAsReq.getReply HTTP/fdssa144d.fda.gov principal is HTTP/[email protected] EncryptionKey: keyType=3 keyBytes (hex dump)=0000: F7 C1 85 86 89 EF 04 25 Added server's keyKerberos Principal HTTP/[email protected] Version 6key EncryptionKey: keyType=3 keyBytes (hex dump)= [Krb5LoginModule] added Krb5Principal HTTP/[email protected] to Subject Commit Succeeded Found key for HTTP/[email protected](3) Entered Krb5Context.acceptSecContext with state=STATE_NEW >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType Using builtin default etypes for permitted_enctypes default etypes for permitted_enctypes: 3 1 23 16 17. >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType >>> Config reset default kdc FDA.GOV replay cache for [email protected] is null. object 0: 1235684735006/6622 object 0: 1235684735006/6622 >>> KrbApReq: authenticate succeed. >>> EType: sun.security.krb5.internal.crypto.NullEType >>>Delegated Creds have [email protected] sname=krbtgt/[email protected] authtime=null starttime=20090226214531Z endtime=20090227065112ZrenewTill=20090305205112Z Krb5Context setting peerSeqNumber to: 145606174 >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType Krb5Context setting mySeqNumber to: 255498812 2009-02-26 21:45:34,995 [http-0.0.0.0-8080-1] DEBUG org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoA uthenticationHandler - Setting nextToken in credentials 2009-02-26 21:45:34,996 [http-0.0.0.0-8080-1] DEBUG org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoA uthenticationHandler - Kerberos Credentials is valid for user [[email protected]] 2009-02-26 21:45:34,998 [http-0.0.0.0-8080-1] INFO org.jasig.cas.authentication.AuthenticationManagerImpl - AuthenticationHandler: org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoA uthenticationHandler successfully authenticated the user which provided the following credentials: Michael.Griffith 2009-02-26 21:45:34,998 [http-0.0.0.0-8080-1] DEBUG org.jasig.cas.support.spnego.authentication.principal.SpnegoCredentialsT oPrincipalResolver - Attempting to resolve a principal... 2009-02-26 21:45:35,000 [http-0.0.0.0-8080-1] DEBUG org.jasig.cas.support.spnego.authentication.principal.SpnegoCredentialsT oPrincipalResolver - Creating SimplePrincipal for [Michael.Griffith] 2009-02-26 21:45:35,032 [http-0.0.0.0-8080-1] DEBUG org.jasig.cas.ticket.registry.DefaultTicketRegistry - Added ticket [TGT-1-Vivu9uKMdxEaJrtgcemPibBQT5PJbS9gOEICY6TP3Cezlu6FAy-cas] to registry. 2009-02-26 21:45:35,033 [http-0.0.0.0-8080-1] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction - Obtained output token! 2009-02-26 21:45:35,034 [http-0.0.0.0-8080-1] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction - Action 'SpnegoCredentialsAction' completed execution; result is 'success' 2009-02-26 21:45:35,035 [http-0.0.0.0-8080-1] DEBUG org.jasig.cas.web.flow.SendTicketGrantingTicketAction - Action 'SendTicketGrantingTicketAction' beginning execution 2009-02-26 21:45:35,036 [http-0.0.0.0-8080-1] DEBUG org.jasig.cas.web.support.CookieRetrievingCookieGenerator - Added cookie with name [CASTGC] and value [TGT-1-Vivu9uKMdxEaJrtgcemPibBQT5PJbS9gOEICY6TP3Cezlu6FAy-cas] 2009-02-26 21:45:35,037 [http-0.0.0.0-8080-1] DEBUG org.jasig.cas.web.flow.SendTicketGrantingTicketAction - Action 'SendTicketGrantingTicketAction' completed execution; result is 'success' 2009-02-26 21:46:14,635 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.InitialFlowSetupAction - Action 'InitialFlowSetupAction' beginning execution 2009-02-26 21:46:14,636 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.support.CasArgumentExtractor - Extractor did not generate service. 2009-02-26 21:46:14,636 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.support.SamlArgumentExtractor - Extractor did not generate service. 2009-02-26 21:46:14,637 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.InitialFlowSetupAction - Action 'InitialFlowSetupAction' completed execution; result is 'success' 2009-02-26 21:46:14,638 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction - Action 'SpnegoNegociateCredentialsAction' beginning execution 2009-02-26 21:46:14,639 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction - Authorization header not found. Sending WWW-Authenticate header 2009-02-26 21:46:14,639 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction - Action 'SpnegoNegociateCredentialsAction' completed execution; result is 'success' 2009-02-26 21:46:14,640 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction - Action 'SpnegoCredentialsAction' beginning execution 2009-02-26 21:46:14,640 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction - Action 'SpnegoCredentialsAction' completed execution; result is 'error' 2009-02-26 21:46:14,641 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' beginning execution 2009-02-26 21:46:14,641 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - Executing setupForm 2009-02-26 21:46:14,641 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - Creating new form object with name 'credentials' 2009-02-26 21:46:14,642 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] 2009-02-26 21:46:14,642 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials' 2009-02-26 21:46:14,643 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - Creating new form errors for object with name 'credentials' 2009-02-26 21:46:14,643 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - No property editor registrar set, no custom editors to register 2009-02-26 21:46:14,643 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - Putting form errors instance in scope Flash 2009-02-26 21:46:14,644 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' completed execution; result is 'success' 2009-02-26 21:46:14,644 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' beginning execution 2009-02-26 21:46:14,645 [http-0.0.0.0-8080-2] DEBUG org.jasig.cas.web.flow.AuthenticationViaFormAction - Action 'AuthenticationViaFormAction' completed execution; result is 'success' 2009-02-26 21:46:57,568 [http-0.0.0.0-8080-3] DEBUG org.jasig.cas.web.flow.InitialFlowSetupAction - Action 'InitialFlowSetupAction' beginning execution 2009-02-26 21:46:57,569 [http-0.0.0.0-8080-3] DEBUG org.jasig.cas.web.support.CasArgumentExtractor - Extractor did not generate service. 2009-02-26 21:46:57,569 [http-0.0.0.0-8080-3] DEBUG org.jasig.cas.web.support.SamlArgumentExtractor - Extractor did not generate service. 2009-02-26 21:46:57,570 [http-0.0.0.0-8080-3] DEBUG org.jasig.cas.web.flow.InitialFlowSetupAction - Action 'InitialFlowSetupAction' completed execution; result is 'success' 2009-02-26 21:46:57,571 [http-0.0.0.0-8080-3] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction - Action 'SpnegoNegociateCredentialsAction' beginning execution 2009-02-26 21:46:57,571 [http-0.0.0.0-8080-3] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction - Action 'SpnegoNegociateCredentialsAction' completed execution; result is 'success' 2009-02-26 21:46:57,572 [http-0.0.0.0-8080-3] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction - Action 'SpnegoCredentialsAction' beginning execution 2009-02-26 21:46:57,572 [http-0.0.0.0-8080-3] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction - SPNEGO Authorization header found with 56 bytes 2009-02-26 21:46:57,573 [http-0.0.0.0-8080-3] DEBUG org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction - Obtained token: NTLMSSP ------------------------------------------------------------------------ ---- -- Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Springframework-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/springframework-user *** ADVERTENCIA *** - El contenido del presente mensaje y los archivos adjuntos que pudiera contener son privados, estrictamente confidenciales y exclusivos para su destinatario, pudiendo contener informacion protegida por normas legales y de secreto profesional. Bajo ninguna circunstancia su contenido puede ser transmitido o revelado a terceros ni divulgado en forma alguna. En consecuencia de haberlo recibido por error, rogamos contactar al remitente y eliminarlo de su sistema. No nos responsabilizamos por la integridad y la seguridad de este mensaje, ya que el mismo podria estar sujeto a manipulaciones ilegales de informacion. *** WARNING *** - The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. The integrity and security of this message cannot be guaranteed and it may be subject to unauthorized amendment, for which we accept no liability. ------------------------------------------------------------------------ ------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Springframework-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/springframework-user ------------------------------------------------------------------------ ---- -- Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Springframework-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/springframework-user *** ADVERTENCIA *** - El contenido del presente mensaje y los archivos adjuntos que pudiera contener son privados, estrictamente confidenciales y exclusivos para su destinatario, pudiendo contener informacion protegida por normas legales y de secreto profesional. Bajo ninguna circunstancia su contenido puede ser transmitido o revelado a terceros ni divulgado en forma alguna. En consecuencia de haberlo recibido por error, rogamos contactar al remitente y eliminarlo de su sistema. No nos responsabilizamos por la integridad y la seguridad de este mensaje, ya que el mismo podria estar sujeto a manipulaciones ilegales de informacion. *** WARNING *** - The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. The integrity and security of this message cannot be guaranteed and it may be subject to unauthorized amendment, for which we accept no liability. ------------------------------------------------------------------------ ------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Springframework-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/springframework-user ------------------------------------------------------------------------ ------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Springframework-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/springframework-user *** ADVERTENCIA *** - El contenido del presente mensaje y los archivos adjuntos que pudiera contener son privados, estrictamente confidenciales y exclusivos para su destinatario, pudiendo contener informacion protegida por normas legales y de secreto profesional. Bajo ninguna circunstancia su contenido puede ser transmitido o revelado a terceros ni divulgado en forma alguna. En consecuencia de haberlo recibido por error, rogamos contactar al remitente y eliminarlo de su sistema. No nos responsabilizamos por la integridad y la seguridad de este mensaje, ya que el mismo podria estar sujeto a manipulaciones ilegales de informacion. *** WARNING *** - The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. The integrity and security of this message cannot be guaranteed and it may be subject to unauthorized amendment, for which we accept no liability. ------------------------------------------------------------------------ ------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Springframework-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/springframework-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
