I am trying to deploy CAS 3.3.2 with expired password integration as described
at
http://www.ja-sig.org/wiki/display/CAS/Expired+Password+Integration
I downloaded the files attached to the wiki page and modified
deployConfigContext.xml and log4j.properties:
- cas-server-core/pom.xml
-
cas-server-core/src/main/java/org/jasig/cas/CentralAuthenticationServiceImpl.java
- cas-server-core/src/main/java/org/jasig/cas/CentralAuthenticationService.java
-
cas-server-core/src/main/java/org/jasig/cas/remoting/server/RemoteCentralAuthenticationService.java
- cas-server-core/src/main/java/org/jasig/cas/web/flow/AccountStatusAction.java
-
cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationViaFormAction.java
-
cas-server-core/src/main/java/org/jasig/cas/web/flow/ChooseChangepwdViaFormAction.java
-
cas-server-core/src/main/java/org/jasig/cas/web/support/AbstractAccountStatusGetter.java
-
cas-server-core/src/main/java/org/jasig/cas/web/support/AccountStatusGetter.java
-
cas-server-core/src/main/java/org/jasig/cas/web/support/ExtendedLdapAccountStatusGetter.java
- cas-server-webapp/src/main/webapp/WEB-INF/classes/log4j.properties
- cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml
- cas-server-webapp/src/main/webapp/WEB-INF/login-webflow.xml
Piece of deployConfigContext.xml:
<bean id="accountStatusGetter"
class="org.jasig.cas.web.support.ExtendedLdapAccountStatusGetter"
p:filter="mail=%u"
p:statusAttributeName="shadowexpire"
p:searchBase="ou=People,dc=unipr,dc=it"
p:contextSource-ref="contextSource"
p:daysTillLocked="365"
p:warningDays="30"
/>
I modified ExtendedLdapAccountStatusGetter.java to check if shadowexpire (days
from 1970-01-01) is in the past.
I build the cas.war and deploy it.
This is the resulting log with a test user with shadowexpire=13000 (represents
2005-08-05).
2009-05-11 10:00:18,354 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - (Any field is allowed)
2009-05-11 10:00:18,354 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Binding completed for
form object with name 'credentials', post-bind formObject toString =
[username: "<TEST USER>"]
2009-05-11 10:00:18,354 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - There are [0] errors,
details: []
2009-05-11 10:00:18,354 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing validation
2009-05-11 10:00:18,354 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Invoking validator
org.jasig.cas.validation.usernamepasswordcredentialsvalida...@44c6b80e
2009-05-11 10:00:18,355 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Validation completed
for form object
2009-05-11 10:00:18,355 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - There are [0] errors,
details: []
2009-05-11 10:00:18,355 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form errors
instance in scope Flash
2009-05-11 10:00:18,355 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action
'AuthenticationViaFormAction' completed execution; result is 'success'
2009-05-11 10:00:18,355 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'success' in state 'bindAndValidate' of flow 'login-webflow'
2009-05-11 10:00:18,356 DEBUG [org.springframework.webflow.engine.Transition]
- Executing [transit...@9866417 on = [eventId = 'success'], to = submit] out
of state 'bindAndValidate'
2009-05-11 10:00:18,356 DEBUG [org.springframework.webflow.engine.ActionState]
- Entering state 'submit' of flow 'login-webflow'
2009-05-11 10:00:18,356 DEBUG
[org.springframework.webflow.engine.ActionExecutor] - Executing
[annotatedact...@561526e3 targetAction =
org.jasig.cas.web.flow.authenticationviaformact...@67a5fb5a, attributes =
map['method' -> 'submit']] in state 'submit' of flow 'login-webflow'
2009-05-11 10:00:18,357 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action
'AuthenticationViaFormAction' beginning execution
2009-05-11 10:00:18,357 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Found existing form
object with name 'credentials' of type [class
org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope
Flow
2009-05-11 10:00:18,357 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl]
- Attempting to create TicketGrantingTicket for [username: "<TEST USER>"]
2009-05-11 10:00:18,357 DEBUG
[org.springframework.ldap.core.support.AbstractContextSource] - Got Ldap
context on server '"<LDAP SERVER>"'
2009-05-11 10:00:18,362 DEBUG
[org.springframework.ldap.core.support.AbstractContextSource] - Got Ldap
context on server '"<LDAP SERVER>"'
2009-05-11 10:00:18,362 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
AuthenticationHandler:
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
authenticated the user which provided the following credentials: [username:
"<TEST USER>"]
2009-05-11 10:00:18,362 DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
- Attempting to resolve a principal...
2009-05-11 10:00:18,362 DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
- Creating SimplePrincipal for ["<TEST USER>"]
2009-05-11 10:00:18,362 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Added ticket
[TGT-2-2ZlbDx2TjMWe6P6cHcJou5dwIcuwV4e7gxtyVqzatytcR1tKcJ-cas] to registry.
2009-05-11 10:00:18,362 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to retrieve
ticket [TGT-2-2ZlbDx2TjMWe6P6cHcJou5dwIcuwV4e7gxtyVqzatytcR1tKcJ-cas]
2009-05-11 10:00:18,362 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket
[TGT-2-2ZlbDx2TjMWe6P6cHcJou5dwIcuwV4e7gxtyVqzatytcR1tKcJ-cas] found in
registry.
2009-05-11 10:00:18,362 DEBUG
[org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Removed cookie
with name [CASPRIVACY]
2009-05-11 10:00:18,362 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action
'AuthenticationViaFormAction' completed execution; result is 'success'
2009-05-11 10:00:18,362 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'success' in state 'submit' of flow 'login-webflow'
2009-05-11 10:00:18,362 DEBUG [org.springframework.webflow.engine.Transition]
- Executing [transit...@2d7892d5 on = [eventId = 'success'], to = expiryCheck]
out of state 'submit'
2009-05-11 10:00:18,362 DEBUG [org.springframework.webflow.engine.ActionState]
- Entering state 'expiryCheck' of flow 'login-webflow'
2009-05-11 10:00:18,362 DEBUG
[org.springframework.webflow.engine.ActionExecutor] - Executing
[annotatedact...@46eff545 targetAction =
org.jasig.cas.web.flow.accountstatusact...@33cfa965, attributes =
map[[empty]]] in state 'expiryCheck' of flow 'login-webflow'
2009-05-11 10:00:18,362 DEBUG [org.jasig.cas.web.flow.AccountStatusAction] -
Action 'AccountStatusAction' beginning execution
2009-05-11 10:00:18,362 DEBUG [org.jasig.cas.web.flow.AccountStatusAction] -
checking account status--
2009-05-11 10:00:18,362 DEBUG [org.jasig.cas.web.flow.AccountStatusAction] -
userID='"<TEST USER>"'
2009-05-11 10:00:18,362 DEBUG
[org.jasig.cas.web.support.ExtendedLdapAccountStatusGetter] - lookup for
userID='"<TEST USER>"'
2009-05-11 10:00:18,364 DEBUG
[org.jasig.cas.web.support.ExtendedLdapAccountStatusGetter] - LDAP: starting
search for value='"<TEST USER>"'with searchFilter 'mail="<TEST USER>"'
2009-05-11 10:00:18,364 DEBUG
[org.jasig.cas.web.support.ExtendedLdapAccountStatusGetter] - returning
searchcontrols: scope=2; return only attrID=shadowexpire; timeout=1000;
maxNumberResults=10
2009-05-11 10:00:18,364 DEBUG
[org.jasig.cas.web.support.ExtendedLdapAccountStatusGetter] - 2 | shadowexpire
| 1000 | 10
2009-05-11 10:00:18,364 DEBUG
[org.springframework.ldap.core.support.AbstractContextSource] - Got Ldap
context on server '"<LDAP SERVER>"'
2009-05-11 10:00:18,368 DEBUG
[org.jasig.cas.web.support.ExtendedLdapAccountStatusGetter] - LDAP: trying to
map attribute 'shadowexpire' from result.
2009-05-11 10:00:18,368 DEBUG
[org.jasig.cas.web.support.ExtendedLdapAccountStatusGetter] - LDAP: found 1
attributes as result, starting to resolve...
2009-05-11 10:00:18,368 DEBUG
[org.jasig.cas.web.support.ExtendedLdapAccountStatusGetter] - LDAP: found
attribute in result, value='13000'
2009-05-11 10:00:18,368 DEBUG
[org.jasig.cas.web.support.ExtendedLdapAccountStatusGetter] -
LdapResult='13000'
2009-05-11 10:00:18,368 DEBUG [org.jasig.cas.web.flow.AccountStatusAction] -
translating return code status='5'
2009-05-11 10:00:18,369 INFO [org.jasig.cas.web.flow.AccountStatusAction] -
'"<TEST USER>"' account is locked
2009-05-11 10:00:18,369 DEBUG [org.jasig.cas.web.flow.AccountStatusAction] -
--checking account status; result='locked'
2009-05-11 10:00:18,369 DEBUG [org.jasig.cas.web.flow.AccountStatusAction] -
Action 'AccountStatusAction' completed execution; result is 'locked'
2009-05-11 10:00:18,369 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'locked' in state 'expiryCheck' of flow 'login-webflow'
2009-05-11 10:00:18,369 DEBUG [org.springframework.webflow.engine.Transition]
- Executing [transit...@4d83da96 on = [eventId = 'locked'], to = locked] out
of state 'expiryCheck'
2009-05-11 10:00:18,369 DEBUG [org.springframework.webflow.engine.ViewState] -
Entering state 'locked' of flow 'login-webflow'
2009-05-11 10:00:18,369 DEBUG [org.springframework.webflow.engine.Transition]
- Completed execution of [transit...@4d83da96 on = [eventId = 'locked'], to =
locked], as a result the new state is 'locked' in flow 'login-webflow'
2009-05-11 10:00:18,369 DEBUG [org.springframework.webflow.engine.Transition]
- Completed execution of [transit...@2d7892d5 on = [eventId = 'success'], to =
expiryCheck], as a result the new state is 'locked' in flow 'login-webflow'
2009-05-11 10:00:18,369 DEBUG [org.springframework.webflow.engine.Transition]
- Completed execution of [transit...@9866417 on = [eventId = 'success'], to =
submit], as a result the new state is 'locked' in flow 'login-webflow'
2009-05-11 10:00:18,369 DEBUG [org.springframework.webflow.engine.Transition]
- Completed execution of [transit...@333ec758 on = [eventId = 'submit'], to =
bindAndValidate], as a result the new state is 'locked' in flow
'login-webflow'
2009-05-11 10:00:18,369 DEBUG
[org.springframework.webflow.engine.impl.FlowExecutionImpl] - Paused to render
'casLockedView' [[principal, service, credentials, currentFormObject,
warnCookieValue, ticketGrantingTicketId,
org.springframework.validation.BindException.currentFormObject,
org.springframework.validation.BindException.credentials]] and wait for user
input
2009-05-11 10:00:18,370 DEBUG
[org.springframework.webflow.execution.repository.continuation.ContinuationFlowExecutionRepository]
- Generated next key for flow execution '[flowexecutioni...@22cb4138 flow =
'login-webflow', flowSessions = list[[flowsessioni...@4e26d560 flow =
'login-webflow', state = 'locked', scope = map['principal' -> "<TEST USER>",
'service' -> "<A SERVICE PAGE>", 'credentials' -> [username: "<TEST USER>"],
'currentFormObject' -> [username: "<TEST USER>"], 'warnCookieValue' -> false,
'ticketGrantingTicketId' -> [null]], flashMap =
map['org.springframework.validation.BindException.currentFormObject' ->
org.springframework.validation.BindException:
org.springframework.validation.BeanPropertyBindingResult: 0 errors,
'org.springframework.validation.BindException.credentials' ->
org.springframework.validation.BindException:
org.springframework.validation.BeanPropertyBindingResult: 0 errors], status =
Paused]]]':
'_c1FF145B9-8E26-2B48-CB08-96D8D1E48775_kCA0C1EC3-6971-0A2A-209B-61C1A3F1AC6C';
previous
key was
'_c1FF145B9-8E26-2B48-CB08-96D8D1E48775_k5C7EDD65-E969-7EEF-49E2-E2948FE84648'
2009-05-11 10:00:18,370 DEBUG
[org.springframework.webflow.execution.repository.continuation.ContinuationFlowExecutionRepository]
- Putting flow execution '[flowexecutioni...@22cb4138 flow = 'login-webflow',
flowSessions = list[[flowsessioni...@4e26d560 flow = 'login-webflow', state =
'locked', scope = map['principal' -> "<TEST USER>", 'service' -> "<A SERVICE
PAGE>", 'credentials' -> [username: "<TEST USER>"], 'currentFormObject' ->
[username: "<TEST USER>"], 'warnCookieValue' -> false,
'ticketGrantingTicketId' -> [null]], flashMap =
map['org.springframework.validation.BindException.currentFormObject' ->
org.springframework.validation.BindException:
org.springframework.validation.BeanPropertyBindingResult: 0 errors,
'org.springframework.validation.BindException.credentials' ->
org.springframework.validation.BindException:
org.springframework.validation.BeanPropertyBindingResult: 0 errors], status =
Paused]]]' into repository with key
'_c1FF145B9-8E26-2B48-CB08-96D8D1E48775_kCA0C1EC3-6971-0A2A-209B-61C1A3F1AC6C'
2009-05-11 10:00:18,370 DEBUG
[org.springframework.webflow.conversation.impl.SessionBindingConversationManager]
- Getting conversation 1FF145B9-8E26-2B48-CB08-96D8D1E48775
2009-05-11 10:00:18,374 DEBUG
[org.springframework.webflow.execution.repository.continuation.ContinuationFlowExecutionRepository]
- Adding new continuation to group with id
CA0C1EC3-6971-0A2A-209B-61C1A3F1AC6C
2009-05-11 10:00:18,374 DEBUG
[org.springframework.webflow.conversation.impl.SessionBindingConversationManager]
- Getting conversation 1FF145B9-8E26-2B48-CB08-96D8D1E48775
2009-05-11 10:00:18,374 DEBUG
[org.springframework.webflow.conversation.impl.SessionBindingConversationManager]
- Putting conversation attribute 'scope' with value map[[empty]]
2009-05-11 10:00:18,374 DEBUG
[org.springframework.webflow.conversation.impl.SessionBindingConversationManager]
- Unlocking conversation 1FF145B9-8E26-2B48-CB08-96D8D1E48775
2009-05-11 10:00:18,374 DEBUG
[org.springframework.webflow.executor.support.FlowRequestHandler] - Returning
[resume] [responseinstruct...@5f27a49c flowExecutionKey =
'_c1FF145B9-8E26-2B48-CB08-96D8D1E48775_kCA0C1EC3-6971-0A2A-209B-61C1A3F1AC6C',
viewSelection
= 'casLockedView' [[principal, service, credentials, currentFormObject,
warnCookieValue, ticketGrantingTicketId,
org.springframework.validation.BindException.currentFormObject,
org.springframework.validation.BindException.credentials]],
flowExecutionContext = [flowexecutioni...@22cb4138 flow = 'login-webflow',
flowSessions = list[[flowsessioni...@4e26d560 flow = 'login-webflow', state =
'locked', scope = map['principal' -> "<TEST USER>", 'service' -> "<A SERVICE
PAGE>", 'credentials' -> [username: "<TEST USER>"], 'currentFormObject' ->
[username: "<TEST USER>"], 'warnCookieValue' -> false,
'ticketGrantingTicketId' -> [null]], flashMap =
map['org.springframework.validation.BindException.currentFormObject' ->
org.springframework.validation.BindException:
org.springframework.validation.BeanPropertyBindingResult: 0 errors,
'org.springframework.validation.BindException.credentials' ->
org.springframework.validation.BindException:
org.springframework.validation.BeanPropertyBindingResult: 0 errors], status =
Paused]]]]
2009-05-11 10:00:18,374 DEBUG
[org.springframework.web.servlet.DispatcherServlet] - Could not complete
request
org.springframework.beans.BeanInstantiationException: Could not instantiate
bean class [org.springframework.web.servlet.view.AbstractUrlBasedView]: Is it
an abstract class?; nested exception is java.lang.InstantiationException
at
org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:103)
at
org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:78)
at
org.springframework.web.servlet.view.UrlBasedViewResolver.buildView(UrlBasedViewResolver.java:431)
at
org.springframework.web.servlet.view.UrlBasedViewResolver.loadView(UrlBasedViewResolver.java:412)
at
org.springframework.web.servlet.view.AbstractCachingViewResolver.createView(AbstractCachingViewResolver.java:159)
at
org.springframework.web.servlet.view.UrlBasedViewResolver.createView(UrlBasedViewResolver.java:378)
at
org.springframework.web.servlet.view.AbstractCachingViewResolver.resolveViewName(AbstractCachingViewResolver.java:78)
at
org.springframework.web.servlet.DispatcherServlet.resolveViewName(DispatcherServlet.java:1215)
at
org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1164)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:902)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571)
at
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:511)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:636)
Caused by: java.lang.InstantiationException
at
sun.reflect.InstantiationExceptionConstructorAccessorImpl.newInstance(InstantiationExceptionConstructorAccessorImpl.java:48)
at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
at
org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:100)
... 31 more
I supposed that the needed views were not referenced, so I tried modifying
cas-server-webapp/src/main/webapp/WEB-INF/classes/default_views.properties
adding
casLockedView.(class)=org.springframework.web.servlet.view.JstlView
casLockedView.url=/WEB-INF/view/jsp/default/ui/casLockedView.jsp
but the error did not change.
If I try to authenticate a user with shadowexpire=0 (zero meaning always
active) the user is redirected to the service without any error.
The same error happens for a user in any state distinct from active.
Do I miss anything? Any suggestion?
Thank you very much
Marco Panella
--
Universita' degli Studi di Parma (http://www.unipr.it)
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
