Turns out we're using MyISAM.I think that JPOX(?) autocreates these tables based on the java class RegisteredServiceImpl. So the use of MyISAM was selected by the default CAS config as far as I know. I never looked into any JPOX configuration so far though - just dropped the RegisteredServiceImpl table and recreated it with the right column types.
Cheers Andy Robert Oschwald wrote:
Are you using MyISAM or InnoDB? Robert Am 02.12.2009 um 15:02 schrieb Andy Cowling:Hi allThe problem was caused by the mysql jdbc connector mapping java booleans to mysql bit fields, instead of tinyints, as it should When hibernate reloads the data from mysql all the booleans are read in as 'false', even though they contained the single bit '1' (and should therefore be 'true'). The fix was to drop the table and recreate it using tinyint instead of bit.You can read more about this problem here: * http://www.jpox.org/servlet/forum/printthread_thread,3471_printall,yes * http://bugs.mysql.com/bug.php?id=16854Might be worth putting a little warning about this on the cas wiki, just to warn potential mysql users. (It cost us some days to debug this)We're using cas 3.3.1 with mysql client 14.12 and tomcat 5. Cheers Andy Scott Battaglia wrote:Something like this should work: https://SERVERNAME:8443/cas/services/** (this is what we use) But your exact matching should work also.On Tue, Dec 1, 2009 at 4:33 AM, Andy Cowling <[email protected] <mailto:[email protected]>> wrote:Sadly it was/is not so simple. My ant pattern was indeed wrong - but even using the exact service string I see in the cas "services" logs I still cannot access the service management app after a tomcat restart. The logs say: Service [https://cas-services:8443/cas/services/j_acegi_cas_security_check] not found in ServiceRegistry Yet the table "RegisteredServiceImpl" contains: mysql> select serviceId from RegisteredServiceImpl; +-------------------------------------------------------------------+ |serviceId |+-------------------------------------------------------------------+ | https://cas-services:8443/cas/services/j_acegi_cas_security_check | +-------------------------------------------------------------------+ Note that I CAN access the service management app as long as the RegisteredServiceImpl table is empty. It is only after I add this service that I then cannot access it. So it seems that the service management code is successful in reading the table contents from the database. I also tried adding all the following serviceIds to the RegisteredServiceImpl table, all with no success: * *MailScanner has detected a possible fraud attempt from "**" claiming to be* https://** * https://cas-services:8443/cas/services/** * https://cas-services:8443/cas/services/j_acegi_cas_security_check** Note that the service name "https://cas-services:8443/cas/services/j_acegi_cas_security_check"; <https://cas-services:8443/cas/services/j_acegi_cas_security_check> is what is in cas.properties for "cas.securityContext.serviceProperties.service", and as stated above, it appears to be the actual service string being used by CAS' service management code, as we can see from the logs above. Cheers Andy Robert Oschwald wrote:Ant patterns are slightly different than normal RegEx. Use https://cas-services:8443/cas/services** instead. Would be great to have a servlceURL example in the Wiki page. Robert Am 30.11.2009 um 16:45 schrieb Andy Cowling:Hi all Following the instructions in the Service Management config page I added the service management app as the first entry in the list of services allowed by the cas. But when I restart tomcat, I get the "application not authorized" message. The url I used for the service management app was: https://cas-services:8443/cas/services* Where cas-services is one of multiple names that maps to the local host (this method was used so that we can prove the config works on dev, then roll it out to test and live without requiring a config change). On the local desktop the /etc/hosts file also maps "cas-services" to the relevant cas machine. Maybe my ant style pattern matching is just wrong. The best resource I found for this online was http://ant.apache.org/manual/dirtasks.html Cheers Andy--Andy Cowling | UK Core IT Interactive Data Managed Solutions Ltd ------------------------------------------------------------------------------------------------------------------------------- Suite 1101, Eagle Tower | Montpellier Drive | Cheltenham GL50 1TA | UK Tel: +44 (0)1242 6941 15 | Fax: +44 (0)1242 6941 01[email protected] <mailto:[email protected]> http://www.interactivedata-ms.com <http://www.interactivedata-ms.com/>This message (including any files transmitted with it) may contain confidential and/or proprietary information, is the property of Interactive Data Corporation and/or its subsidiaries, and is directed only to the addressee(s). If you are not the designated recipient or have reason to believe you received this message in error, please delete this message from your system and notify the sender immediately. An unintended recipient's disclosure, copying, distribution, or use of this message or any attachments is prohibited and may be unlawful. Interactive Data (Europe) Ltd Registered No. 949387 England Registered Office: Fitzroy House 13-17 Epworth Street. London. EC2A 4DL--Andy Cowling | UK Core IT Interactive Data Managed Solutions Ltd ------------------------------------------------------------------------------------------------------------------------------- Suite 1101, Eagle Tower | Montpellier Drive | Cheltenham GL50 1TA | UK Tel: +44 (0)1242 6941 15 | Fax: +44 (0)1242 6941 01 [email protected]<mailto:[email protected]> http://www.interactivedata-ms.com<http://www.interactivedata-ms.com/> This message (including any files transmitted with it) may contain confidential and/or proprietary information, is the property of Interactive Data Corporation and/or its subsidiaries, and is directed only to the addressee(s). If you are not the designated recipient or have reason to believe you received this message in error, please delete this message from your system and notify the sender immediately. An unintended recipient's disclosure, copying, distribution, or use of this message or any attachments is prohibited and may be unlawful. Interactive Data (Europe) Ltd Registered No. 949387 England Registered Office: Fitzroy House 13-17 Epworth Street. London. EC2A 4DL -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user-- Andy Cowling | UK Core IT Interactive Data Managed Solutions Ltd ------------------------------------------------------------------------------------------------------------------------------- Suite 1101, Eagle Tower | Montpellier Drive | Cheltenham GL50 1TA | UK Tel: +44 (0)1242 6941 15 | Fax: +44 (0)1242 6941 01[email protected] http://www.interactivedata-ms.com <http://www.interactivedata-ms.com/>This message (including any files transmitted with it) may contain confidential and/or proprietary information, is the property of Interactive Data Corporation and/or its subsidiaries, and is directed only to the addressee(s). If you are not the designated recipient or have reason to believe you received this message inerror, please delete this message from your system and notify the senderimmediately. An unintended recipient's disclosure, copying, distribution, or use of this message or any attachments is prohibited and may be unlawful. Interactive Data (Europe) Ltd Registered No. 949387 England Registered Office:Fitzroy House 13-17 Epworth Street. London. EC2A 4DL-- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
-- Andy Cowling | UK Core IT Interactive Data Managed Solutions Ltd ------------------------------------------------------------------------------------------------------------------------------- Suite 1101, Eagle Tower | Montpellier Drive | Cheltenham GL50 1TA | UK Tel: +44 (0)1242 6941 15 | Fax: +44 (0)1242 6941 01[email protected] http://www.interactivedata-ms.com <http://www.interactivedata-ms.com/>
This message (including any files transmitted with it) may contain confidential and/or proprietary information, is the property of Interactive Data Corporation and/or its subsidiaries, and is directed only to the addressee(s). If you are not the designated recipient or have reason to believe you received this message in
error, please delete this message from your system and notify the senderimmediately. An unintended recipient's disclosure, copying, distribution, or
use of this message or any attachments is prohibited and may be unlawful.Interactive Data (Europe) Ltd Registered No. 949387 England Registered Office:
Fitzroy House 13-17 Epworth Street. London. EC2A 4DL
smime.p7s
Description: S/MIME Cryptographic Signature
