I think we've reproduced the issue and produced a successful patch. It looks like this behavior results from the change to Spring Web Flow 2 as of the CAS 3.4 release. Web Flow 2 differs substantially from its predecessor, and as was noted, it looks like it doesn't ever pass ModelAndView objects to the handler interceptor.
To address the issue, I've changed the logic to look for the flow request context and examine that context's reported "current event." That event should be either "success" for a successful authentication attempt, or "error" for a failure. This code does presuppose the use of Spring Web Flow, but given how extensively CAS relies on the framework right now, I don't think that's a problem. I've also updated one of the unit tests to be compatible with this new behavior, as well as be a little more complete. I've created a JIRA at https://issues.jasig.org/browse/CAS-881 and attached a patch file to the issue. - Jen -- Jen Bourey Software Developer Unicon, Inc. > If it looks like there's a bug, can you file a JIRA issue? I haven't had a > chance to try it out myself yet. > > > > On Fri, Jun 4, 2010 at 2:27 PM, Patrick Berry <[email protected]> wrote: > > > I've been having trouble configuring this as well. I'm not entirely sure > > how to move forward either. > > > > Pat > > > > On Thu, Jun 3, 2010 at 2:48 PM, aruhi <[email protected]> wrote: > > > >> I downloaded the new out of the box version of cas-server-3.4.2 and > >> deplyed it. It ran perfectly fine. Then I tried to enable > >> InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter > >> by following steps given on > >> https://wiki.jasig.org/display/CASUM/Throttling+Login+Attempts > >> and suggestions made at > >> > >> http://jasig.275507.n4.nabble.com/Error-Throttling-Login-Attempts-td2131456.html > >> > >> Made following additions in cas-servlet.xml:- > >> > >> > >> <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping" > >> p:flowRegistry-ref="flowRegistry" p:order="2"> > >> <property name="interceptors"> > >> <list> > >> <ref local="localeChangeInterceptor" /> > >> <ref bean="throttleInterceptor" /> > >> </list> > >> </property> > >> </bean> > >> > >> <bean id="throttleInterceptor" > >> class="org.jasig.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter" > >> /> > >> > >> > >> Though there was no error in the logs but the throttling of the login > >> attempts was not happening. So I added few Debug logs to > >> AbstractThrottledSubmissionHandlerInterceptorAdapter.java in postHandle() > >> method as follows:- > >> > >> > >> public final void postHandle(final HttpServletRequest request, final > >> HttpServletResponse response, final Object o, final ModelAndView > >> modelAndView) throws Exception { > >> > >> > >> if(modelAndView == null){ > >> > >> > >> log.debug("AbstractThrottledSubmissionHandlerInterceptorAdapter::postHandle():: > >> modelAndView == null"); > >> } > >> else if(modelAndView.getViewName() == null){ > >> > >> > >> log.debug("AbstractThrottledSubmissionHandlerInterceptorAdapter::postHandle():: > >> modelAndView.getViewName() == null"); > >> } > >> else{ > >> > >> > >> log.debug("AbstractThrottledSubmissionHandlerInterceptorAdapter::postHandle():: > >> modelAndView.getViewName() = " + modelAndView.getViewName() ); > >> } > >> > >> > >> if (!"POST".equals(request.getMethod())) { > >> return; > >> } > >> > >> // this means that the authentication succeeded, I think > >> if (modelAndView == null || > >> !"casLoginView".equals(modelAndView.getViewName())) { > >> log.debug("this means that the authentication succeeded"); > >> return; > >> } > >> > >> updateCount(request, this.usernameParameter); > >> } > >> > >> > >> I enabled DEBUG logging in log4j.xml as follows:- > >> > >> > >> > >> <logger > >> name="org.jasig.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter"> > >> <level value="DEBUG" /> > >> <appender-ref ref="cas" /> > >> </logger> > >> > >> > >> Now in cas.log I am getting these logs every-time I do a login even with > >> wrong password:- > >> > >> AbstractThrottledSubmissionHandlerInterceptorAdapter::postHandle():: > >> modelAndView == null > >> this means that the authentication succeeded > >> > >> Hence it always gets 'modelAndView' as null and never goes to > >> updateCount() in postHandle(). > >> > >> Our organization is currently using cas-server-3.3.1 and we developed a > >> similar version for throttling login attempts in it which is working fine. > >> We are trying to upgrade to version 3.4.2 but our throttling version is not > >> working with it so we thought to enable the > >> InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter > >> but couldn't get it to work too. > >> > >> Can any one suggest what is going wrong here?? -- Jen Bourey Software Developer Unicon, Inc. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
