Thanks! I just saw the JIRA issue come in. I've targeted towards 3.5. If we find that 3.5 is taking an exceptionally long time, we'll do a 3.4.3 release.
Cheers, Scott On Wed, Jun 9, 2010 at 7:20 PM, Jennifer Bourey <[email protected]>wrote: > I think we've reproduced the issue and produced a successful patch. It > looks like this behavior results from the change to Spring Web Flow 2 as of > the CAS 3.4 release. Web Flow 2 differs substantially from its predecessor, > and as was noted, it looks like it doesn't ever pass ModelAndView objects to > the handler interceptor. > > To address the issue, I've changed the logic to look for the flow request > context and examine that context's reported "current event." That event > should be either "success" for a successful authentication attempt, or > "error" for a failure. > > This code does presuppose the use of Spring Web Flow, but given how > extensively CAS relies on the framework right now, I don't think that's a > problem. I've also updated one of the unit tests to be compatible with this > new behavior, as well as be a little more complete. > > I've created a JIRA at https://issues.jasig.org/browse/CAS-881 and > attached a patch file to the issue. > > - Jen > > -- > Jen Bourey > Software Developer > Unicon, Inc. > > If it looks like there's a bug, can you file a JIRA issue? I haven't had a > chance to try it out myself yet. > > > > On Fri, Jun 4, 2010 at 2:27 PM, Patrick Berry <[email protected]> wrote: > > > I've been having trouble configuring this as well. I'm not entirely sure > > how to move forward either. > > > > Pat > > > > On Thu, Jun 3, 2010 at 2:48 PM, aruhi <[email protected]> wrote: > > > >> I downloaded the new out of the box version of cas-server-3.4.2 and > >> deplyed it. It ran perfectly fine. Then I tried to enable > >> InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter > >> by following steps given on > >> https://wiki.jasig.org/display/CASUM/Throttling+Login+Attempts > > >> and suggestions made at > >> > >> http://jasig.275507.n4.nabble.com/Error-Throttling-Login-Attempts-td2131456.html > >> > >> Made following additions in cas-servlet.xml:- > >> > >> > >> <bean class="org.springframework.webflow.mvc.servlet.FlowHandlerMapping" > >> p:flowRegistry-ref="flowRegistry" p:order="2"> > >> <property name="interceptors"> > >> <list> > >> <ref local="localeChangeInterceptor" /> > >> <ref bean="throttleInterceptor" /> > >> </list> > >> </property> > >> </bean> > >> > >> <bean id="throttleInterceptor" > >> class="org.jasig.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter" > >> /> > >> > >> > >> Though there was no error in the logs but the throttling of the login > >> attempts was not happening. So I added few Debug logs to > >> AbstractThrottledSubmissionHandlerInterceptorAdapter.java in postHandle() > >> method as follows:- > >> > >> > >> public final void postHandle(final HttpServletRequest request, final > >> HttpServletResponse response, final Object o, final ModelAndView > >> modelAndView) throws Exception { > >> > >> > >> if(modelAndView == null){ > >> > >> > >> log.debug("AbstractThrottledSubmissionHandlerInterceptorAdapter::postHandle():: > >> modelAndView == null"); > >> } > >> else if(modelAndView.getViewName() == null){ > >> > >> > >> log.debug("AbstractThrottledSubmissionHandlerInterceptorAdapter::postHandle():: > >> modelAndView.getViewName() == null"); > >> } > >> else{ > >> > >> > >> log.debug("AbstractThrottledSubmissionHandlerInterceptorAdapter::postHandle():: > >> modelAndView.getViewName() = " + modelAndView.getViewName() ); > >> } > >> > >> > >> if (!"POST".equals(request.getMethod())) { > >> return; > >> } > >> > >> // this means that the authentication succeeded, I think > >> if (modelAndView == null || > >> !"casLoginView".equals(modelAndView.getViewName())) { > >> log.debug("this means that the authentication succeeded"); > >> return; > >> } > >> > >> updateCount(request, this.usernameParameter); > >> } > >> > >> > >> I enabled DEBUG logging in log4j.xml as follows:- > >> > >> > >> > >> <logger > >> name="org.jasig.cas.web.support.InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter"> > >> <level value="DEBUG" /> > >> <appender-ref ref="cas" /> > >> </logger> > >> > >> > >> Now in cas.log I am getting these logs every-time I do a login even with > >> wrong password:- > >> > >> AbstractThrottledSubmissionHandlerInterceptorAdapter::postHandle():: > >> modelAndView == null > >> this means that the authentication succeeded > >> > >> Hence it always gets 'modelAndView' as null and never goes to > >> updateCount() in postHandle(). > >> > >> Our organization is currently using cas-server-3.3.1 and we developed a > >> similar version for throttling login attempts in it which is working fine. > >> We are trying to upgrade to version 3.4.2 but our throttling version is not > >> working with it so we thought to enable the > >> InMemoryThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter > >> but couldn't get it to work too. > >> > >> Can any one suggest what is going wrong here?? > > > > > -- > Jen Bourey > Software Developer > Unicon, Inc. > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
