How can I do it? I want the logs to go to CATALINA_BASE/logs/cas.log
What should be the log4j.properties entries under $CATALINA_BASE/common/classes be? Do I have to fiddle around with policy.d/* ? Thanks, Srikanth ________________________________ From: Scott Battaglia <[email protected]> To: [email protected] Sent: Thursday, August 13, 2009 9:23:06 PM Subject: Re: [cas-user] cas.log cannot be written >From the error, CAS is trying to write the log to a location it doesn't have >access to. You should modify the log4j.properties to write to a location the >user has access to (or grant that user access to that location). Cheers, Scott On Thu, Aug 13, 2009 at 5:52 PM, Srikanth Rao <[email protected]> wrote: I am using Tomcat5.5 CAS3.3.3 >I get no exceptions in syslog if I remove cas and restart. > >Please help. >Thanks, >Sri. > >> >Aug 13 17:45:23 megha jsvc.exec[29469]: log4j:WARN No appenders could be found >for logger (org.apache.commons.digester.Digester.sax). >Aug 13 17:45:23 megha jsvc.exec[29469]: log4j:WARN Please initialize the log4j >system properly. >> >Aug 13 17:45:23 megha jsvc.exec[29469]: 2009-08-13 17:45:23,702 ERROR >[org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cas]] >-<Exception sending context initialized event to listener instance of class >org.springframework.web.util.Log4jConfigListener> >java.security.AccessControlException: access > denied (java.io.FilePermission /var/lib/tomcat5.5/logs/cas.log write) ^Iat > java.security.AccessControlContext.checkPermission(AccessControlContext.java:342 >) ^Iat >java.security.AccessController.checkPermission(AccessController.java:553) ^Iat >java.lang.SecurityManager.checkPermission(SecurityManager.java:549) ^Iat >java.lang.SecurityManager.checkWrite(SecurityManager.java:979) ^Iat >java.io.FileOutputStream.<init>(FileOutputStream.java:198) ^Iat >java.io.FileOutputStream.<init>(FileOutputStream.java:131) ^Iat >org.apache.log4j.FileAppender.setFile(FileAppender.java:290) ^Iat >org.apache.log4j.RollingFileAppender.setFile(RollingFileAppender.java:194) >^Iat org.apache.log4j.FileAppender.activateOptions(FileAppender > > > > > ________________________________ From: John King <[email protected]> >To: [email protected] >Sent: Thursday, August 13, 2009 9:53:54 AM >Subject: Re: [cas-user] SSO credential caching and Oracle External Apps > >>Thanks for your help everyone! > >I suppose I'm looking for a generic way of front-ending applications that >don't directly support CAS (and that I can't make changes to). I think >ClearPass will be a great way of doing this. I don't need to make changes to >CAS directly, I'll just write an app that grabs the attributes using the CAS >client and passes the credentials along. > >I also really like the idea of being able to store credentials in memory - it >provides a distinct security advantage to Oracle's method of caching this >information to a database. > >Thanks again, >John > > >Dale Ogilvie wrote: >> In some cases we return clear text credentials to the application in an >> attribute of the CAS validation response. So you might define user >> attributes OraclePortalUser, >> OraclePortalPassword and these would be configured in service >> >> management to only be returned to the OraclePortal service. Then > the >> CAS'ified OraclePortal can establish an appropriate user session after >> validating the service ticket. >> >> ________________________________ >> >> From: Scott Battaglia [mailto:[email protected]] Sent: Wednesday, 12 >> August 2009 3:41 a.m. >> >> To: [email protected] >> Subject: Re: [cas-user] SSO credential caching and Oracle External Apps >> >> >> You might want to take a look at ClearPass: >> http://www.ja-sig.org/wiki/display/CAS/Proxying+clear-text+credentials >> >> Cheers, >> Scott >> >> >> >> >> On Tue, Aug 11, 2009 at 11:36 AM, John King > <[email protected]> wrote: >> >> >> Hello, >> >> Our campus has been using an SSO approach that combines Oracle >> External Applications with a little custom code. This basically caches >> >> the user's credentials and supplies them (via a bit of javascript) when >> you link from the portal. >> >> This is, of course, less than ideal. While the password is >> scrambled, it shouldn't be there in a reversible way at all. Secondly, >> >> the SSO only works one-way, from the portal to the external app. >> >> We're preparing a CAS setup as part of our move from Oracle >> Portal to uPortal. I'd like to eventually CAS-ify all of our >> >> applications, but I need a temporary > solution that removes the >> dependency on our Oracle infrastructure but provides similar >> functionality. Any recommendations? Has anyone built something like this >> before that ties into CAS? >> >> >> Thanks! >> John >> >> -- John N. King >> Web Developer >> Computing & Information Technology >> SUNY Geneseo >> South Hall 124A2 >> 585-245-5577 >> >> [email protected] >> >> -- You are currently subscribed to [email protected] > as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> > > > > >-- John N. King >Web Developer >Computing & Information Technology >SUNY Geneseo >South Hall 124A2 >585-245-5577 >[email protected] > >-- You are currently subscribed to [email protected] as: >[email protected] >To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user > > >-- >You are currently subscribed to [email protected] as: >[email protected] > > >To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
