I've been having trouble configuring this as well. I'm not entirely sure how to move forward either.
Pat On Thu, Jun 3, 2010 at 2:48 PM, aruhi <[email protected]> wrote: > I downloaded the new out of the box version of cas-server-3.4.2 and deplyed > it. It ran perfectly fine. Then I tried to enable > InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter > by following steps given on > https://wiki.jasig.org/display/CASUM/Throttling+Login+Attempts > and suggestions made at > > http://jasig.275507.n4.nabble.com/Error-Throttling-Login-Attempts-td2131456.html > > Made following additions in cas-servlet.xml:- > > > <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping" > p:flowRegistry-ref="flowRegistry" p:order="2"> > <property name="interceptors"> > <list> > <ref local="localeChangeInterceptor" /> > <ref bean="throttleInterceptor" /> > </list> > </property> > </bean> > > <bean id="throttleInterceptor" > class="org.jasig.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter" > /> > > > Though there was no error in the logs but the throttling of the login > attempts was not happening. So I added few Debug logs to > AbstractThrottledSubmissionHandlerInterceptorAdapter.java in postHandle() > method as follows:- > > > public final void postHandle(final HttpServletRequest request, final > HttpServletResponse response, final Object o, final ModelAndView > modelAndView) throws Exception { > > > if(modelAndView == null){ > > > log.debug("AbstractThrottledSubmissionHandlerInterceptorAdapter::postHandle():: > modelAndView == null"); > } > else if(modelAndView.getViewName() == null){ > > > log.debug("AbstractThrottledSubmissionHandlerInterceptorAdapter::postHandle():: > modelAndView.getViewName() == null"); > } > else{ > > > log.debug("AbstractThrottledSubmissionHandlerInterceptorAdapter::postHandle():: > modelAndView.getViewName() = " + modelAndView.getViewName() ); > } > > > if (!"POST".equals(request.getMethod())) { > return; > } > > // this means that the authentication succeeded, I think > if (modelAndView == null || > !"casLoginView".equals(modelAndView.getViewName())) { > log.debug("this means that the authentication succeeded"); > return; > } > > updateCount(request, this.usernameParameter); > } > > > I enabled DEBUG logging in log4j.xml as follows:- > > > > <logger > name="org.jasig.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter"> > <level value="DEBUG" /> > <appender-ref ref="cas" /> > </logger> > > > Now in cas.log I am getting these logs every-time I do a login even with > wrong password:- > > AbstractThrottledSubmissionHandlerInterceptorAdapter::postHandle():: > modelAndView == null > this means that the authentication succeeded > > Hence it always gets 'modelAndView' as null and never goes to updateCount() > in postHandle(). > > Our organization is currently using cas-server-3.3.1 and we developed a > similar version for throttling login attempts in it which is working fine. > We are trying to upgrade to version 3.4.2 but our throttling version is not > working with it so we thought to enable the > InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter > but couldn't get it to work too. > > Can any one suggest what is going wrong here?? > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
