>From the error, CAS is trying to write the log to a location it doesn't have access to. You should modify the log4j.properties to write to a location the user has access to (or grant that user access to that location).
Cheers, Scott On Thu, Aug 13, 2009 at 5:52 PM, Srikanth Rao <[email protected]> wrote: > I am using Tomcat5.5 CAS3.3.3 > I get no exceptions in syslog if I remove cas and restart. > > Please help. > Thanks, > Sri. > > Aug 13 17:45:23 megha jsvc.exec[29469]: log4j:WARN No appenders could be > found for logger (org.apache.commons.digester.Digester.sax). > Aug 13 17:45:23 megha jsvc.exec[29469]: log4j:WARN Please initialize the > log4j system properly. > Aug 13 17:45:23 megha jsvc.exec[29469]: 2009-08-13 17:45:23,702 ERROR > [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cas]] > -<Exception sending context initialized event to listener instance of class > org.springframework.web.util.Log4jConfigListener> > java.security.AccessControlException: access > denied (java.io.FilePermission /var/lib/tomcat5.5/logs/cas.log write) ^Iat > > java.security.AccessControlContext.checkPermission(AccessControlContext.java:342 > ) ^Iat > java.security.AccessController.checkPermission(AccessController.java:553) > ^Iat java.lang.SecurityManager.checkPermission(SecurityManager.java:549) > ^Iat java.lang.SecurityManager.checkWrite(SecurityManager.java:979) ^Iat > java.io.FileOutputStream.<init>(FileOutputStream.java:198) ^Iat > java.io.FileOutputStream.<init>(FileOutputStream.java:131) ^Iat > org.apache.log4j.FileAppender.setFile(FileAppender.java:290) ^Iat > org.apache.log4j.RollingFileAppender.setFile(RollingFileAppender.java:194) > ^Iat org.apache.log4j.FileAppender.activateOptions(FileAppender > > > ------------------------------ > *From:* John King <[email protected]> > *To:* [email protected] > *Sent:* Thursday, August 13, 2009 9:53:54 AM > *Subject:* Re: [cas-user] SSO credential caching and Oracle External Apps > > Thanks for your help everyone! > > I suppose I'm looking for a generic way of front-ending applications that > don't directly support CAS (and that I can't make changes to). I think > ClearPass will be a great way of doing this. I don't need to make changes to > CAS directly, I'll just write an app that grabs the attributes using the CAS > client and passes the credentials along. > > I also really like the idea of being able to store credentials in memory - > it provides a distinct security advantage to Oracle's method of caching this > information to a database. > > Thanks again, > John > > > Dale Ogilvie wrote: > > In some cases we return clear text credentials to the application in an > > attribute of the CAS validation response. So you might define user > attributes OraclePortalUser, > > OraclePortalPassword and these would be configured in service > > management to only be returned to the OraclePortal service. Then the > > CAS'ified OraclePortal can establish an appropriate user session after > > validating the service ticket. > > > > ________________________________ > > > > From: Scott Battaglia [mailto:[email protected]] Sent: > Wednesday, 12 August 2009 3:41 a.m. > > To: [email protected] > > Subject: Re: [cas-user] SSO credential caching and Oracle External Apps > > > > > > You might want to take a look at ClearPass: > > http://www.ja-sig.org/wiki/display/CAS/Proxying+clear-text+credentials > > > > Cheers, > > Scott > > > > > > > > On Tue, Aug 11, 2009 at 11:36 AM, John King <[email protected]> wrote: > > > > > > Hello, > > > > Our campus has been using an SSO approach that combines Oracle > > External Applications with a little custom code. This basically caches > > the user's credentials and supplies them (via a bit of javascript) when > > you link from the portal. > > > > This is, of course, less than ideal. While the password is > > scrambled, it shouldn't be there in a reversible way at all. Secondly, > > the SSO only works one-way, from the portal to the external app. > > > > We're preparing a CAS setup as part of our move from Oracle > > Portal to uPortal. I'd like to eventually CAS-ify all of our > > applications, but I need a temporary solution that removes the > > dependency on our Oracle infrastructure but provides similar > > functionality. Any recommendations? Has anyone built something like this > > before that ties into CAS? > > > > Thanks! > > John > > > > -- John N. King > > Web Developer > > Computing & Information Technology > > SUNY Geneseo > > South Hall 124A2 > > 585-245-5577 > > [email protected] > > > > -- You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > > > > > > -- John N. King > Web Developer > Computing & Information Technology > SUNY Geneseo > South Hall 124A2 > 585-245-5577 > [email protected] > > -- You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
