Hi Paul, The problem was with the default_views.properties. I am not sure what I did wrong yesterday as opposed to today. Added the following lines and life is good.
## Expired Password Error message casExpiredPassView.(class)=org.springframework.web.servlet.view.JstlView casExpiredPassView.url=/WEB-INF/view/jsp/default/ui/casExpiredPassView.jsp ### Locked Account Error message casAccountLockedView.(class)=org.springframework.web.servlet.view.JstlView casAccountLockedView.url=/WEB-INF/view/jsp/default/ui/casAccountLockedView.jsp ### Disabled Account Error message casAccountDisabledView.(class)=org.springframework.web.servlet.view.JstlView casAccountDisabledView.url=/WEB-INF/view/jsp/default/ui/casAccountDisabledView.jsp ### Password Expiration Warning message (logged in, PasswordWarningCheck=true) casWarnPassView.(class)=org.springframework.web.servlet.view.JstlView casWarnPassView.url=/WEB-INF/view/jsp/default/ui/casWarnPassView.jsp Sincerely, Ahsan On Mon, Feb 15, 2010 at 3:31 PM, Vitty, Paul <[email protected]> wrote: > Hi, > > Looks as though you either don't have the accountLockedView defined in > your login-webflow.xml or you don't have the JSP in your WAR file. > > > Paul Vitty > > Apache/MySQL Web Platform Engineer > Application Platform Delivery > Information Services Directorate > University of Ulster > > Tel: 02890 366273 > Email: <[email protected]>[email protected] > Web: <http://www.ulster.ac.uk/staff/p.vitty.html> > http://www.ulster.ac.uk/staff/p.vitty.html > > On 15 Feb 2010, at 22:29, "Ahsan Imam" <[email protected]> wrote: > > Paul, > > Thanks for the update. I realized that after compiling cas-server-webapps, > my cas-servlet.xml and login-webflow.xml were different from one supplied in > the ldap-pwd-exp modules. I copied them over and restarted tomcat. Now I > am getting a new error. I am looking into this.. > > --STACK TRACE-- > 2010-02-15 15:04:33,587 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action > 'AuthenticationViaFormAction' completed execution; result is > 'showAccountLockedView'> > 2010-02-15 15:04:33,594 ERROR > [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cas].[cas]] > - <Servlet.service() for servlet cas threw exception> > java.lang.InstantiationException > at > sun.reflect.InstantiationExceptionConstructorAccessorImpl.newInstance(InstantiationExceptionConstructorAccessorImpl.java:30) > at java.lang.reflect.Constructor.newInstance(Constructor.java:513) > at > org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:100) > at > org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:78) > at > org.springframework.web.servlet.view.UrlBasedViewResolver.buildView(UrlBasedViewResolver.java:431) > at > org.springframework.web.servlet.view.UrlBasedViewResolver.loadView(UrlBasedViewResolver.java:412) > at > org.springframework.web.servlet.view.AbstractCachingViewResolver.createView(AbstractCachingViewResolver.java:159) > at > org.springframework.web.servlet.view.UrlBasedViewResolver.createView(UrlBasedViewResolver.java:378) > at > org.springframework.web.servlet.view.AbstractCachingViewResolver.resolveViewName(AbstractCachingViewResolver.java:78) > at > org.springframework.web.servlet.DispatcherServlet.resolveViewName(DispatcherServlet.java:1215) > at > org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1164) > at > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:902) > at > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807) > at > org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571) > at > org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:511) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:647) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) > at > org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) > at > org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > at > org.apache.catalina.cluster.tcp.ReplicationValve.invoke(ReplicationValve.java:347) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) > at > org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200) > at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283) > at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773) > at > org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703) > at > org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:895) > at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) > at java.lang.Thread.run(Thread.java:619) > > > > > --END STACK TRACE > > > > > On Mon, Feb 15, 2010 at 3:23 PM, Vitty, Paul < <[email protected]> > [email protected]> wrote: > >> Jeff/Ahsan, >> >> I've been working on this issue this evening and have gotten to the point >> where I am seeing the output you expect to see. >> >> I'm not sure, maybe you know this already, but the password about to >> expire message is only shown when you request a service ticket, it's not >> shown when only a ticket granting ticket is requested. >> >> Another thing I worked out is that you need to use the >> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler for your LDAP >> authentication handler in deployerConfigContext.xml, where as before we were >> using the Fast Bind class. Not sure if that helps you out, but it's got me >> this far. >> >> Paul >> >> On 15 Feb 2010, at 22:16, Jeff Chapin wrote: >> >> > -----BEGIN PGP SIGNED MESSAGE----- >> > Hash: SHA1 >> > >> > No, I have not got this to work yet. >> > >> > I moved focus to other issues on my plate. I will look into this again >> > further tomorrow, but this appears to be the *EXACT* same experience I >> > am having -- so we appear to be on the same page, at least. >> > >> > Jeff >> > >> > Ahsan Imam wrote: >> >> Jeff, >> >> >> >> Did you ever get the module to work? Are you still have issues? After >> >> the documentation was updated on Feb 10, I changed my configuration >> >> setting specified for passwordWarningcheck.xml. I am getting no >> warning >> >> message and there is nothing in the logs. Logging is set to: >> >> >> >> log4j.logger.org.jasig.cas.services=INFO >> >> log4j.logger.org.jasig.cas.web.flow=DEBUG >> >> log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck=DEBUG >> >> log4j.logger.org.jasig.cas.adaptors=DEBUG >> >> >> >> >> >> I set warnAll to true and I should see a message "Show Warning (WarnALL >> >> is TRUE!) -- The password for " + userID + " will expire in " + >> >> Math.round(DateDiff / Timer.ONE_DAY) + " days" based on the code. I do >> >> not see and message in the browser or the logs. >> >> >> >> I wonder if I am missing something.... >> >> >> >> Sincerely, >> >> Ahsan >> >> >> >> >> >> On Fri, Feb 12, 2010 at 7:55 AM, Jeff Chapin < <[email protected]> >> [email protected] >> >> <mailto: <[email protected]>[email protected]>> wrote: >> >> >> >> You guys rock! >> >> >> >> Only problem I have is I am still not seeing anything new in my logs. I >> >> am seeing the same behavior as with the last version. >> >> >> >> Thank you so much for the assistance. >> >> >> >> Jeff >> >> >> >> Scott Battaglia wrote: >> >>> I think Eric made an update to the page. Not sure if that will >> >> help or not. >> >> >> >> >> >>> On Thu, Feb 11, 2010 at 10:29 AM, Jeff Chapin < <[email protected]> >> [email protected] >> >> <mailto: <[email protected]>[email protected]> >> >>> <mailto: <[email protected]>[email protected] >> >>> <mailto:<[email protected]> >> [email protected]>>> wrote: >> >> >> >>> I believe that log line came from this bean: >> >>> <bean id="PasswordWarningCheckAction" >> >>> class="org.jasig.cas.web.flow.PasswordWarningCheckAction"> >> >>> <property name="passwordWarningCheck" >> >>> ref="passwordWarningCheck" /> >> >>> </bean> >> >> >> >> >> >>> This was documented in the link below. Am I off base? I am still >> >>> learning how this setup works and feeling my way around. >> >> >> >>> Jeff >> >> >> >>> Scott Battaglia wrote: >> >>>> I don't know much about it but there's no reason it shouldn't >> >>> work. It >> >>>> doesn't look like there any instructions to tell you to add it to the >> >>>> web flow though. >> >> >> >> >> >>>> On Wed, Feb 10, 2010 at 12:03 PM, Jeff Chapin >> >> < <[email protected]>[email protected] <mailto:<[email protected]> >> [email protected]> >> >>> <mailto: <[email protected]>[email protected] >> >>> <mailto:<[email protected]> >> [email protected]>> >> >>>> <mailto: <[email protected]>[email protected] >> >>>> <mailto:<[email protected]> >> [email protected]> >> >> <mailto: <[email protected]>[email protected] >> >> <mailto:<[email protected]> >> [email protected]>>>> wrote: >> >> >> >>>> Hello, >> >> >> >>>> I am using CAS 3.3.5, and I have tried to get LDAP password policy >> >>>> enforcement running, as per >> >> >> >> >> >> <http://www.ja-sig.org/wiki/display/CASUM/LDAP+Password+Policy+Enforcement> >> http://www.ja-sig.org/wiki/display/CASUM/LDAP+Password+Policy+Enforcement >> . >> >> >> >>>> I have cranked logging as follows: >> >>>> log4j.logger.org.jasig.cas.services=INFO >> >>>> log4j.logger.org.jasig.cas.web.flow=DEBUG >> >> >> >> >> >> log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck=DEBUG >> >>>> log4j.logger.org.jasig.cas.adaptors=DEBUG >> >>>> , other than that, the logging is identical to the Logging page on >> >>>> the wiki. >> >> >> >>>> Here are the only logs that are currently appearing: >> >> >> >>>> 2010-02-10 10:58:58,550 INFO >> >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Search >> >>> Filter: >> >>>> 'cn=%u'> >> >>>> 2010-02-10 10:58:58,551 INFO >> >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Expire Date >> >>>> Attribute: 'pwdchangedtime'> >> >>>> 2010-02-10 10:58:58,551 INFO >> >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Warning >> >> Days >> >>>> Attribute: 'passwordwarningdays'> >> >>>> 2010-02-10 10:58:58,551 INFO >> >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Default >> >>>> Warning Days: '-1'> >> >>>> 2010-02-10 10:58:58,551 INFO >> >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Date >> >> format: >> >>>> 'yyyyMMddHHmmss'z''> >> >>>> 2010-02-10 10:58:58,551 INFO >> >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <LDAP Search >> >>>> Base: 'cn=Users,dc=collab,dc=uni,dc=edu'> >> >>>> 2010-02-10 10:58:58,553 DEBUG >> >>>> [org.jasig.cas.web.flow.PasswordWarningCheckAction] - <inited with >> >> >> >> >> >> >> passwordWarningChecker='org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck'> >> >> >> >>>> As well as a mention to the bean in the following line. >> >> >> >>>> 2010-02-10 10:58:58,771 INFO >> >> >> >> >> >> [org.springframework.beans.factory.support.DefaultListableBeanFactory] >> - >> >>>> <Pre-instantiating singletons in >> >> >> >> >> >> >> org.springframework.beans.factory.support.defaultlistablebeanfact...@3052ce >> : >> >> >> >>>> It appears to me that the PasswordWarningCheck is not even firing >> >> -- I >> >>>> would expect much more logging output that this. >> >> >> >>>> As an aside, I put -1 as the Warning days, as out LDAP server (Oracle >> >>>> OID) currently only reports the time the password was last >> >>> changed, not >> >>>> when it expires. I have tried positive values with no difference >> >>> in the >> >>>> results. >> >> >> >>>> Am I missing something, or is this code simply incompatible with the >> >>>> current CAS version? >> >> >> >>>> Thanks, >> >> >> >>>> Jeff >> >> >> >> >> >> >> > >> > - -- >> > You are currently subscribed to <[email protected]> >> [email protected] >> > <mailto: <[email protected]>[email protected]> as: >> <[email protected]>[email protected] >> > <mailto: <[email protected]>[email protected]> >> > To unsubscribe, change settings or access archives, see >> > <http://www.ja-sig.org/wiki/display/JSG/cas-user> >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > >> > >> > >> > >> >> -- >> >> s/Ahsan/?/g >> > >> >> -- >> >> You are currently subscribed to <[email protected]> >> [email protected] as: <[email protected]>[email protected] >> >> To unsubscribe, change settings or access archives, see >> >> <http://www.ja-sig.org/wiki/display/JSG/cas-user> >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > >> > >> > >> > - -- >> > Jeff Chapin, >> > Assistant Systems/Applications Administrator >> > ITS-IS, University of Northern Iowa >> > Phone: 319-273-3162 Email: <[email protected]>[email protected] >> > -----BEGIN PGP SIGNATURE----- >> > Version: GnuPG v1.4.9 (GNU/Linux) >> > Comment: Using GnuPG with Fedora - <http://enigmail.mozdev.org/> >> http://enigmail.mozdev.org/ >> > >> > iEYEARECAAYFAkt5x7UACgkQQiaEUfQoY7SR7wCgqJl4CphJ7NgssAhxHJzWYOeh >> > 7toAn1YE1uRZJXqLdyYyEyimXYBh94Vb >> > =9Jos >> > -----END PGP SIGNATURE----- >> > >> > -- >> > You are currently subscribed to <[email protected]> >> [email protected] as: <[email protected]>[email protected] >> > To unsubscribe, change settings or access archives, see >> > <http://www.ja-sig.org/wiki/display/JSG/cas-user> >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > >> >> >> This email and any attachments are confidential and intended solely for >> the use of the addressee and may contain information which is covered by >> legal, professional or other privilege. If you have received this email in >> error please notify the system manager at <[email protected]> >> [email protected]. The University's computer systems may be >> monitored and communications carried on them recorded to secure the >> effective operation of the system and for other lawful purposes. >> >> -- >> You are currently subscribed to <[email protected]> >> [email protected] as: <[email protected]>[email protected] >> To unsubscribe, change settings or access archives, see >> <http://www.ja-sig.org/wiki/display/JSG/cas-user> >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > > > -- > s/Ahsan/?/g > > -- > > You are currently subscribed to [email protected] as: > <[email protected]>[email protected] > To unsubscribe, change settings or access archives, see > <http://www.ja-sig.org/wiki/display/JSG/cas-user>http://www.ja-sig.org/wiki/display/JSG/cas-user > > > ------------------------------ > This email and any attachments are confidential and intended solely for the > use of the addressee and may contain information which is covered by legal, > professional or other privilege. If you have received this email in error > please notify the system manager at [email protected]. The > University's computer systems may be monitored and communications carried on > them recorded to secure the effective operation of the system and for other > lawful purposes. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- s/Ahsan/?/g -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
