If it looks like there's a bug, can you file a JIRA issue? I haven't had a chance to try it out myself yet.
On Fri, Jun 4, 2010 at 2:27 PM, Patrick Berry <[email protected]> wrote: > I've been having trouble configuring this as well. I'm not entirely sure > how to move forward either. > > Pat > > On Thu, Jun 3, 2010 at 2:48 PM, aruhi <[email protected]> wrote: > >> I downloaded the new out of the box version of cas-server-3.4.2 and >> deplyed it. It ran perfectly fine. Then I tried to enable >> InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter >> by following steps given on >> https://wiki.jasig.org/display/CASUM/Throttling+Login+Attempts >> and suggestions made at >> >> http://jasig.275507.n4.nabble.com/Error-Throttling-Login-Attempts-td2131456.html >> >> Made following additions in cas-servlet.xml:- >> >> >> <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping" >> p:flowRegistry-ref="flowRegistry" p:order="2"> >> <property name="interceptors"> >> <list> >> <ref local="localeChangeInterceptor" /> >> <ref bean="throttleInterceptor" /> >> </list> >> </property> >> </bean> >> >> <bean id="throttleInterceptor" >> class="org.jasig.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter" >> /> >> >> >> Though there was no error in the logs but the throttling of the login >> attempts was not happening. So I added few Debug logs to >> AbstractThrottledSubmissionHandlerInterceptorAdapter.java in postHandle() >> method as follows:- >> >> >> public final void postHandle(final HttpServletRequest request, final >> HttpServletResponse response, final Object o, final ModelAndView >> modelAndView) throws Exception { >> >> >> if(modelAndView == null){ >> >> >> log.debug("AbstractThrottledSubmissionHandlerInterceptorAdapter::postHandle():: >> modelAndView == null"); >> } >> else if(modelAndView.getViewName() == null){ >> >> >> log.debug("AbstractThrottledSubmissionHandlerInterceptorAdapter::postHandle():: >> modelAndView.getViewName() == null"); >> } >> else{ >> >> >> log.debug("AbstractThrottledSubmissionHandlerInterceptorAdapter::postHandle():: >> modelAndView.getViewName() = " + modelAndView.getViewName() ); >> } >> >> >> if (!"POST".equals(request.getMethod())) { >> return; >> } >> >> // this means that the authentication succeeded, I think >> if (modelAndView == null || >> !"casLoginView".equals(modelAndView.getViewName())) { >> log.debug("this means that the authentication succeeded"); >> return; >> } >> >> updateCount(request, this.usernameParameter); >> } >> >> >> I enabled DEBUG logging in log4j.xml as follows:- >> >> >> >> <logger >> name="org.jasig.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter"> >> <level value="DEBUG" /> >> <appender-ref ref="cas" /> >> </logger> >> >> >> Now in cas.log I am getting these logs every-time I do a login even with >> wrong password:- >> >> AbstractThrottledSubmissionHandlerInterceptorAdapter::postHandle():: >> modelAndView == null >> this means that the authentication succeeded >> >> Hence it always gets 'modelAndView' as null and never goes to >> updateCount() in postHandle(). >> >> Our organization is currently using cas-server-3.3.1 and we developed a >> similar version for throttling login attempts in it which is working fine. >> We are trying to upgrade to version 3.4.2 but our throttling version is not >> working with it so we thought to enable the >> InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter >> but couldn't get it to work too. >> >> Can any one suggest what is going wrong here?? >> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
