Paul,
Thanks for the update. I realized that after compiling cas-server-webapps,
my cas-servlet.xml and login-webflow.xml were different from one supplied in
the ldap-pwd-exp modules. I copied them over and restarted tomcat. Now I
am getting a new error. I am looking into this..
--STACK TRACE--
2010-02-15 15:04:33,587 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action
'AuthenticationViaFormAction' completed execution; result is
'showAccountLockedView'>
2010-02-15 15:04:33,594 ERROR
[org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cas].[cas]]
- <Servlet.service() for servlet cas threw exception>
java.lang.InstantiationException
at
sun.reflect.InstantiationExceptionConstructorAccessorImpl.newInstance(InstantiationExceptionConstructorAccessorImpl.java:30)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at
org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:100)
at
org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:78)
at
org.springframework.web.servlet.view.UrlBasedViewResolver.buildView(UrlBasedViewResolver.java:431)
at
org.springframework.web.servlet.view.UrlBasedViewResolver.loadView(UrlBasedViewResolver.java:412)
at
org.springframework.web.servlet.view.AbstractCachingViewResolver.createView(AbstractCachingViewResolver.java:159)
at
org.springframework.web.servlet.view.UrlBasedViewResolver.createView(UrlBasedViewResolver.java:378)
at
org.springframework.web.servlet.view.AbstractCachingViewResolver.resolveViewName(AbstractCachingViewResolver.java:78)
at
org.springframework.web.servlet.DispatcherServlet.resolveViewName(DispatcherServlet.java:1215)
at
org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1164)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:902)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571)
at
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:511)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at
org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.cluster.tcp.ReplicationValve.invoke(ReplicationValve.java:347)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773)
at
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
at
org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:895)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:619)
--END STACK TRACE
On Mon, Feb 15, 2010 at 3:23 PM, Vitty, Paul <[email protected]> wrote:
> Jeff/Ahsan,
>
> I've been working on this issue this evening and have gotten to the point
> where I am seeing the output you expect to see.
>
> I'm not sure, maybe you know this already, but the password about to expire
> message is only shown when you request a service ticket, it's not shown when
> only a ticket granting ticket is requested.
>
> Another thing I worked out is that you need to use the
> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler for your LDAP
> authentication handler in deployerConfigContext.xml, where as before we were
> using the Fast Bind class. Not sure if that helps you out, but it's got me
> this far.
>
> Paul
>
> On 15 Feb 2010, at 22:16, Jeff Chapin wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > No, I have not got this to work yet.
> >
> > I moved focus to other issues on my plate. I will look into this again
> > further tomorrow, but this appears to be the *EXACT* same experience I
> > am having -- so we appear to be on the same page, at least.
> >
> > Jeff
> >
> > Ahsan Imam wrote:
> >> Jeff,
> >>
> >> Did you ever get the module to work? Are you still have issues? After
> >> the documentation was updated on Feb 10, I changed my configuration
> >> setting specified for passwordWarningcheck.xml. I am getting no warning
> >> message and there is nothing in the logs. Logging is set to:
> >>
> >> log4j.logger.org.jasig.cas.services=INFO
> >> log4j.logger.org.jasig.cas.web.flow=DEBUG
> >> log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck=DEBUG
> >> log4j.logger.org.jasig.cas.adaptors=DEBUG
> >>
> >>
> >> I set warnAll to true and I should see a message "Show Warning (WarnALL
> >> is TRUE!) -- The password for " + userID + " will expire in " +
> >> Math.round(DateDiff / Timer.ONE_DAY) + " days" based on the code. I do
> >> not see and message in the browser or the logs.
> >>
> >> I wonder if I am missing something....
> >>
> >> Sincerely,
> >> Ahsan
> >>
> >>
> >> On Fri, Feb 12, 2010 at 7:55 AM, Jeff Chapin <[email protected]
> >> <mailto:[email protected]>> wrote:
> >>
> >> You guys rock!
> >>
> >> Only problem I have is I am still not seeing anything new in my logs. I
> >> am seeing the same behavior as with the last version.
> >>
> >> Thank you so much for the assistance.
> >>
> >> Jeff
> >>
> >> Scott Battaglia wrote:
> >>> I think Eric made an update to the page. Not sure if that will
> >> help or not.
> >>
> >>
> >>> On Thu, Feb 11, 2010 at 10:29 AM, Jeff Chapin <[email protected]
> >> <mailto:[email protected]>
> >>> <mailto:[email protected] <mailto:[email protected]>>> wrote:
> >>
> >>> I believe that log line came from this bean:
> >>> <bean id="PasswordWarningCheckAction"
> >>> class="org.jasig.cas.web.flow.PasswordWarningCheckAction">
> >>> <property name="passwordWarningCheck"
> >>> ref="passwordWarningCheck" />
> >>> </bean>
> >>
> >>
> >>> This was documented in the link below. Am I off base? I am still
> >>> learning how this setup works and feeling my way around.
> >>
> >>> Jeff
> >>
> >>> Scott Battaglia wrote:
> >>>> I don't know much about it but there's no reason it shouldn't
> >>> work. It
> >>>> doesn't look like there any instructions to tell you to add it to the
> >>>> web flow though.
> >>
> >>
> >>>> On Wed, Feb 10, 2010 at 12:03 PM, Jeff Chapin
> >> <[email protected] <mailto:[email protected]>
> >>> <mailto:[email protected] <mailto:[email protected]>>
> >>>> <mailto:[email protected] <mailto:[email protected]>
> >> <mailto:[email protected] <mailto:[email protected]>>>> wrote:
> >>
> >>>> Hello,
> >>
> >>>> I am using CAS 3.3.5, and I have tried to get LDAP password policy
> >>>> enforcement running, as per
> >>
> >>
> >>
> http://www.ja-sig.org/wiki/display/CASUM/LDAP+Password+Policy+Enforcement.
> >>
> >>>> I have cranked logging as follows:
> >>>> log4j.logger.org.jasig.cas.services=INFO
> >>>> log4j.logger.org.jasig.cas.web.flow=DEBUG
> >>
> >>
> >> log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck=DEBUG
> >>>> log4j.logger.org.jasig.cas.adaptors=DEBUG
> >>>> , other than that, the logging is identical to the Logging page on
> >>>> the wiki.
> >>
> >>>> Here are the only logs that are currently appearing:
> >>
> >>>> 2010-02-10 10:58:58,550 INFO
> >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Search
> >>> Filter:
> >>>> 'cn=%u'>
> >>>> 2010-02-10 10:58:58,551 INFO
> >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Expire Date
> >>>> Attribute: 'pwdchangedtime'>
> >>>> 2010-02-10 10:58:58,551 INFO
> >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Warning
> >> Days
> >>>> Attribute: 'passwordwarningdays'>
> >>>> 2010-02-10 10:58:58,551 INFO
> >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Default
> >>>> Warning Days: '-1'>
> >>>> 2010-02-10 10:58:58,551 INFO
> >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Date
> >> format:
> >>>> 'yyyyMMddHHmmss'z''>
> >>>> 2010-02-10 10:58:58,551 INFO
> >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <LDAP Search
> >>>> Base: 'cn=Users,dc=collab,dc=uni,dc=edu'>
> >>>> 2010-02-10 10:58:58,553 DEBUG
> >>>> [org.jasig.cas.web.flow.PasswordWarningCheckAction] - <inited with
> >>
> >>
> >>
> passwordWarningChecker='org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck'>
> >>
> >>>> As well as a mention to the bean in the following line.
> >>
> >>>> 2010-02-10 10:58:58,771 INFO
> >>
> >>
> >> [org.springframework.beans.factory.support.DefaultListableBeanFactory] -
> >>>> <Pre-instantiating singletons in
> >>
> >>
> >>
> org.springframework.beans.factory.support.defaultlistablebeanfact...@3052ce
> :
> >>
> >>>> It appears to me that the PasswordWarningCheck is not even firing
> >> -- I
> >>>> would expect much more logging output that this.
> >>
> >>>> As an aside, I put -1 as the Warning days, as out LDAP server (Oracle
> >>>> OID) currently only reports the time the password was last
> >>> changed, not
> >>>> when it expires. I have tried positive values with no difference
> >>> in the
> >>>> results.
> >>
> >>>> Am I missing something, or is this code simply incompatible with the
> >>>> current CAS version?
> >>
> >>>> Thanks,
> >>
> >>>> Jeff
> >>
> >>
> >>
> >
> > - --
> > You are currently subscribed to [email protected]
> > <mailto:[email protected]> as: [email protected]
> > <mailto:[email protected]>
> > To unsubscribe, change settings or access archives, see
> > http://www.ja-sig.org/wiki/display/JSG/cas-user
> >
> >
> >
> >
> >> --
> >> s/Ahsan/?/g
> >
> >> --
> >> You are currently subscribed to [email protected] as:
> [email protected]
> >> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> >
> >
> >
> > - --
> > Jeff Chapin,
> > Assistant Systems/Applications Administrator
> > ITS-IS, University of Northern Iowa
> > Phone: 319-273-3162 Email: [email protected]
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.9 (GNU/Linux)
> > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
> >
> > iEYEARECAAYFAkt5x7UACgkQQiaEUfQoY7SR7wCgqJl4CphJ7NgssAhxHJzWYOeh
> > 7toAn1YE1uRZJXqLdyYyEyimXYBh94Vb
> > =9Jos
> > -----END PGP SIGNATURE-----
> >
> > --
> > You are currently subscribed to [email protected] as:
> [email protected]
> > To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> >
>
>
> This email and any attachments are confidential and intended solely for the
> use of the addressee and may contain information which is covered by legal,
> professional or other privilege. If you have received this email in error
> please notify the system manager at [email protected]. The
> University's computer systems may be monitored and communications carried on
> them recorded to secure the effective operation of the system and for other
> lawful purposes.
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
--
s/Ahsan/?/g
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
