-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anyone know of any good documentation on how to use a debugger with cas/tomcat?
I found some documentation on how to run tomcat and listen for incoming connections, and I tried that, as well as opened the network ACLs to allow traffic, and then attempted to attach an install of eclipse to the tomcat host.... now what? I'm not a java dev and have simply been using vi on the server to develop and install cas, so I am stumped. Jeff Jeff Chapin wrote: > I am making slow progress. I am now seeing the following error in > localhost-`date`.out: > > > SEVERE: Servlet.service() for servlet cas threw exception > java.lang.InstantiationException > at > sun.reflect.InstantiationExceptionConstructorAccessorImpl.newInstance(InstantiationExceptionConstructorAccessorImpl.java:30) > at java.lang.reflect.Constructor.newInstance(Constructor.java:513) > at > org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:100) > at > org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:78) > at > org.springframework.web.servlet.view.UrlBasedViewResolver.buildView(UrlBasedViewResolver.java:431) > at > org.springframework.web.servlet.view.UrlBasedViewResolver.loadView(UrlBasedViewResolver.java:412) > at > org.springframework.web.servlet.view.AbstractCachingViewResolver.createView(AbstractCachingViewResolver.java:159) > at > org.springframework.web.servlet.view.UrlBasedViewResolver.createView(UrlBasedViewResolver.java:378) > at > org.springframework.web.servlet.view.AbstractCachingViewResolver.resolveViewName(AbstractCachingViewResolver.java:78) > at > org.springframework.web.servlet.DispatcherServlet.resolveViewName(DispatcherServlet.java:1215) > at > org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1164) > at > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:902) > at > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807) > at > org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571) > at > org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:511) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) > at > org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852) > at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) > at java.lang.Thread.run(Thread.java:619) > > > When a user that should be warned logs in. The user sees the following: > > CAS is Unavailable > > There was an error trying to complete your request. Please notify your > support desk or try again. > > > Any further suggestions? I am going to try and attach a debugger ASAP. > > Jeff > > > > Jeff Chapin wrote: >> Yes, we are using a maven overlay. > >> I will see if I can figure out a way to run a debugger on this. I don't >> do much java development, and the fact that this is on a unix host, >> combined with the ACLs we have in place to protect some of the resources >> might make debugging an interesting challenge. > >> Thanks for the advice. > >> Jeff > > > >> Ahsan Imam wrote: >>> Hi Jeff, >>> I am not sure if this will help but you can start tomcat in debug mode >>> and then attach a debugger (I used eclipse) to see what is happening. >>> When I was having issues I set my debug statement >>> (LdapPasswordWarningCheck.java) in the method getPasswordWarning. Some >>> other keys files to look through are >>> PasswordWarningCheckAction.java >>> PasswordWarningDynamicViewSelector.java (webflow) >>> AuthenticationViaFormAction.java >>> Stepping through the code gave me pretty good indication of what was >>> happening. Debugging prompted to modify properties files which I >>> neglected to update. Also we made some modifications to add more >>> functionality if a users password expired. >>> Also are you using cas maven overlay method? > >>> Ahsan > >>> On Wed, Apr 7, 2010 at 12:09 PM, Jeff Chapin <[email protected] >>> <mailto:[email protected]>> wrote: >>> To make things even more fun, the instance I have with LdapBind and an >>> attempt at the ldap-pwd module is letting locked users log in, but an >>> instance with FastBind is not. >>> I most definitely have something broken. >>> Jeff > >>> Jeff Chapin wrote: >>>> I know I am grave digging, but I am working on getting this module >>>> working still. >>>> I have gotten LdapBind working, and I have the password working >>>> information getting initialized: >>>> This is from catalina.out: >>>> 2010-04-06 16:42:18,580 INFO >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <LDAP Search >>>> Base: 'cn=Users,dc=Collab,dc=uni,dc=edu'> >>>> 2010-04-06 16:42:18,597 INFO >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Search >>> Filter: >>>> 'cn=%u'> >>>> 2010-04-06 16:42:18,597 INFO >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <warnAll: >>> 'true'> >>>> 2010-04-06 16:42:18,597 INFO >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Date format: >>>> 'yyyyMMddHHmmss'z''> >>>> 2010-04-06 16:42:18,597 INFO >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - >>>> <warningCheckType: 'change'> >>>> 2010-04-06 16:42:18,597 INFO >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Date >>>> Attribute: 'pwdchangedtime'> >>>> 2010-04-06 16:42:18,597 INFO >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Warning Days >>>> Attribute: 'passwordwarningdays'> >>>> 2010-04-06 16:42:18,597 INFO >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Valid Days >>>> Attribute: 'passwordexpiredays'> >>>> 2010-04-06 16:42:18,598 INFO >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Default >>>> Warning Days: '300'> >>>> 2010-04-06 16:42:18,598 INFO >>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Password Max >>>> Age (in days): '1'> >>>> Those are the correct values I entered -- but that is the last sign I >>>> see of the module being run. Nothing is logged, nor am I warned that I >>>> need to change my password -- even though I have warn set to true. >>>> I followed the guide here: >>> http://www.ja-sig.org/wiki/display/CASUM/LDAP+Password+Policy+Enforcement >>>> and I made the following changes to my default_view, as advised on >>> this >>>> thread: >>>> ## Expired Password Error message >>> casExpiredPassView.(class)=org.springframework.web.servlet.view.JstlView >>> casExpiredPassView.url=/WEB-INF/view/jsp/default/ui/casExpiredPassView.jsp >>>> ### Locked Account Error message >>> casAccountLockedView.(class)=org.springframework.web.servlet.view.JstlView >>> casAccountLockedView.url=/WEB-INF/view/jsp/default/ui/casAccountLockedView.jsp >>>> ### Disabled Account Error message >>> casAccountDisabledView.(class)=org.springframework.web.servlet.view.JstlView >>> casAccountDisabledView.url=/WEB-INF/view/jsp/default/ui/casAccountDisabledView.jsp >>>> ### Password Expiration Warning message (logged in, >>>> PasswordWarningCheck=true) >>>> casWarnPassView.(class)=org.springframework.web.servlet.view.JstlView >>>> casWarnPassView.url=/WEB-INF/view/jsp/default/ui/casWarnPassView.jsp >>>> I *am* getting the following error when I try to log into >>> /cas/services >>>> to test: >>>> 2010-04-06 16:43:08,245 DEBUG >>>> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - >>>> <Performing LDAP bind with credential: >>>> cn=chapinj,cn=Users,dc=collab,dc=uni,dc=edu> >>>> Exception in thread "Thread-14" java.security.ProviderException: >>>> update() failed >>>> 2010-04-06 16:43:08,299 INFO >>>> [org.jasig.cas.authentication.AuthenticationManagerImpl] - >>>> <AuthenticationHandler: >>>> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully >>>> authenticated the user which provided the following credentials: >>>> [username: chapinj]> >>>> at >>> sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:557) >>>> at >>> sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:457) >>>> at javax.crypto.Cipher.update(DashoA13*..) >>>> at >>>> com.sun.net.ssl.internal.ssl.CipherBox.encrypt(CipherBox.java:141) >>>> at >>> com.sun.net.ssl.internal.ssl.OutputRecord.encrypt(OutputRecord.java:197) >>>> at >>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecordInternal(SSLSocketImpl.java:733) >>>> at >>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:722) >>>> at >>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.sendAlert(SSLSocketImpl.java:1720) >>>> at >>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1606) >>>> at >>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1574) >>>> at >>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1538) >>>> at >>> com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1483) >>>> at >>> com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:86) >>>> at >>> java.io.BufferedInputStream.fill(BufferedInputStream.java:218) >>>> at >>> java.io.BufferedInputStream.read1(BufferedInputStream.java:258) >>>> at >>> java.io.BufferedInputStream.read(BufferedInputStream.java:317) >>>> at com.sun.jndi.ldap.Connection.run(Connection.java:805) >>>> at java.lang.Thread.run(Thread.java:619) >>>> Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: >>>> CKR_OPERATION_NOT_INITIALIZED >>>> at >>> sun.security.pkcs11.wrapper.PKCS11.C_EncryptUpdate(Native Method) >>>> at >>> sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:510) >>>> ... 17 more >>>> - From googling, this appears to be an issue with encryption -- >>> but I am >>>> not sure where I went wrong or managed to break things. >>>> This is java 1.6.0, cas 3.3.5, and Solaris 10. >>>> Any suggestions before I go bald? >>>> Thanks, >>>> Jeff >>>> Jeff Chapin wrote: >>>>> I had actually been barking up that tree -- using BindLdap, and not >>>>> FastBind, but had to move in different directions. I will try to >>>>> replicate your results in the morning and see what I can come up >>> with. >>>>> Thanks for the pointers! >>>>> Jeff >>>>> Vitty, Paul wrote: >>>>>> Jeff/Ahsan, >>>>>> I've been working on this issue this evening and have gotten to >>> the point where I am seeing the output you expect to see. >>>>>> I'm not sure, maybe you know this already, but the password >>> about to expire message is only shown when you request a service >>> ticket, it's not shown when only a ticket granting ticket is requested. >>>>>> Another thing I worked out is that you need to use the >>> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler for your >>> LDAP authentication handler in deployerConfigContext.xml, where as >>> before we were using the Fast Bind class. Not sure if that helps you >>> out, but it's got me this far. >>>>>> Paul >>>>>> On 15 Feb 2010, at 22:16, Jeff Chapin wrote: >>>>>> No, I have not got this to work yet. >>>>>> I moved focus to other issues on my plate. I will look into this >>> again >>>>>> further tomorrow, but this appears to be the *EXACT* same >>> experience I >>>>>> am having -- so we appear to be on the same page, at least. >>>>>> Jeff >>>>>> Ahsan Imam wrote: >>>>>>>>> Jeff, >>>>>>>>> >>>>>>>>> Did you ever get the module to work? Are you still have >>> issues? After >>>>>>>>> the documentation was updated on Feb 10, I changed my >>> configuration >>>>>>>>> setting specified for passwordWarningcheck.xml. I am getting >>> no warning >>>>>>>>> message and there is nothing in the logs. Logging is set to: >>>>>>>>> >>>>>>>>> log4j.logger.org.jasig.cas.services=INFO >>>>>>>>> log4j.logger.org.jasig.cas.web.flow=DEBUG >>>>>>>>> >>> log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck=DEBUG >>>>>>>>> log4j.logger.org.jasig.cas.adaptors=DEBUG >>>>>>>>> >>>>>>>>> >>>>>>>>> I set warnAll to true and I should see a message "Show >>> Warning (WarnALL >>>>>>>>> is TRUE!) -- The password for " + userID + " will expire in " + >>>>>>>>> Math.round(DateDiff / Timer.ONE_DAY) + " days" based on the >>> code. I do >>>>>>>>> not see and message in the browser or the logs. >>>>>>>>> >>>>>>>>> I wonder if I am missing something.... >>>>>>>>> >>>>>>>>> Sincerely, >>>>>>>>> Ahsan >>>>>>>>> >>>>>>>>> >>>>>>>>> On Fri, Feb 12, 2010 at 7:55 AM, Jeff Chapin >>> <[email protected] <mailto:[email protected]> >>>>>>>>> <mailto:[email protected] <mailto:[email protected]>>> wrote: >>>>>>>>> >>>>>>>>> You guys rock! >>>>>>>>> >>>>>>>>> Only problem I have is I am still not seeing anything new in >>> my logs. I >>>>>>>>> am seeing the same behavior as with the last version. >>>>>>>>> >>>>>>>>> Thank you so much for the assistance. >>>>>>>>> >>>>>>>>> Jeff >>>>>>>>> >>>>>>>>> Scott Battaglia wrote: >>>>>>>>>> I think Eric made an update to the page. Not sure if that will >>>>>>>>> help or not. >>>>>>>>> >>>>>>>>> >>>>>>>>>> On Thu, Feb 11, 2010 at 10:29 AM, Jeff Chapin >>> <[email protected] <mailto:[email protected]> >>>>>>>>> <mailto:[email protected] <mailto:[email protected]>> >>>>>>>>>> <mailto:[email protected] <mailto:[email protected]> >>> <mailto:[email protected] <mailto:[email protected]>>>> wrote: >>>>>>>>>> I believe that log line came from this bean: >>>>>>>>>> <bean id="PasswordWarningCheckAction" >>>>>>>>>> class="org.jasig.cas.web.flow.PasswordWarningCheckAction"> >>>>>>>>>> <property name="passwordWarningCheck" >>>>>>>>>> ref="passwordWarningCheck" /> >>>>>>>>>> </bean> >>>>>>>>>> This was documented in the link below. Am I off base? I am still >>>>>>>>>> learning how this setup works and feeling my way around. >>>>>>>>>> Jeff >>>>>>>>>> Scott Battaglia wrote: >>>>>>>>>>> I don't know much about it but there's no reason it shouldn't >>>>>>>>>> work. It >>>>>>>>>>> doesn't look like there any instructions to tell you to add >>> it to the >>>>>>>>>>> web flow though. >>>>>>>>>>> On Wed, Feb 10, 2010 at 12:03 PM, Jeff Chapin >>>>>>>>> <[email protected] <mailto:[email protected]> >>> <mailto:[email protected] <mailto:[email protected]>> >>>>>>>>>> <mailto:[email protected] <mailto:[email protected]> >>> <mailto:[email protected] <mailto:[email protected]>>> >>>>>>>>>>> <mailto:[email protected] <mailto:[email protected]> >>> <mailto:[email protected] <mailto:[email protected]>> >>>>>>>>> <mailto:[email protected] <mailto:[email protected]> >>> <mailto:[email protected] <mailto:[email protected]>>>>> wrote: >>>>>>>>>>> Hello, >>>>>>>>>>> I am using CAS 3.3.5, and I have tried to get LDAP password >>> policy >>>>>>>>>>> enforcement running, as per >>> http://www.ja-sig.org/wiki/display/CASUM/LDAP+Password+Policy+Enforcement. >>>>>>>>>>> I have cranked logging as follows: >>>>>>>>>>> log4j.logger.org.jasig.cas.services=INFO >>>>>>>>>>> log4j.logger.org.jasig.cas.web.flow=DEBUG >>> log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck=DEBUG >>>>>>>>>>> log4j.logger.org.jasig.cas.adaptors=DEBUG >>>>>>>>>>> , other than that, the logging is identical to the Logging >>> page on >>>>>>>>>>> the wiki. >>>>>>>>>>> Here are the only logs that are currently appearing: >>>>>>>>>>> 2010-02-10 10:58:58,550 INFO >>>>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - >>> <Search >>>>>>>>>> Filter: >>>>>>>>>>> 'cn=%u'> >>>>>>>>>>> 2010-02-10 10:58:58,551 INFO >>>>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - >>> <Expire Date >>>>>>>>>>> Attribute: 'pwdchangedtime'> >>>>>>>>>>> 2010-02-10 10:58:58,551 INFO >>>>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - >>> <Warning >>>>>>>>> Days >>>>>>>>>>> Attribute: 'passwordwarningdays'> >>>>>>>>>>> 2010-02-10 10:58:58,551 INFO >>>>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - >>> <Default >>>>>>>>>>> Warning Days: '-1'> >>>>>>>>>>> 2010-02-10 10:58:58,551 INFO >>>>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Date >>>>>>>>> format: >>>>>>>>>>> 'yyyyMMddHHmmss'z''> >>>>>>>>>>> 2010-02-10 10:58:58,551 INFO >>>>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - >>> <LDAP Search >>>>>>>>>>> Base: 'cn=Users,dc=collab,dc=uni,dc=edu'> >>>>>>>>>>> 2010-02-10 10:58:58,553 DEBUG >>>>>>>>>>> [org.jasig.cas.web.flow.PasswordWarningCheckAction] - >>> <inited with >>> passwordWarningChecker='org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck'> >>>>>>>>>>> As well as a mention to the bean in the following line. >>>>>>>>>>> 2010-02-10 10:58:58,771 INFO >>> [org.springframework.beans.factory.support.DefaultListableBeanFactory] - >>>>>>>>>>> <Pre-instantiating singletons in >>> org.springframework.beans.factory.support.defaultlistablebeanfact...@3052ce: >>>>>>>>>>> It appears to me that the PasswordWarningCheck is not even >>> firing >>>>>>>>> -- I >>>>>>>>>>> would expect much more logging output that this. >>>>>>>>>>> As an aside, I put -1 as the Warning days, as out LDAP >>> server (Oracle >>>>>>>>>>> OID) currently only reports the time the password was last >>>>>>>>>> changed, not >>>>>>>>>>> when it expires. I have tried positive values with no >>> difference >>>>>>>>>> in the >>>>>>>>>>> results. >>>>>>>>>>> Am I missing something, or is this code simply incompatible >>> with the >>>>>>>>>>> current CAS version? >>>>>>>>>>> Thanks, >>>>>>>>>>> Jeff > > - -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: [email protected] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvOLQAACgkQQiaEUfQoY7SMPQCggeOn8/imAvuSeN1qIZPofG+3 pZkAni21p5daQl6uCk13i4DQxY1viyjV =hJUF -----END PGP SIGNATURE----- -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
