It looks like you might be having trouble instantiating one of the views but I can't really tell.
On Tue, Apr 20, 2010 at 6:10 PM, Jeff Chapin <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I am making slow progress. I am now seeing the following error in > localhost-`date`.out: > > > SEVERE: Servlet.service() for servlet cas threw exception > java.lang.InstantiationException > at > > sun.reflect.InstantiationExceptionConstructorAccessorImpl.newInstance(InstantiationExceptionConstructorAccessorImpl.java:30) > at java.lang.reflect.Constructor.newInstance(Constructor.java:513) > at > org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:100) > at > org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:78) > at > > org.springframework.web.servlet.view.UrlBasedViewResolver.buildView(UrlBasedViewResolver.java:431) > at > > org.springframework.web.servlet.view.UrlBasedViewResolver.loadView(UrlBasedViewResolver.java:412) > at > > org.springframework.web.servlet.view.AbstractCachingViewResolver.createView(AbstractCachingViewResolver.java:159) > at > > org.springframework.web.servlet.view.UrlBasedViewResolver.createView(UrlBasedViewResolver.java:378) > at > > org.springframework.web.servlet.view.AbstractCachingViewResolver.resolveViewName(AbstractCachingViewResolver.java:78) > at > > org.springframework.web.servlet.DispatcherServlet.resolveViewName(DispatcherServlet.java:1215) > at > > org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1164) > at > > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:902) > at > > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807) > at > > org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571) > at > > org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:511) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) > at > > org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115) > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > > org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48) > at > > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > at > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) > at > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > at > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852) > at > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) > at java.lang.Thread.run(Thread.java:619) > > > When a user that should be warned logs in. The user sees the following: > > CAS is Unavailable > > There was an error trying to complete your request. Please notify your > support desk or try again. > > > Any further suggestions? I am going to try and attach a debugger ASAP. > > Jeff > > > > Jeff Chapin wrote: > > Yes, we are using a maven overlay. > > > > I will see if I can figure out a way to run a debugger on this. I don't > > do much java development, and the fact that this is on a unix host, > > combined with the ACLs we have in place to protect some of the resources > > might make debugging an interesting challenge. > > > > Thanks for the advice. > > > > Jeff > > > > > > > > Ahsan Imam wrote: > >> Hi Jeff, > > > >> I am not sure if this will help but you can start tomcat in debug mode > >> and then attach a debugger (I used eclipse) to see what is happening. > >> When I was having issues I set my debug statement > >> (LdapPasswordWarningCheck.java) in the method getPasswordWarning. Some > >> other keys files to look through are > > > >> PasswordWarningCheckAction.java > >> PasswordWarningDynamicViewSelector.java (webflow) > >> AuthenticationViaFormAction.java > > > >> Stepping through the code gave me pretty good indication of what was > >> happening. Debugging prompted to modify properties files which I > >> neglected to update. Also we made some modifications to add more > >> functionality if a users password expired. > > > >> Also are you using cas maven overlay method? > > > > > >> Ahsan > > > > > >> On Wed, Apr 7, 2010 at 12:09 PM, Jeff Chapin <[email protected] > >> <mailto:[email protected]>> wrote: > > > >> To make things even more fun, the instance I have with LdapBind and an > >> attempt at the ldap-pwd module is letting locked users log in, but an > >> instance with FastBind is not. > > > >> I most definitely have something broken. > > > >> Jeff > > > > > >> Jeff Chapin wrote: > >>> I know I am grave digging, but I am working on getting this module > >>> working still. > >>> I have gotten LdapBind working, and I have the password working > >>> information getting initialized: > >>> This is from catalina.out: > >>> 2010-04-06 16:42:18,580 INFO > >>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <LDAP Search > >>> Base: 'cn=Users,dc=Collab,dc=uni,dc=edu'> > >>> 2010-04-06 16:42:18,597 INFO > >>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Search > >> Filter: > >>> 'cn=%u'> > >>> 2010-04-06 16:42:18,597 INFO > >>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <warnAll: > >> 'true'> > >>> 2010-04-06 16:42:18,597 INFO > >>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Date format: > >>> 'yyyyMMddHHmmss'z''> > >>> 2010-04-06 16:42:18,597 INFO > >>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - > >>> <warningCheckType: 'change'> > >>> 2010-04-06 16:42:18,597 INFO > >>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Date > >>> Attribute: 'pwdchangedtime'> > >>> 2010-04-06 16:42:18,597 INFO > >>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Warning Days > >>> Attribute: 'passwordwarningdays'> > >>> 2010-04-06 16:42:18,597 INFO > >>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Valid Days > >>> Attribute: 'passwordexpiredays'> > >>> 2010-04-06 16:42:18,598 INFO > >>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Default > >>> Warning Days: '300'> > >>> 2010-04-06 16:42:18,598 INFO > >>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Password Max > >>> Age (in days): '1'> > > > >>> Those are the correct values I entered -- but that is the last sign I > >>> see of the module being run. Nothing is logged, nor am I warned that I > >>> need to change my password -- even though I have warn set to true. > >>> I followed the guide here: > > > >> > http://www.ja-sig.org/wiki/display/CASUM/LDAP+Password+Policy+Enforcement > > > >>> and I made the following changes to my default_view, as advised on > >> this > >>> thread: > >>> ## Expired Password Error message > >> casExpiredPassView.(class)=org.springframework.web.servlet.view.JstlView > > > >> > casExpiredPassView.url=/WEB-INF/view/jsp/default/ui/casExpiredPassView.jsp > > > >>> ### Locked Account Error message > >> > casAccountLockedView.(class)=org.springframework.web.servlet.view.JstlView > > > >> > casAccountLockedView.url=/WEB-INF/view/jsp/default/ui/casAccountLockedView.jsp > > > >>> ### Disabled Account Error message > >> > casAccountDisabledView.(class)=org.springframework.web.servlet.view.JstlView > > > >> > casAccountDisabledView.url=/WEB-INF/view/jsp/default/ui/casAccountDisabledView.jsp > > > >>> ### Password Expiration Warning message (logged in, > >>> PasswordWarningCheck=true) > >>> casWarnPassView.(class)=org.springframework.web.servlet.view.JstlView > >>> casWarnPassView.url=/WEB-INF/view/jsp/default/ui/casWarnPassView.jsp > > > >>> I *am* getting the following error when I try to log into > >> /cas/services > >>> to test: > >>> 2010-04-06 16:43:08,245 DEBUG > >>> [org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler] - > >>> <Performing LDAP bind with credential: > >>> cn=chapinj,cn=Users,dc=collab,dc=uni,dc=edu> > >>> Exception in thread "Thread-14" java.security.ProviderException: > >>> update() failed > >>> 2010-04-06 16:43:08,299 INFO > >>> [org.jasig.cas.authentication.AuthenticationManagerImpl] - > >>> <AuthenticationHandler: > >>> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully > >>> authenticated the user which provided the following credentials: > >>> [username: chapinj]> > >>> at > >> sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:557) > >>> at > >> sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:457) > >>> at javax.crypto.Cipher.update(DashoA13*..) > >>> at > >>> com.sun.net.ssl.internal.ssl.CipherBox.encrypt(CipherBox.java:141) > >>> at > >> com.sun.net.ssl.internal.ssl.OutputRecord.encrypt(OutputRecord.java:197) > >>> at > >> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecordInternal(SSLSocketImpl.java:733) > >>> at > >> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:722) > >>> at > >> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.sendAlert(SSLSocketImpl.java:1720) > >>> at > >> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1606) > >>> at > >> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1574) > >>> at > >> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1538) > >>> at > >> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1483) > >>> at > >> com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:86) > >>> at > >> java.io.BufferedInputStream.fill(BufferedInputStream.java:218) > >>> at > >> java.io.BufferedInputStream.read1(BufferedInputStream.java:258) > >>> at > >> java.io.BufferedInputStream.read(BufferedInputStream.java:317) > >>> at com.sun.jndi.ldap.Connection.run(Connection.java:805) > >>> at java.lang.Thread.run(Thread.java:619) > >>> Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: > >>> CKR_OPERATION_NOT_INITIALIZED > >>> at > >> sun.security.pkcs11.wrapper.PKCS11.C_EncryptUpdate(Native Method) > >>> at > >> sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:510) > >>> ... 17 more > >>> - From googling, this appears to be an issue with encryption -- > >> but I am > >>> not sure where I went wrong or managed to break things. > >>> This is java 1.6.0, cas 3.3.5, and Solaris 10. > >>> Any suggestions before I go bald? > >>> Thanks, > >>> Jeff > > > >>> Jeff Chapin wrote: > >>>> I had actually been barking up that tree -- using BindLdap, and not > >>>> FastBind, but had to move in different directions. I will try to > >>>> replicate your results in the morning and see what I can come up > >> with. > > > >>>> Thanks for the pointers! > >>>> Jeff > >>>> Vitty, Paul wrote: > >>>>> Jeff/Ahsan, > >>>>> I've been working on this issue this evening and have gotten to > >> the point where I am seeing the output you expect to see. > >>>>> I'm not sure, maybe you know this already, but the password > >> about to expire message is only shown when you request a service > >> ticket, it's not shown when only a ticket granting ticket is requested. > >>>>> Another thing I worked out is that you need to use the > >> org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler for your > >> LDAP authentication handler in deployerConfigContext.xml, where as > >> before we were using the Fast Bind class. Not sure if that helps you > >> out, but it's got me this far. > >>>>> Paul > >>>>> On 15 Feb 2010, at 22:16, Jeff Chapin wrote: > >>>>> No, I have not got this to work yet. > >>>>> I moved focus to other issues on my plate. I will look into this > >> again > >>>>> further tomorrow, but this appears to be the *EXACT* same > >> experience I > >>>>> am having -- so we appear to be on the same page, at least. > >>>>> Jeff > >>>>> Ahsan Imam wrote: > >>>>>>>> Jeff, > >>>>>>>> > >>>>>>>> Did you ever get the module to work? Are you still have > >> issues? After > >>>>>>>> the documentation was updated on Feb 10, I changed my > >> configuration > >>>>>>>> setting specified for passwordWarningcheck.xml. I am getting > >> no warning > >>>>>>>> message and there is nothing in the logs. Logging is set to: > >>>>>>>> > >>>>>>>> log4j.logger.org.jasig.cas.services=INFO > >>>>>>>> log4j.logger.org.jasig.cas.web.flow=DEBUG > >>>>>>>> > >> log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck=DEBUG > >>>>>>>> log4j.logger.org.jasig.cas.adaptors=DEBUG > >>>>>>>> > >>>>>>>> > >>>>>>>> I set warnAll to true and I should see a message "Show > >> Warning (WarnALL > >>>>>>>> is TRUE!) -- The password for " + userID + " will expire in " + > >>>>>>>> Math.round(DateDiff / Timer.ONE_DAY) + " days" based on the > >> code. I do > >>>>>>>> not see and message in the browser or the logs. > >>>>>>>> > >>>>>>>> I wonder if I am missing something.... > >>>>>>>> > >>>>>>>> Sincerely, > >>>>>>>> Ahsan > >>>>>>>> > >>>>>>>> > >>>>>>>> On Fri, Feb 12, 2010 at 7:55 AM, Jeff Chapin > >> <[email protected] <mailto:[email protected]> > >>>>>>>> <mailto:[email protected] <mailto:[email protected]>>> wrote: > >>>>>>>> > >>>>>>>> You guys rock! > >>>>>>>> > >>>>>>>> Only problem I have is I am still not seeing anything new in > >> my logs. I > >>>>>>>> am seeing the same behavior as with the last version. > >>>>>>>> > >>>>>>>> Thank you so much for the assistance. > >>>>>>>> > >>>>>>>> Jeff > >>>>>>>> > >>>>>>>> Scott Battaglia wrote: > >>>>>>>>> I think Eric made an update to the page. Not sure if that will > >>>>>>>> help or not. > >>>>>>>> > >>>>>>>> > >>>>>>>>> On Thu, Feb 11, 2010 at 10:29 AM, Jeff Chapin > >> <[email protected] <mailto:[email protected]> > >>>>>>>> <mailto:[email protected] <mailto:[email protected]>> > >>>>>>>>> <mailto:[email protected] <mailto:[email protected]> > >> <mailto:[email protected] <mailto:[email protected]>>>> wrote: > >>>>>>>>> I believe that log line came from this bean: > >>>>>>>>> <bean id="PasswordWarningCheckAction" > >>>>>>>>> class="org.jasig.cas.web.flow.PasswordWarningCheckAction"> > >>>>>>>>> <property name="passwordWarningCheck" > >>>>>>>>> ref="passwordWarningCheck" /> > >>>>>>>>> </bean> > >>>>>>>>> This was documented in the link below. Am I off base? I am still > >>>>>>>>> learning how this setup works and feeling my way around. > >>>>>>>>> Jeff > >>>>>>>>> Scott Battaglia wrote: > >>>>>>>>>> I don't know much about it but there's no reason it shouldn't > >>>>>>>>> work. It > >>>>>>>>>> doesn't look like there any instructions to tell you to add > >> it to the > >>>>>>>>>> web flow though. > >>>>>>>>>> On Wed, Feb 10, 2010 at 12:03 PM, Jeff Chapin > >>>>>>>> <[email protected] <mailto:[email protected]> > >> <mailto:[email protected] <mailto:[email protected]>> > >>>>>>>>> <mailto:[email protected] <mailto:[email protected]> > >> <mailto:[email protected] <mailto:[email protected]>>> > >>>>>>>>>> <mailto:[email protected] <mailto:[email protected]> > >> <mailto:[email protected] <mailto:[email protected]>> > >>>>>>>> <mailto:[email protected] <mailto:[email protected]> > >> <mailto:[email protected] <mailto:[email protected]>>>>> wrote: > >>>>>>>>>> Hello, > >>>>>>>>>> I am using CAS 3.3.5, and I have tried to get LDAP password > >> policy > >>>>>>>>>> enforcement running, as per > >> > http://www.ja-sig.org/wiki/display/CASUM/LDAP+Password+Policy+Enforcement. > >>>>>>>>>> I have cranked logging as follows: > >>>>>>>>>> log4j.logger.org.jasig.cas.services=INFO > >>>>>>>>>> log4j.logger.org.jasig.cas.web.flow=DEBUG > >> log4j.logger.org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck=DEBUG > >>>>>>>>>> log4j.logger.org.jasig.cas.adaptors=DEBUG > >>>>>>>>>> , other than that, the logging is identical to the Logging > >> page on > >>>>>>>>>> the wiki. > >>>>>>>>>> Here are the only logs that are currently appearing: > >>>>>>>>>> 2010-02-10 10:58:58,550 INFO > >>>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - > >> <Search > >>>>>>>>> Filter: > >>>>>>>>>> 'cn=%u'> > >>>>>>>>>> 2010-02-10 10:58:58,551 INFO > >>>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - > >> <Expire Date > >>>>>>>>>> Attribute: 'pwdchangedtime'> > >>>>>>>>>> 2010-02-10 10:58:58,551 INFO > >>>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - > >> <Warning > >>>>>>>> Days > >>>>>>>>>> Attribute: 'passwordwarningdays'> > >>>>>>>>>> 2010-02-10 10:58:58,551 INFO > >>>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - > >> <Default > >>>>>>>>>> Warning Days: '-1'> > >>>>>>>>>> 2010-02-10 10:58:58,551 INFO > >>>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - <Date > >>>>>>>> format: > >>>>>>>>>> 'yyyyMMddHHmmss'z''> > >>>>>>>>>> 2010-02-10 10:58:58,551 INFO > >>>>>>>>>> [org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck] - > >> <LDAP Search > >>>>>>>>>> Base: 'cn=Users,dc=collab,dc=uni,dc=edu'> > >>>>>>>>>> 2010-02-10 10:58:58,553 DEBUG > >>>>>>>>>> [org.jasig.cas.web.flow.PasswordWarningCheckAction] - > >> <inited with > >> > passwordWarningChecker='org.jasig.cas.adaptors.ldap.LdapPasswordWarningCheck'> > >>>>>>>>>> As well as a mention to the bean in the following line. > >>>>>>>>>> 2010-02-10 10:58:58,771 INFO > >> [org.springframework.beans.factory.support.DefaultListableBeanFactory] - > >>>>>>>>>> <Pre-instantiating singletons in > >> > org.springframework.beans.factory.support.defaultlistablebeanfact...@3052ce > : > >>>>>>>>>> It appears to me that the PasswordWarningCheck is not even > >> firing > >>>>>>>> -- I > >>>>>>>>>> would expect much more logging output that this. > >>>>>>>>>> As an aside, I put -1 as the Warning days, as out LDAP > >> server (Oracle > >>>>>>>>>> OID) currently only reports the time the password was last > >>>>>>>>> changed, not > >>>>>>>>>> when it expires. I have tried positive values with no > >> difference > >>>>>>>>> in the > >>>>>>>>>> results. > >>>>>>>>>> Am I missing something, or is this code simply incompatible > >> with the > >>>>>>>>>> current CAS version? > >>>>>>>>>> Thanks, > >>>>>>>>>> Jeff > > > > > > - -- > Jeff Chapin, > Assistant Systems/Applications Administrator > ITS-IS, University of Northern Iowa > Phone: 319-273-3162 Email: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkvOJjwACgkQQiaEUfQoY7TsmQCgxtcnOdzkJAJMf+I2+s/cE+iW > Ek4Anj+YNlndf4+PiMNQo4AjLIc8mC/O > =9+Ym > -----END PGP SIGNATURE----- > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
