I expected the same, so I added some debug logging around this case, see below:
// Guard against exceptions that arise from attempts to access
terminated flow sessions
try {
service = WebUtils.getService(context);
} catch (final IllegalStateException e) {
logger.debug("Error getting service from flow state.", e); //
<<<<<<<<<<<
return;
}
// If the user has requested a ticket for the service manager
application
// then tag the session so it is not terminated.
if (service != null && service.getId().startsWith(serviceManagerUrl)) {
logger.debug("Ticket is for the service manager application"); //
<<<<<<<<<<<<<<<<
final HttpSession webSession =
WebUtils.getHttpServletRequest(context).getSession(false);
if (webSession != null) {
logger.debug("Setting DO_NOT_TERMINATE on webSession"); //
<<<<<<<<<<<<<<<<<<
webSession.setAttribute(DO_NOT_TERMINATE, true);
}
}
else
{
logger.debug("Ticket is for service {}, session will be
terminated", service != null ? service.getId() : "NULL" ); //
<<<<<<<<<<<<<<<<<<<
}
Since neither of my new debug messages show up, I can only assume that the
code is failing to find a service in the session, and never actually reaching
the DO_NOT_TERMINATE check. Actually perhaps that does make sense as the
initial login session had no "service" parameter as it was a "naked" login at
/cas/login, it was not /cas/login?service=xyz
The use case is.
1. Login at /cas/login
2. In another browser tab visit /cas/services/manage.html
2013-12-11 04:08:17,142 DEBUG * Terminate web session
717C55E2FA248F082729E0D62AE4B5BF in 2 seconds *
TerminateWebSessionListener * ajp-bio-8009-exec-85 *
org.jasig.cas.web.flow.TerminateWebSessionListener
2013-12-11 04:08:17,142 DEBUG * Error getting service from flow state.
* TerminateWebSessionListener
* ajp-bio-8009-exec-85 *
org.jasig.cas.web.flow.TerminateWebSessionListener
java.lang.IllegalStateException: No active FlowSession to access; this
FlowExecution has ended
Thanks,
Dale
From: Jérôme LELEU [mailto:[email protected]]
Sent: Thursday, 12 December 2013 8:22 p.m.
To: [email protected]
Subject: Re: [cas-user] Service management app losing session
Hi,
It's not the first time I saw this "problem". The code looks good :
https://github.com/Jasig/cas/blob/3.5.x/cas-server-core/src/main/java/org/jasig/cas/web/flow/TerminateWebSessionListener.java#L69.
Can you do some debugging at the line specified above ? To see, in your case,
what is the service.getId() value compared to the serviceManagerUrl value ?
Maybe there is something we didn't think about.
Thanks.
Best regards,
Jérôme
2013/12/11 Dale Ogilvie <[email protected]>
Hi,
we are upgrading to CAS 3.5.2 and coming across an issue with services
management. It seems like web session for SM is being killed by the
TerminateWebSessionListener, which means follow on requests don't work, unless
you click links within the 2 second TTL.
I see code in there to try and exempt the services management application, but
the behaviour I'm seeing suggests this is not occurring. I have seen another
report of this:
https://issues.jasig.org/browse/CAS-1243
My log trace looks like this:
2013-12-11 04:08:17,138 DEBUG * Extractor generated service for:
https://new-login.trimblecorp.net/cas/services/j_acegi_cas_security_check *
CasArgumentExtractor * ajp-bio-8009-exec-85 *
org.jasig.cas.web.support.CasArgumentExtractor
2013-12-11 04:08:17,138 DEBUG * Placing service in FlowScope:
https://new-login.trimblecorp.net/cas/services/j_acegi_cas_security_check *
InitialFlowSetupAction * ajp-bio-8009-exec-85 *
org.jasig.cas.web.flow.InitialFlowSetupAction
2013-12-11 04:08:17,139 DEBUG * Attempting to retrieve ticket
[TGT-1-AfU6RJeRiEj9LkgacdALFJqoet7PzRqhI2KubL4wgC0f5zXTe0-cas] *
DefaultTicketRegistry * ajp-bio-8009-exec-85 *
org.jasig.cas.ticket.registry.DefaultTicketRegistry
2013-12-11 04:08:17,139 DEBUG * Ticket
[TGT-1-AfU6RJeRiEj9LkgacdALFJqoet7PzRqhI2KubL4wgC0f5zXTe0-cas] found in
registry. * DefaultTicketRegistry * ajp-bio-8009-exec-85 *
org.jasig.cas.ticket.registry.DefaultTicketRegistry
2013-12-11 04:08:17,140 DEBUG * Added ticket [ST-3-GY5Ca0Tji5njcfMBBcEs-cas] to
registry. * DefaultTicketRegistry
* ajp-bio-8009-exec-85 *
org.jasig.cas.ticket.registry.DefaultTicketRegistry
2013-12-11 04:08:17,140 INFO * Granted service ticket
[ST-3-GY5Ca0Tji5njcfMBBcEs-cas] for service
[https://new-login.trimblecorp.net/cas/services/j_acegi_cas_security_check] for
user [REMOVED] * CentralAuthenticationServiceImpl *
ajp-bio-8009-exec-85 * org.jasig.cas.CentralAuthenticationServiceImpl
2013-12-11 04:08:17,140 DEBUG * Attempting to retrieve ticket
[TGT-1-AfU6RJeRiEj9LkgacdALFJqoet7PzRqhI2KubL4wgC0f5zXTe0-cas] *
DefaultTicketRegistry * ajp-bio-8009-exec-85 *
org.jasig.cas.ticket.registry.DefaultTicketRegistry
2013-12-11 04:08:17,140 DEBUG * Ticket
[TGT-1-AfU6RJeRiEj9LkgacdALFJqoet7PzRqhI2KubL4wgC0f5zXTe0-cas] found in
registry. * DefaultTicketRegistry * ajp-bio-8009-exec-85 *
org.jasig.cas.ticket.registry.DefaultTicketRegistry
* Slf4jLoggingAuditTrailManager * ajp-bio-8009-exec-85 *
com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager
2013-12-11 04:08:17,142 DEBUG * Terminate web session
717C55E2FA248F082729E0D62AE4B5BF in 2 seconds *
TerminateWebSessionListener * ajp-bio-8009-exec-85 *
org.jasig.cas.web.flow.TerminateWebSessionListener
2013-12-11 04:08:17,142 DEBUG * Error getting service from flow state.
* TerminateWebSessionListener
* ajp-bio-8009-exec-85 *
org.jasig.cas.web.flow.TerminateWebSessionListener
java.lang.IllegalStateException: No active FlowSession to access; this
FlowExecution has ended
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.getActiveSession(FlowExecutionImpl.java:191)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.getFlowScope(RequestControlContextImpl.java:134)
at
org.jasig.cas.web.support.WebUtils.getService_aroundBody8(WebUtils.java:87)
at
org.jasig.cas.web.support.WebUtils.getService_aroundBody9$advice(WebUtils.java:57)
at org.jasig.cas.web.support.WebUtils.getService(WebUtils.java:1)
at
org.jasig.cas.web.flow.TerminateWebSessionListener.sessionStarted_aroundBody0(TerminateWebSessionListener.java:62)
at
org.jasig.cas.web.flow.TerminateWebSessionListener.sessionStarted_aroundBody1$advice(TerminateWebSessionListener.java:57)
at
org.jasig.cas.web.flow.TerminateWebSessionListener.sessionStarted(TerminateWebSessionListener.java:1)
at
org.springframework.webflow.engine.impl.FlowExecutionListeners.fireSessionStarted(FlowExecutionListeners.java:126)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:367)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:222)
at
org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140)
at
org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:193)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
