Israel, Hrmmm this is going to be an reaching thought, but what is the session timeout for JBoss / Tomcat set to? By default, CAS stores some information within the user¹s session for login purposes. I am not sure what happens whenever you exceed the session timeout yet submit the form successfully. If you have the Web Developer plugin for Firefox, you will see there are hidden fields for ³lt² and ³eventId². The ³lt² value is used by Spring Web Flow to associate you with an existing ³conversation².
Anyhow, other than that, I cannot think of why this is going on. I have received the default view in CAS 3.3.1 and do not see any Javascript to cause a redirect like you mentioned. Aside from the timeout issue I mentioned above, the only other thoughts I have are 1) Hitting the reset button or 2) custom code mucking things up. HTH, A- On 8/17/09 1:43 PM, "Israel Ben Guilherme Fonseca" <[email protected]> wrote: > CAS version 3.3.1 > Java version 1.6.10 > Container: JBoss 4.2.3 GA > > After the 5th try, the page just get cleaned. Example: > > 1. Setup demo cas.war in servlet container with NO CHANGES > 2. Request /login servlet > 3. Input invalid credentials #1 => Warning message about invalid credentials > 4. Input invalid credentials #2 => Warning message about invalid credentials > 5. Input invalid credentials #3 => Warning message about invalid credentials > 6. Input invalid credentials #4 => Warning message about invalid credentials > 7. Input valid credentials #5 => Some type of Javascript redirect occurs where > you are sent back to the /login but the message is gone. (Even with valid > credentials, nothing happens) > > 2009/8/17 Andrew Feller <[email protected]> >> Israel, >> >> So let me see if I understand this correctly: >> >> CAS version: 3.1.0 >> Java version: 1.X.X >> Servlet container: XXXXXXX >> Servlet container version: X.X.X >> >> STEPS TO REPRODUCE BEHAVIOR >> >> 1. Setup demo cas.war in servlet container with NO CHANGES >> 2. Request /login servlet >> 3. Input invalid credentials #1 => Warning message about invalid credentials >> 4. Input invalid credentials #2 => Warning message about invalid credentials >> 5. Input invalid credentials #3 => Warning message about invalid credentials >> 6. Input invalid credentials #4 => Warning message about invalid credentials >> 7. Input invalid credentials #5 => Warning message about invalid credentials >> 8. Some type of Javascript redirect occurs where you are sent back to the >> /login but the message is gone >> >> Is this correct? >> >> >> >> On 8/17/09 12:30 PM, "Israel Ben Guilherme Fonseca" <[email protected] >> <http://[email protected]> > wrote: >> >>> Andrew, i did test it with a plain "cas.war" and got the same behavior. I >>> think it's happening with all fresh CAS installations. >>> >>> 2009/8/17 Andrew Feller <[email protected] <http://[email protected]> > >>>> Zeeshan, >>>> >>>> The default view doesn't have any special logic like this as far as I know. >>>> However as we don't know the extent of your changes, it is difficult to >>>> troubleshoot this blindly. >>>> >>>> My knee jerk thoughts: >>>> >>>> 1. Have you modified the Spring Web Flow process to include any additional >>>> actions? >>>> 2. Have you rewired existing Spring Web Flow actions? >>>> 3. What type of Javascript changes have you made to the CAS login page? >>>> 4. Have you tried installing the Live HTTP Headers plugin for Firefox to >>>> record HTTP traffic to investigate whether this is due to the server or >>>> Javascript? >>>> >>>> HTH, >>>> A- >>>> >>>> On 8/17/09 9:45 AM, "israel.bgf" <[email protected] >>>> <http://[email protected]> > wrote: >>>> >>>>> > >>>>> > I'm with the exactly same problem, and i'm looking for a solution too. >>>>> Did >>>>> > you find something Zeeshan? >>>>> > >>>>> > zeeshanilyas wrote: >>>>>> >> >>>>>> >> Hi, >>>>>> >> >>>>>> >> I am using CAS 3.1 to implement Single Sign On functionality. I have >>>>>> >> modified CAS according to our requirements which include adding >>>>>> password >>>>>> >> Reset functionality and password expiry mechanisms. All is working >>>>>> fine >>>>>> >> but during testing I noticed that if you repeatedly try to login with >>>>>> >> wrong credentials then on the 5th try the login screen refreshes. I am >>>>>> >> using the default screen with some changes. >>>>>> >> >>>>>> >> Is there anyway to stop this behaviour. Is it a default spring mvc >>>>>> >> behaviour or is this part of the CAS specification (there is no >>>>>> mention of >>>>>> >> this behaviour in the documentation). >>>>>> >> >>>>>> >> I will appreciate it if someone can point to the right direction >>>>>> regarding >>>>>> >> this. >>>>>> >> >>>>>> >> Kind Regards, >>>>>> >> >>>>>> >> Zeeshan >>>>>> >> >>>> >>>> -- >>>> Andrew Feller, Business System Programmer >>>> LSU University Information Services >>>> 200 Frey Computing Services Center >>>> Baton Rouge, LA 70803 >>>> Office: 225.578.3737 >>>> Fax: 225.578.6400 >>>> >>>> >>>> >>>> -- >>>> You are currently subscribed to [email protected] >>>> <http://[email protected]> as: [email protected] >>>> <http://[email protected]> >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user -- Andrew Feller, Business System Programmer LSU University Information Services 200 Frey Computing Services Center Baton Rouge, LA 70803 Office: 225.578.3737 Fax: 225.578.6400 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
