>From the error, CAS is trying to write the log to a location it doesn't have
access to.  You should modify the log4j.properties to write to a location
the user has access to (or grant that user access to that location).

Cheers,
Scott


On Thu, Aug 13, 2009 at 5:52 PM, Srikanth Rao <[email protected]> wrote:

> I am using Tomcat5.5 CAS3.3.3
> I get no exceptions in syslog if I remove cas and restart.
>
> Please help.
> Thanks,
> Sri.
>
> Aug 13 17:45:23 megha jsvc.exec[29469]: log4j:WARN No appenders could be
> found for logger (org.apache.commons.digester.Digester.sax).
> Aug 13 17:45:23 megha jsvc.exec[29469]: log4j:WARN Please initialize the
> log4j system properly.
> Aug 13 17:45:23 megha jsvc.exec[29469]: 2009-08-13 17:45:23,702 ERROR
> [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cas]] 
> -<Exception sending context initialized event to listener instance of class
> org.springframework.web.util.Log4jConfigListener>
> java.security.AccessControlException: access
>  denied (java.io.FilePermission /var/lib/tomcat5.5/logs/cas.log write) ^Iat
>
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:342
> ) ^Iat
> java.security.AccessController.checkPermission(AccessController.java:553)
> ^Iat java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> ^Iat java.lang.SecurityManager.checkWrite(SecurityManager.java:979) ^Iat
> java.io.FileOutputStream.<init>(FileOutputStream.java:198) ^Iat
> java.io.FileOutputStream.<init>(FileOutputStream.java:131) ^Iat
> org.apache.log4j.FileAppender.setFile(FileAppender.java:290) ^Iat
> org.apache.log4j.RollingFileAppender.setFile(RollingFileAppender.java:194)
> ^Iat org.apache.log4j.FileAppender.activateOptions(FileAppender
>
>
> ------------------------------
> *From:* John King <[email protected]>
> *To:* [email protected]
> *Sent:* Thursday, August 13, 2009 9:53:54 AM
> *Subject:* Re: [cas-user] SSO credential caching and Oracle External Apps
>
> Thanks for your help everyone!
>
> I suppose I'm looking for a generic way of front-ending applications that
> don't directly support CAS (and that I can't make changes to). I think
> ClearPass will be a great way of doing this. I don't need to make changes to
> CAS directly, I'll just write an app that grabs the attributes using the CAS
> client and passes the credentials along.
>
> I also really like the idea of being able to store credentials in memory -
> it provides a distinct security advantage to Oracle's method of caching this
> information to a database.
>
> Thanks again,
> John
>
>
> Dale Ogilvie wrote:
> > In some cases we return clear text credentials to the application in an
> > attribute of the CAS validation response.  So you might define user
> attributes OraclePortalUser,
> > OraclePortalPassword  and these would be configured in service
> > management to only be returned to the OraclePortal service. Then the
> > CAS'ified OraclePortal can establish an appropriate user session after
> > validating the service ticket.
> >
> > ________________________________
> >
> > From: Scott Battaglia [mailto:[email protected]] Sent:
> Wednesday, 12 August 2009 3:41 a.m.
> > To: [email protected]
> > Subject: Re: [cas-user] SSO credential caching and Oracle External Apps
> >
> >
> > You might want to take a look at ClearPass:
> > http://www.ja-sig.org/wiki/display/CAS/Proxying+clear-text+credentials
> >
> > Cheers,
> > Scott
> >
> >
> >
> > On Tue, Aug 11, 2009 at 11:36 AM, John King <[email protected]> wrote:
> >
> >
> >     Hello,
> >
> >     Our campus has been using an SSO approach that combines Oracle
> > External Applications with a little custom code. This basically caches
> > the user's credentials and supplies them (via a bit of javascript) when
> > you link from the portal.
> >
> >     This is, of course, less than ideal. While the password is
> > scrambled, it shouldn't be there in a reversible way at all. Secondly,
> > the SSO only works one-way, from the portal to the external app.
> >
> >     We're preparing a CAS setup as part of our move from Oracle
> > Portal to uPortal. I'd like to eventually CAS-ify all of our
> > applications, but I need a temporary solution that removes the
> > dependency on our Oracle infrastructure but provides similar
> > functionality. Any recommendations? Has anyone built something like this
> > before that ties into CAS?
> >
> >     Thanks!
> >     John
> >
> >     --     John N. King
> >     Web Developer
> >     Computing & Information Technology
> >     SUNY Geneseo
> >     South Hall 124A2
> >     585-245-5577
> >     [email protected]
> >
> >     --     You are currently subscribed to [email protected] as:
> > [email protected]
> >     To unsubscribe, change settings or access archives, see
> > http://www.ja-sig.org/wiki/display/JSG/cas-user
> >
> >
> >
>
>
>
>
> -- John N. King
> Web Developer
> Computing & Information Technology
> SUNY Geneseo
> South Hall 124A2
> 585-245-5577
> [email protected]
>
> -- You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> You are currently subscribed to [email protected] as: 
> [email protected]
>
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to