Hi, I would try to add debug logs outputing the values of *service* and *service.getId()* (if *service* is not null) and *serviceManagerUrl* as well. Just to be sure...
Your scenario is a good lead of explanation : do you have some customization on your management webapp which can explain some additionnal CAS round-trip without service ? When recording HTTP requests (with the appropriate browser plugin), do you see actually any additionnal CAS round-trip ? Thanks. Best regards, Jérôme 2013/12/12 Dale Ogilvie <[email protected]> > I expected the same, so I added some debug logging around this case, see > below: > > > > // Guard against exceptions that arise from attempts to access > terminated flow sessions > > try { > > service = WebUtils.getService(context); > > } catch (final IllegalStateException e) { > > logger.debug("Error getting service from flow state.", e); > // <<<<<<<<<<< > > return; > > } > > > > // If the user has requested a ticket for the service manager > application > > // then tag the session so it is not terminated. > > if (service != null && > service.getId().startsWith(serviceManagerUrl)) { > > logger.debug("Ticket is for the service manager application"); > // <<<<<<<<<<<<<<<< > > final HttpSession webSession = > WebUtils.getHttpServletRequest(context).getSession(false); > > if (webSession != null) { > > logger.debug("Setting DO_NOT_TERMINATE on webSession"); // > <<<<<<<<<<<<<<<<<< > > webSession.setAttribute(DO_NOT_TERMINATE, true); > > } > > } > > else > > { > > logger.debug("Ticket is for service {}, session will be > terminated", service != null ? service.getId() : "NULL" ); // > <<<<<<<<<<<<<<<<<<< > > } > > > > Since neither of my new debug messages show up, I can only assume that > the code is failing to find a service in the session, and never actually > reaching the DO_NOT_TERMINATE check. Actually perhaps that does make sense > as the initial login session had no “service” parameter as it was a “naked” > login at /cas/login, it was not /cas/login?service=xyz > > > > The use case is. > > > > 1. Login at /cas/login > > 2. In another browser tab visit /cas/services/manage.html > > > > 2013-12-11 04:08:17,142 DEBUG * Terminate web session > 717C55E2FA248F082729E0D62AE4B5BF in 2 seconds * > TerminateWebSessionListener * ajp-bio-8009-exec-85 * > org.jasig.cas.web.flow.TerminateWebSessionListener > > 2013-12-11 04:08:17,142 DEBUG * Error getting service from flow > state. * > TerminateWebSessionListener * ajp-bio-8009-exec-85 * > org.jasig.cas.web.flow.TerminateWebSessionListener > > java.lang.IllegalStateException: No active FlowSession to access; this > FlowExecution has ended > > > > Thanks, > > > > Dale > > > > *From:* Jérôme LELEU [mailto:[email protected]] > *Sent:* Thursday, 12 December 2013 8:22 p.m. > *To:* [email protected] > *Subject:* Re: [cas-user] Service management app losing session > > > > Hi, > > > > It's not the first time I saw this "problem". The code looks good : > https://github.com/Jasig/cas/blob/3.5.x/cas-server-core/src/main/java/org/jasig/cas/web/flow/TerminateWebSessionListener.java#L69 > . > > > > Can you do some debugging at the line specified above ? To see, in your > case, what is the *service.getId()* value compared to the *serviceManagerUrl > *value ? > > Maybe there is something we didn't think about. > > > > Thanks. > > Best regards, > > Jérôme > > > > > > > > 2013/12/11 Dale Ogilvie <[email protected]> > > Hi, > > we are upgrading to CAS 3.5.2 and coming across an issue with services > management. It seems like web session for SM is being killed by the > TerminateWebSessionListener, which means follow on requests don't work, > unless you click links within the 2 second TTL. > > I see code in there to try and exempt the services management application, > but the behaviour I'm seeing suggests this is not occurring. I have seen > another report of this: > > https://issues.jasig.org/browse/CAS-1243 > > My log trace looks like this: > > 2013-12-11 04:08:17,138 DEBUG * Extractor generated service for: > https://new-login.trimblecorp.net/cas/services/j_acegi_cas_security_check* > CasArgumentExtractor * ajp-bio-8009-exec-85 * > org.jasig.cas.web.support.CasArgumentExtractor > 2013-12-11 04:08:17,138 DEBUG * Placing service in FlowScope: > https://new-login.trimblecorp.net/cas/services/j_acegi_cas_security_check* > InitialFlowSetupAction * ajp-bio-8009-exec-85 * > org.jasig.cas.web.flow.InitialFlowSetupAction > 2013-12-11 04:08:17,139 DEBUG * Attempting to retrieve ticket > [TGT-1-AfU6RJeRiEj9LkgacdALFJqoet7PzRqhI2KubL4wgC0f5zXTe0-cas] * > DefaultTicketRegistry * ajp-bio-8009-exec-85 * > org.jasig.cas.ticket.registry.DefaultTicketRegistry > 2013-12-11 04:08:17,139 DEBUG * Ticket > [TGT-1-AfU6RJeRiEj9LkgacdALFJqoet7PzRqhI2KubL4wgC0f5zXTe0-cas] found in > registry. * DefaultTicketRegistry * > ajp-bio-8009-exec-85 * org.jasig.cas.ticket.registry.DefaultTicketRegistry > 2013-12-11 04:08:17,140 DEBUG * Added ticket > [ST-3-GY5Ca0Tji5njcfMBBcEs-cas] to registry. > * DefaultTicketRegistry * ajp-bio-8009-exec-85 * > org.jasig.cas.ticket.registry.DefaultTicketRegistry > 2013-12-11 04:08:17,140 INFO * Granted service ticket > [ST-3-GY5Ca0Tji5njcfMBBcEs-cas] for service [ > https://new-login.trimblecorp.net/cas/services/j_acegi_cas_security_check] > for user [REMOVED] * CentralAuthenticationServiceImpl * > ajp-bio-8009-exec-85 * org.jasig.cas.CentralAuthenticationServiceImpl > 2013-12-11 04:08:17,140 DEBUG * Attempting to retrieve ticket > [TGT-1-AfU6RJeRiEj9LkgacdALFJqoet7PzRqhI2KubL4wgC0f5zXTe0-cas] * > DefaultTicketRegistry * ajp-bio-8009-exec-85 * > org.jasig.cas.ticket.registry.DefaultTicketRegistry > 2013-12-11 04:08:17,140 DEBUG * Ticket > [TGT-1-AfU6RJeRiEj9LkgacdALFJqoet7PzRqhI2KubL4wgC0f5zXTe0-cas] found in > registry. * DefaultTicketRegistry * > ajp-bio-8009-exec-85 * org.jasig.cas.ticket.registry.DefaultTicketRegistry > * Slf4jLoggingAuditTrailManager * ajp-bio-8009-exec-85 * > com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager > 2013-12-11 04:08:17,142 DEBUG * Terminate web session > 717C55E2FA248F082729E0D62AE4B5BF in 2 seconds * > TerminateWebSessionListener * ajp-bio-8009-exec-85 * > org.jasig.cas.web.flow.TerminateWebSessionListener > 2013-12-11 04:08:17,142 DEBUG * Error getting service from flow state. > * > TerminateWebSessionListener * ajp-bio-8009-exec-85 * > org.jasig.cas.web.flow.TerminateWebSessionListener > java.lang.IllegalStateException: No active FlowSession to access; this > FlowExecution has ended > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.getActiveSession(FlowExecutionImpl.java:191) > at > org.springframework.webflow.engine.impl.RequestControlContextImpl.getFlowScope(RequestControlContextImpl.java:134) > at > org.jasig.cas.web.support.WebUtils.getService_aroundBody8(WebUtils.java:87) > at > org.jasig.cas.web.support.WebUtils.getService_aroundBody9$advice(WebUtils.java:57) > at org.jasig.cas.web.support.WebUtils.getService(WebUtils.java:1) > at > org.jasig.cas.web.flow.TerminateWebSessionListener.sessionStarted_aroundBody0(TerminateWebSessionListener.java:62) > at > org.jasig.cas.web.flow.TerminateWebSessionListener.sessionStarted_aroundBody1$advice(TerminateWebSessionListener.java:57) > at > org.jasig.cas.web.flow.TerminateWebSessionListener.sessionStarted(TerminateWebSessionListener.java:1) > at > org.springframework.webflow.engine.impl.FlowExecutionListeners.fireSessionStarted(FlowExecutionListeners.java:126) > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:367) > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:222) > at > org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140) > at > org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:193) > at > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923) > at > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852) > at > org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882) > at > org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778) > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
