-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am making slow progress. I am now seeing the following error in
localhost-`date`.out:
SEVERE: Servlet.service() for servlet cas threw exception
java.lang.InstantiationException
at
sun.reflect.InstantiationExceptionConstructorAccessorImpl.newInstance(InstantiationExceptionConstructorAccessorImpl.java:30)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at
org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:100)
at
org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:78)
at
org.springframework.web.servlet.view.UrlBasedViewResolver.buildView(UrlBasedViewResolver.java:431)
at
org.springframework.web.servlet.view.UrlBasedViewResolver.loadView(UrlBasedViewResolver.java:412)
at
org.springframework.web.servlet.view.AbstractCachingViewResolver.createView(AbstractCachingViewResolver.java:159)
at
org.springframework.web.servlet.view.UrlBasedViewResolver.createView(UrlBasedViewResolver.java:378)
at
org.springframework.web.servlet.view.AbstractCachingViewResolver.resolveViewName(AbstractCachingViewResolver.java:78)
at
org.springframework.web.servlet.DispatcherServlet.resolveViewName(DispatcherServlet.java:1215)
at
org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1164)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:902)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571)
at
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:511)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:619)
When a user that should be warned logs in. The user sees the following:
CAS is Unavailable
There was an error trying to complete your request. Please notify your
support desk or try again.
Any further suggestions? I am going to try and attach a debugger ASAP.
Jeff
Jeff Chapin wrote:
> Yes, we are using a maven overlay.
>
> I will see if I can figure out a way to run a debugger on this. I don't
> do much java development, and the fact that this is on a unix host,
> combined with the ACLs we have in place to protect some of the resources
> might make debugging an interesting challenge.
>
> Thanks for the advice.
>
> Jeff
>
>
>
> Ahsan Imam wrote:
>> Hi Jeff,
>
>> I am not sure if this will help but you can start tomcat in debug mode
>> and then attach a debugger (I used eclipse) to see what is happening.
>> When I was having issues I set my debug statement
>> (LdapPasswordWarningCheck.java) in the method getPasswordWarning. Some
>> other keys files to look through are
>
>> PasswordWarningCheckAction.java
>> PasswordWarningDynamicViewSelector.java (webflow)
>> AuthenticationViaFormAction.java
>
>> Stepping through the code gave me pretty good indication of what was
>> happening. Debugging prompted to modify properties files which I
>> neglected to update. Also we made some modifications to add more
>> functionality if a users password expired.
>
>> Also are you using cas maven overlay method?
>
>
>> Ahsan
>
>
>> On Wed, Apr 7, 2010 at 12:09 PM, Jeff Chapin <[email protected]
>> <mailto:[email protected]>> wrote:
>
>> To make things even more fun, the instance I have with LdapBind and an
>> attempt at the ldap-pwd module is letting locked users log in, but an
>> instance with FastBind is not.
>
>> I most definitely have something broken.
>
>> Jeff
>
>
>> Jeff Chapin wrote:
>>> I know I am grave digging, but I am working on getting this module
>>> working still.
>>> I have gotten LdapBind working, and I have the password working
>>> information getting initialized:
>>> This is from catalina.out:
>>> 2010-04-06 16:42:18,580 INFO
>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <LDAP Search
>>> Base: 'cn=Users,dc=Collab,dc=uni,dc=edu'>
>>> 2010-04-06 16:42:18,597 INFO
>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Search
>> Filter:
>>> 'cn=%u'>
>>> 2010-04-06 16:42:18,597 INFO
>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <warnAll:
>> 'true'>
>>> 2010-04-06 16:42:18,597 INFO
>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Date format:
>>> 'yyyyMMddHHmmss'z''>
>>> 2010-04-06 16:42:18,597 INFO
>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] -
>>> <warningCheckType: 'change'>
>>> 2010-04-06 16:42:18,597 INFO
>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Date
>>> Attribute: 'pwdchangedtime'>
>>> 2010-04-06 16:42:18,597 INFO
>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Warning Days
>>> Attribute: 'passwordwarningdays'>
>>> 2010-04-06 16:42:18,597 INFO
>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Valid Days
>>> Attribute: 'passwordexpiredays'>
>>> 2010-04-06 16:42:18,598 INFO
>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Default
>>> Warning Days: '300'>
>>> 2010-04-06 16:42:18,598 INFO
>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Password Max
>>> Age (in days): '1'>
>
>>> Those are the correct values I entered -- but that is the last sign I
>>> see of the module being run. Nothing is logged, nor am I warned that I
>>> need to change my password -- even though I have warn set to true.
>>> I followed the guide here:
>
>> http://www.ja-sig.org/wiki/display/CASUM/LDAP+Password+Policy+Enforcement
>
>>> and I made the following changes to my default_view, as advised on
>> this
>>> thread:
>>> ## Expired Password Error message
>> casExpiredPassView.(class)=org.springframework.web.servlet.view.JstlView
>
>> casExpiredPassView.url=/WEB-INF/view/jsp/default/ui/casExpiredPassView.jsp
>
>>> ### Locked Account Error message
>> casAccountLockedView.(class)=org.springframework.web.servlet.view.JstlView
>
>> casAccountLockedView.url=/WEB-INF/view/jsp/default/ui/casAccountLockedView.jsp
>
>>> ### Disabled Account Error message
>> casAccountDisabledView.(class)=org.springframework.web.servlet.view.JstlView
>
>> casAccountDisabledView.url=/WEB-INF/view/jsp/default/ui/casAccountDisabledView.jsp
>
>>> ### Password Expiration Warning message (logged in,
>>> PasswordWarningCheck=true)
>>> casWarnPassView.(class)=org.springframework.web.servlet.view.JstlView
>>> casWarnPassView.url=/WEB-INF/view/jsp/default/ui/casWarnPassView.jsp
>
>>> I *am* getting the following error when I try to log into
>> /cas/services
>>> to test:
>>> 2010-04-06 16:43:08,245 DEBUG
>>> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] -
>>> <Performing LDAP bind with credential:
>>> cn=chapinj,cn=Users,dc=collab,dc=uni,dc=edu>
>>> Exception in thread "Thread-14" java.security.ProviderException:
>>> update() failed
>>> 2010-04-06 16:43:08,299 INFO
>>> [org.jasig.cas.authentication.AuthenticationManagerImpl] -
>>> <AuthenticationHandler:
>>> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
>>> authenticated the user which provided the following credentials:
>>> [username: chapinj]>
>>> at
>> sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:557)
>>> at
>> sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:457)
>>> at javax.crypto.Cipher.update(DashoA13*..)
>>> at
>>> com.sun.net.ssl.internal.ssl.CipherBox.encrypt(CipherBox.java:141)
>>> at
>> com.sun.net.ssl.internal.ssl.OutputRecord.encrypt(OutputRecord.java:197)
>>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecordInternal(SSLSocketImpl.java:733)
>>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:722)
>>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.sendAlert(SSLSocketImpl.java:1720)
>>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1606)
>>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1574)
>>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1538)
>>> at
>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1483)
>>> at
>> com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:86)
>>> at
>> java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
>>> at
>> java.io.BufferedInputStream.read1(BufferedInputStream.java:258)
>>> at
>> java.io.BufferedInputStream.read(BufferedInputStream.java:317)
>>> at com.sun.jndi.ldap.Connection.run(Connection.java:805)
>>> at java.lang.Thread.run(Thread.java:619)
>>> Caused by: sun.security.pkcs11.wrapper.PKCS11Exception:
>>> CKR_OPERATION_NOT_INITIALIZED
>>> at
>> sun.security.pkcs11.wrapper.PKCS11.C_EncryptUpdate(Native Method)
>>> at
>> sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:510)
>>> ... 17 more
>>> - From googling, this appears to be an issue with encryption --
>> but I am
>>> not sure where I went wrong or managed to break things.
>>> This is java 1.6.0, cas 3.3.5, and Solaris 10.
>>> Any suggestions before I go bald?
>>> Thanks,
>>> Jeff
>
>>> Jeff Chapin wrote:
>>>> I had actually been barking up that tree -- using BindLdap, and not
>>>> FastBind, but had to move in different directions. I will try to
>>>> replicate your results in the morning and see what I can come up
>> with.
>
>>>> Thanks for the pointers!
>>>> Jeff
>>>> Vitty, Paul wrote:
>>>>> Jeff/Ahsan,
>>>>> I've been working on this issue this evening and have gotten to
>> the point where I am seeing the output you expect to see.
>>>>> I'm not sure, maybe you know this already, but the password
>> about to expire message is only shown when you request a service
>> ticket, it's not shown when only a ticket granting ticket is requested.
>>>>> Another thing I worked out is that you need to use the
>> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler for your
>> LDAP authentication handler in deployerConfigContext.xml, where as
>> before we were using the Fast Bind class. Not sure if that helps you
>> out, but it's got me this far.
>>>>> Paul
>>>>> On 15 Feb 2010, at 22:16, Jeff Chapin wrote:
>>>>> No, I have not got this to work yet.
>>>>> I moved focus to other issues on my plate. I will look into this
>> again
>>>>> further tomorrow, but this appears to be the *EXACT* same
>> experience I
>>>>> am having -- so we appear to be on the same page, at least.
>>>>> Jeff
>>>>> Ahsan Imam wrote:
>>>>>>>> Jeff,
>>>>>>>>
>>>>>>>> Did you ever get the module to work? Are you still have
>> issues? After
>>>>>>>> the documentation was updated on Feb 10, I changed my
>> configuration
>>>>>>>> setting specified for passwordWarningcheck.xml. I am getting
>> no warning
>>>>>>>> message and there is nothing in the logs. Logging is set to:
>>>>>>>>
>>>>>>>> log4j.logger.org.jasig.cas.services=INFO
>>>>>>>> log4j.logger.org.jasig.cas.web.flow=DEBUG
>>>>>>>>
>> log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck=DEBUG
>>>>>>>> log4j.logger.org.jasig.cas.adaptors=DEBUG
>>>>>>>>
>>>>>>>>
>>>>>>>> I set warnAll to true and I should see a message "Show
>> Warning (WarnALL
>>>>>>>> is TRUE!) -- The password for " + userID + " will expire in " +
>>>>>>>> Math.round(DateDiff / Timer.ONE_DAY) + " days" based on the
>> code. I do
>>>>>>>> not see and message in the browser or the logs.
>>>>>>>>
>>>>>>>> I wonder if I am missing something....
>>>>>>>>
>>>>>>>> Sincerely,
>>>>>>>> Ahsan
>>>>>>>>
>>>>>>>>
>>>>>>>> On Fri, Feb 12, 2010 at 7:55 AM, Jeff Chapin
>> <[email protected] <mailto:[email protected]>
>>>>>>>> <mailto:[email protected] <mailto:[email protected]>>> wrote:
>>>>>>>>
>>>>>>>> You guys rock!
>>>>>>>>
>>>>>>>> Only problem I have is I am still not seeing anything new in
>> my logs. I
>>>>>>>> am seeing the same behavior as with the last version.
>>>>>>>>
>>>>>>>> Thank you so much for the assistance.
>>>>>>>>
>>>>>>>> Jeff
>>>>>>>>
>>>>>>>> Scott Battaglia wrote:
>>>>>>>>> I think Eric made an update to the page. Not sure if that will
>>>>>>>> help or not.
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Thu, Feb 11, 2010 at 10:29 AM, Jeff Chapin
>> <[email protected] <mailto:[email protected]>
>>>>>>>> <mailto:[email protected] <mailto:[email protected]>>
>>>>>>>>> <mailto:[email protected] <mailto:[email protected]>
>> <mailto:[email protected] <mailto:[email protected]>>>> wrote:
>>>>>>>>> I believe that log line came from this bean:
>>>>>>>>> <bean id="PasswordWarningCheckAction"
>>>>>>>>> class="org.jasig.cas.web.flow.PasswordWarningCheckAction">
>>>>>>>>> <property name="passwordWarningCheck"
>>>>>>>>> ref="passwordWarningCheck" />
>>>>>>>>> </bean>
>>>>>>>>> This was documented in the link below. Am I off base? I am still
>>>>>>>>> learning how this setup works and feeling my way around.
>>>>>>>>> Jeff
>>>>>>>>> Scott Battaglia wrote:
>>>>>>>>>> I don't know much about it but there's no reason it shouldn't
>>>>>>>>> work. It
>>>>>>>>>> doesn't look like there any instructions to tell you to add
>> it to the
>>>>>>>>>> web flow though.
>>>>>>>>>> On Wed, Feb 10, 2010 at 12:03 PM, Jeff Chapin
>>>>>>>> <[email protected] <mailto:[email protected]>
>> <mailto:[email protected] <mailto:[email protected]>>
>>>>>>>>> <mailto:[email protected] <mailto:[email protected]>
>> <mailto:[email protected] <mailto:[email protected]>>>
>>>>>>>>>> <mailto:[email protected] <mailto:[email protected]>
>> <mailto:[email protected] <mailto:[email protected]>>
>>>>>>>> <mailto:[email protected] <mailto:[email protected]>
>> <mailto:[email protected] <mailto:[email protected]>>>>> wrote:
>>>>>>>>>> Hello,
>>>>>>>>>> I am using CAS 3.3.5, and I have tried to get LDAP password
>> policy
>>>>>>>>>> enforcement running, as per
>> http://www.ja-sig.org/wiki/display/CASUM/LDAP+Password+Policy+Enforcement.
>>>>>>>>>> I have cranked logging as follows:
>>>>>>>>>> log4j.logger.org.jasig.cas.services=INFO
>>>>>>>>>> log4j.logger.org.jasig.cas.web.flow=DEBUG
>> log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck=DEBUG
>>>>>>>>>> log4j.logger.org.jasig.cas.adaptors=DEBUG
>>>>>>>>>> , other than that, the logging is identical to the Logging
>> page on
>>>>>>>>>> the wiki.
>>>>>>>>>> Here are the only logs that are currently appearing:
>>>>>>>>>> 2010-02-10 10:58:58,550 INFO
>>>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] -
>> <Search
>>>>>>>>> Filter:
>>>>>>>>>> 'cn=%u'>
>>>>>>>>>> 2010-02-10 10:58:58,551 INFO
>>>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] -
>> <Expire Date
>>>>>>>>>> Attribute: 'pwdchangedtime'>
>>>>>>>>>> 2010-02-10 10:58:58,551 INFO
>>>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] -
>> <Warning
>>>>>>>> Days
>>>>>>>>>> Attribute: 'passwordwarningdays'>
>>>>>>>>>> 2010-02-10 10:58:58,551 INFO
>>>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] -
>> <Default
>>>>>>>>>> Warning Days: '-1'>
>>>>>>>>>> 2010-02-10 10:58:58,551 INFO
>>>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Date
>>>>>>>> format:
>>>>>>>>>> 'yyyyMMddHHmmss'z''>
>>>>>>>>>> 2010-02-10 10:58:58,551 INFO
>>>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] -
>> <LDAP Search
>>>>>>>>>> Base: 'cn=Users,dc=collab,dc=uni,dc=edu'>
>>>>>>>>>> 2010-02-10 10:58:58,553 DEBUG
>>>>>>>>>> [org.jasig.cas.web.flow.PasswordWarningCheckAction] -
>> <inited with
>> passwordWarningChecker='org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck'>
>>>>>>>>>> As well as a mention to the bean in the following line.
>>>>>>>>>> 2010-02-10 10:58:58,771 INFO
>> [org.springframework.beans.factory.support.DefaultListableBeanFactory] -
>>>>>>>>>> <Pre-instantiating singletons in
>> org.springframework.beans.factory.support.defaultlistablebeanfact...@3052ce:
>>>>>>>>>> It appears to me that the PasswordWarningCheck is not even
>> firing
>>>>>>>> -- I
>>>>>>>>>> would expect much more logging output that this.
>>>>>>>>>> As an aside, I put -1 as the Warning days, as out LDAP
>> server (Oracle
>>>>>>>>>> OID) currently only reports the time the password was last
>>>>>>>>> changed, not
>>>>>>>>>> when it expires. I have tried positive values with no
>> difference
>>>>>>>>> in the
>>>>>>>>>> results.
>>>>>>>>>> Am I missing something, or is this code simply incompatible
>> with the
>>>>>>>>>> current CAS version?
>>>>>>>>>> Thanks,
>>>>>>>>>> Jeff
>
>
- --
Jeff Chapin,
Assistant Systems/Applications Administrator
ITS-IS, University of Northern Iowa
Phone: 319-273-3162 Email: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvOJjwACgkQQiaEUfQoY7TsmQCgxtcnOdzkJAJMf+I2+s/cE+iW
Ek4Anj+YNlndf4+PiMNQo4AjLIc8mC/O
=9+Ym
-----END PGP SIGNATURE-----
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
