Someone else my have an idea of what to look for, but when I hit something like this I attach a debugger to Tomcat and put a break point on my code and step through it. Perhaps there is an issue connecting to or querying the db that isn't being logged?
On 8/20/14 7:57 AM, Liedy, Jonathan wrote: > > John & Dmitriy, > > > > Thanks for the pointers. Derek and I ended up grabbing a library from > Blackboard and have used their classes to verify the password > hashing. I’ll put the file and the subsequent configuration and the > error we’re getting in hopes of getting pointed in the right > direction. The java file is attached. The configuration is thus: > > > > <!-- BBDB Authentication Handler --> > > <bean id="bb_bb60AuthenticationHandler" > > class="edu.fsu.cas.authentication.handler.BBDBAuthenticationHandler" > > p:name="bb_bb60AuthenticationHandler" > > p:dataSource-ref="dataSource" > > p:sql="select passwd from bb_bb60.users where user_id = ?" > > /> > > > > Now, you’ll see a test that we run at the end of the file and it looks > to run correctly when we put it through eclipse. The error we get in > Tomcat is: > > > > Aug 20, 2014 10:48:54 AM org.apache.catalina.core.StandardWrapperValve > invoke > > SEVERE: Servlet.service() for servlet [cas] in context with path > [/cas] threw exception [Request processing failed; nested exception is > org.springframework.webflow.execution.ActionExecutionException: > Exception thrown executing [AnnotatedAction@2bd1c812 targetAction = > [EvaluateAction@b3163dd expression = > authenticationViaFormAction.submit(flowRequestContext, > flowScope.credentials, messageContext), resultExpression = [null]], > attributes = map[[empty]]] in state 'realSubmit' of flow 'login' -- > action execution attributes were 'map[[empty]]'] with root cause > > java.lang.IllegalArgumentException: 'principal' cannot be null. > > Check the correctness of @Audit annotation at the following audit > point: execution(public abstract > org.jasig.cas.authentication.Authentication > org.jasig.cas.authentication.AuthenticationManager.authenticate(org.jasig.cas.authentication.principal.Credentials)) > > at > com.github.inspektr.audit.AuditActionContext.assertNotNull(AuditActionContext.java:81) > > at > com.github.inspektr.audit.AuditActionContext.<init>(AuditActionContext.java:63) > > at > com.github.inspektr.audit.AuditTrailManagementAspect.executeAuditCode(AuditTrailManagementAspect.java:149) > > at > com.github.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:139) > > blahblahblahmorestacktrace… > > > > > > > > Jonathan Liedy > > Middleware Administrator > > The Florida State University > > 2035 East Paul Dirac Drive > > Sliger, Suite 113 > > Tallahassee, FL 32310 > > [email protected] > > Voice: (850) 270-7368 > > > > *From:*Dmitriy Kopylenko [mailto:[email protected]] > *Sent:* Tuesday, August 19, 2014 11:48 AM > *To:* [email protected] > *Subject:* Re: [cas-user] Comparing dynamically salted SHA512 encoded > passwords from a database > > > > Another option is to use Shiro’s HashService API which supports > multiple MessageDigest algorithms. There is a CAS’ PasswordEncoder > implementation on top of it (but only currently with static config > options for salt and > iterations): > https://github.com/Unicon/cas-addons/wiki/Configuring%20ShiroHashServicePasswordEncoder > > > > The idea would be to come up with an abstraction API, let’s say > DigestConfigurationSource and implementation(s) that could pull values > from a variety of back end stores e.g. RDBMS - for algorithm, salt, > number of iterations, etc. and wire that into this PE impl (which of > course would need to be refactored to use this abstraction, etc.) > > > > Best, > > Dmitriy. > > > > On Aug 19, 2014, at 11:36 AM, John Gasper <[email protected] > <mailto:[email protected]>> wrote: > > > > Hi Jonathan, > > I hope all is well at FSU. > > I haven't seen any complete DB salted hashing solutions out there. > I'm attaching a class > (org.apache.directory.studio.ldapbrowser.core.model.password) that > I borrowed from the Apache DS project. I basically stripped it > down to be a single class that produces the SSHA hashes. I believe > the original class has a password verify routine. Using that, this > and a JDBC Auth Handler, you (or a dev at FSU) should probably be > able to get something working for SSHA512. > > Good luck! > > On 8/17/14 10:14 PM, Liedy, Jonathan wrote: > > Hey all, > > ? > > Does anyone have an implementation of pulling a salt from a > database and comparing the given encoded password with a > database stored password? > > ? > > The latest release of Blackboard uses SHA512 encoded passwords > with a dynamically generated salt.? The salt, iterations and > hash are all in the same table.? I?m no java dev, but if > someone has a similar implementation they could share, I could > probably hack through it. > > ? > > Thanks, > > ? > > Jonathan Liedy > > Middleware Administrator > > The Florida State University > > 2035 East Paul Dirac Drive > > Sliger, Suite 113 > > Tallahassee, FL 32310 > > [email protected] <mailto:[email protected]> > > Voice: (850) 270-7368 > > ? > > -- > > You are currently subscribed to [email protected] > <mailto:[email protected]> as: [email protected] > <mailto:[email protected]> > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > *John Gasper* > IAM Consultant > Unicon, Inc. > PGP/GPG Key: 0xbafee3ef > > -- > > You are currently subscribed to [email protected] > <mailto:[email protected]> as: [email protected] > <mailto:[email protected]> > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > <Password.java> > > > > > -- > You are currently subscribed to [email protected] > <mailto:[email protected]> as: [email protected] <mailto:[email protected]> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- *John Gasper* IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
