I expected the same, so I added some debug logging around this case, see below:

 

        // Guard against exceptions that arise from attempts to access 
terminated flow sessions

        try {

            service = WebUtils.getService(context);

        } catch (final IllegalStateException e) {

            logger.debug("Error getting service from flow state.", e);   // 
<<<<<<<<<<<

            return;

        }

 

        // If the user has requested a ticket for the service manager 
application

        // then tag the session so it is not terminated.

        if (service != null && service.getId().startsWith(serviceManagerUrl)) {

            logger.debug("Ticket is for the service manager application"); // 
<<<<<<<<<<<<<<<<

            final HttpSession webSession = 
WebUtils.getHttpServletRequest(context).getSession(false);

            if (webSession != null) {

                logger.debug("Setting DO_NOT_TERMINATE on webSession"); // 
<<<<<<<<<<<<<<<<<<

                webSession.setAttribute(DO_NOT_TERMINATE, true);

            }

        }

        else

        {

            logger.debug("Ticket is for service {}, session will be 
terminated", service != null ? service.getId() : "NULL" ); // 
<<<<<<<<<<<<<<<<<<<

        }

 

Since neither of my new debug messages show up,  I can only assume that the 
code is failing to find a service in the session, and never actually reaching 
the DO_NOT_TERMINATE check. Actually perhaps that does make sense as the 
initial login session had no "service" parameter as it was a "naked" login at 
/cas/login, it was not /cas/login?service=xyz 

 

The use case is.

 

1.       Login at /cas/login

2.       In another browser tab visit /cas/services/manage.html

 

2013-12-11 04:08:17,142 DEBUG * Terminate web session 
717C55E2FA248F082729E0D62AE4B5BF in 2 seconds                        * 
TerminateWebSessionListener              * ajp-bio-8009-exec-85 * 
org.jasig.cas.web.flow.TerminateWebSessionListener

2013-12-11 04:08:17,142 DEBUG * Error getting service from flow state.          
                                           * TerminateWebSessionListener        
      * ajp-bio-8009-exec-85 * 
org.jasig.cas.web.flow.TerminateWebSessionListener

java.lang.IllegalStateException: No active FlowSession to access; this 
FlowExecution has ended

 

Thanks,

 

Dale

 

From: Jérôme LELEU [mailto:[email protected]] 
Sent: Thursday, 12 December 2013 8:22 p.m.
To: [email protected]
Subject: Re: [cas-user] Service management app losing session

 

Hi,

 

It's not the first time I saw this "problem". The code looks good : 
https://github.com/Jasig/cas/blob/3.5.x/cas-server-core/src/main/java/org/jasig/cas/web/flow/TerminateWebSessionListener.java#L69.

 

Can you do some debugging at the line specified above ? To see, in your case, 
what is the service.getId() value compared to the serviceManagerUrl value ?

Maybe there is something we didn't think about.

 

Thanks.

Best regards,

Jérôme

 

 

 

2013/12/11 Dale Ogilvie <[email protected]>

Hi,

we are upgrading to CAS 3.5.2 and coming across an issue with services 
management. It seems like web session for SM is being killed by the 
TerminateWebSessionListener, which means follow on requests don't work, unless 
you click links within the 2 second TTL.

I see code in there to try and exempt the services management application, but 
the behaviour I'm seeing suggests this is not occurring. I have seen another 
report of this:

https://issues.jasig.org/browse/CAS-1243

My log trace looks like this:

2013-12-11 04:08:17,138 DEBUG * Extractor generated service for: 
https://new-login.trimblecorp.net/cas/services/j_acegi_cas_security_check * 
CasArgumentExtractor                     * ajp-bio-8009-exec-85 * 
org.jasig.cas.web.support.CasArgumentExtractor
2013-12-11 04:08:17,138 DEBUG * Placing service in FlowScope: 
https://new-login.trimblecorp.net/cas/services/j_acegi_cas_security_check * 
InitialFlowSetupAction                   * ajp-bio-8009-exec-85 * 
org.jasig.cas.web.flow.InitialFlowSetupAction
2013-12-11 04:08:17,139 DEBUG * Attempting to retrieve ticket 
[TGT-1-AfU6RJeRiEj9LkgacdALFJqoet7PzRqhI2KubL4wgC0f5zXTe0-cas] * 
DefaultTicketRegistry                    * ajp-bio-8009-exec-85 * 
org.jasig.cas.ticket.registry.DefaultTicketRegistry
2013-12-11 04:08:17,139 DEBUG * Ticket 
[TGT-1-AfU6RJeRiEj9LkgacdALFJqoet7PzRqhI2KubL4wgC0f5zXTe0-cas] found in 
registry.   * DefaultTicketRegistry                    * ajp-bio-8009-exec-85 * 
org.jasig.cas.ticket.registry.DefaultTicketRegistry
2013-12-11 04:08:17,140 DEBUG * Added ticket [ST-3-GY5Ca0Tji5njcfMBBcEs-cas] to 
registry.                                  * DefaultTicketRegistry              
      * ajp-bio-8009-exec-85 * 
org.jasig.cas.ticket.registry.DefaultTicketRegistry
2013-12-11 04:08:17,140 INFO  * Granted service ticket 
[ST-3-GY5Ca0Tji5njcfMBBcEs-cas] for service 
[https://new-login.trimblecorp.net/cas/services/j_acegi_cas_security_check] for 
user [REMOVED] * CentralAuthenticationServiceImpl         * 
ajp-bio-8009-exec-85 * org.jasig.cas.CentralAuthenticationServiceImpl
2013-12-11 04:08:17,140 DEBUG * Attempting to retrieve ticket 
[TGT-1-AfU6RJeRiEj9LkgacdALFJqoet7PzRqhI2KubL4wgC0f5zXTe0-cas] * 
DefaultTicketRegistry                    * ajp-bio-8009-exec-85 * 
org.jasig.cas.ticket.registry.DefaultTicketRegistry
2013-12-11 04:08:17,140 DEBUG * Ticket 
[TGT-1-AfU6RJeRiEj9LkgacdALFJqoet7PzRqhI2KubL4wgC0f5zXTe0-cas] found in 
registry.   * DefaultTicketRegistry                    * ajp-bio-8009-exec-85 * 
org.jasig.cas.ticket.registry.DefaultTicketRegistry
 * Slf4jLoggingAuditTrailManager            * ajp-bio-8009-exec-85 * 
com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager
2013-12-11 04:08:17,142 DEBUG * Terminate web session 
717C55E2FA248F082729E0D62AE4B5BF in 2 seconds                        * 
TerminateWebSessionListener              * ajp-bio-8009-exec-85 * 
org.jasig.cas.web.flow.TerminateWebSessionListener
2013-12-11 04:08:17,142 DEBUG * Error getting service from flow state.          
                                           * TerminateWebSessionListener        
      * ajp-bio-8009-exec-85 * 
org.jasig.cas.web.flow.TerminateWebSessionListener
java.lang.IllegalStateException: No active FlowSession to access; this 
FlowExecution has ended
        at 
org.springframework.webflow.engine.impl.FlowExecutionImpl.getActiveSession(FlowExecutionImpl.java:191)
        at 
org.springframework.webflow.engine.impl.RequestControlContextImpl.getFlowScope(RequestControlContextImpl.java:134)
        at 
org.jasig.cas.web.support.WebUtils.getService_aroundBody8(WebUtils.java:87)
        at 
org.jasig.cas.web.support.WebUtils.getService_aroundBody9$advice(WebUtils.java:57)
        at org.jasig.cas.web.support.WebUtils.getService(WebUtils.java:1)
        at 
org.jasig.cas.web.flow.TerminateWebSessionListener.sessionStarted_aroundBody0(TerminateWebSessionListener.java:62)
        at 
org.jasig.cas.web.flow.TerminateWebSessionListener.sessionStarted_aroundBody1$advice(TerminateWebSessionListener.java:57)
        at 
org.jasig.cas.web.flow.TerminateWebSessionListener.sessionStarted(TerminateWebSessionListener.java:1)
        at 
org.springframework.webflow.engine.impl.FlowExecutionListeners.fireSessionStarted(FlowExecutionListeners.java:126)
        at 
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:367)
        at 
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:222)
        at 
org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140)
        at 
org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:193)
        at 
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
        at 
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
        at 
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
        at 
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

 

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to