By default there is a list of known exceptions that handler can handle statically set. v4.0.1 doesn’t have your exception of interest:
https://github.com/Jasig/cas/blob/v4.0.1/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationExceptionHandler.java#L61 <https://github.com/Jasig/cas/blob/v4.0.1/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationExceptionHandler.java#L61> but master version does: https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationExceptionHandler.java#L67 <https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationExceptionHandler.java#L67> You could: a) Bring the AuthenticationExceptionHandler class into your local overlay (and remove it when 4.1 comes out) b) Define the list of ALL the exceptions externally (in the Spring app ctx) and wire them in (as the AuthenticationExceptionHandler class has the setter for it): https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationExceptionHandler.java#L83 <https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationExceptionHandler.java#L83> Cheers, D. > On Feb 25, 2015, at 9:28 AM, Jim Price <[email protected]> wrote: > > Is it me or does this log say that the PASSWORD_MUST_CHANGE error is not > getting processed with the > authenticationExceptionHandler.handle(currentEvent.attributes.error, > messageContext) properly. Is this a coding thing again? > > > 2015-02-25 09:12:10,746 DEBUG > [org.jasig.cas.authentication.support.DefaultAccountStateHandler] - <Handling > PASSWORD_MUST_CHANGE> > 2015-02-25 09:12:10,746 INFO > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > <LdapAuthenticationHandler failed authenticating cs02357+password> > > 2015-02-25 09:12:10,748 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > 2015-02-25 09:12:10,750 DEBUG > [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action > execution attributes map[[empty]]> > 2015-02-25 09:12:10,750 DEBUG > [org.springframework.webflow.execution.ActionExecutor] - <Finished executing > [EvaluateAction@4694d08f expression = > authenticationViaFormAction.submit(flowRequestContext, flowScope.credential, > messageContext), resultExpression = [null]]; result = authenticationFailure> > 2015-02-25 09:12:10,750 DEBUG [org.springframework.webflow.engine.Transition] > - <Executing [Transition@3c90aefd on = authenticationFailure, to = > handleAuthenticationFailure]> > 2015-02-25 09:12:10,750 DEBUG [org.springframework.webflow.engine.Transition] > - <Exiting state 'realSubmit'> > 2015-02-25 09:12:10,750 DEBUG > [org.springframework.webflow.engine.ActionState] - <Entering state > 'handleAuthenticationFailure' of flow 'login'> > > 2015-02-25 09:12:10,750 DEBUG > [org.springframework.webflow.execution.ActionExecutor] - <Executing > [EvaluateAction@3ed0831b expression = > authenticationExceptionHandler.handle(currentEvent.attributes.error, > messageContext), resultExpression = [null]]> > > > 2015-02-25 09:12:10,750 DEBUG > [org.springframework.webflow.execution.AnnotatedAction] - <Putting action > execution attributes map[[empty]]> > 2015-02-25 09:12:10,751 DEBUG > [org.springframework.beans.factory.support.DefaultListableBeanFactory] - > <Returning cached instance of singleton bean 'authenticationExceptionHandler'> > 2015-02-25 09:12:10,756 DEBUG > [org.springframework.binding.message.DefaultMessageContext] - <Resolving > message using [DefaultMessageResolver@100a53fa source = [null], severity = > ERROR, codes = array<String>['authenticationFailure.UNKNOWN'], args = > array<Object>[[empty]], defaultText = [null]]> > 2015-02-25 09:12:10,756 DEBUG > [org.springframework.binding.message.DefaultMessageContext] - <Adding > resolved message [Message@160f4a50 source = [null], severity = ERROR, text = > 'Invalid credentials.']> > > On Wed, Feb 25, 2015 at 8:23 AM, Jim Price <[email protected] > <mailto:[email protected]>> wrote: > I added the entry and it still did not work. Wait for 4.1 so much for my > deadline of the end of the week. > Strange thing was the following had no effect on my logs: > > <logger name="org.jasig.cas.web.flow" additivity="true"> > <level value="DEBUG" /> > <appender-ref ref="cas" /> > </logger> > > > On Tue, Feb 24, 2015 at 4:35 PM, Dmitriy Kopylenko <[email protected] > <mailto:[email protected]>> wrote: > But there is one in master: > > https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp/WEB-INF/webflow/login/login-webflow.xml#L116 > > <https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp/WEB-INF/webflow/login/login-webflow.xml#L116> > > So, wait for 4.1 release ;-) > > Cheers, > D. > >> On Feb 24, 2015, at 4:30 PM, Dmitriy Kopylenko <[email protected] >> <mailto:[email protected]>> wrote: >> >> Looks like there is no explicit mapping of >> ‘AccountPasswordMustChangeException’ to the corresponding view in 4.0.1: >> >> https://github.com/Jasig/cas/blob/v4.0.1/cas-server-webapp/src/main/webapp/WEB-INF/login-webflow.xml#L114 >> >> <https://github.com/Jasig/cas/blob/v4.0.1/cas-server-webapp/src/main/webapp/WEB-INF/login-webflow.xml#L114> >> >> Could be a simple overlook. >> >> Cheers, >> D. >> >>> On Feb 24, 2015, at 4:17 PM, Marvin Addison <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> 2015-02-24 14:20:57,866 DEBUG >>> [org.jasig.cas.authentication.support.DefaultAccountStateHandler] - >>> <Handling PASSWORD_MUST_CHANGE> >>> >>> An AccountPasswordMustChangeException was thrown here. Something in the >>> view layer is supposed to catch that and route the user appropriately. >>> >>> org.jasig.cas.web.flow.AuthenticationExceptionHandler is the key component >>> to bridge authentication errors with view dispatching. There's a >>> TRACE-level logger on that component that's worth enabling and trying >>> again. It emits a message if no mapping is found. You should scan your >>> login-webflow.xml and make sure it contains a reference to >>> AuthenticationExceptionHandler, which is defined in cas-servlet.xml. All >>> this is configured by default in 4.0.1, so unless you changed it, you >>> should be good. >>> >>> M >>> >>> -- >>> You are currently subscribed to [email protected] >>> <mailto:[email protected]> as: [email protected] >>> <mailto:[email protected]> >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> <http://www.ja-sig.org/wiki/display/JSG/cas-user> >> -- >> You are currently subscribed to [email protected] >> <mailto:[email protected]> as: [email protected] >> <mailto:[email protected]> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> <http://www.ja-sig.org/wiki/display/JSG/cas-user> > -- > You are currently subscribed to [email protected] > <mailto:[email protected]> as: [email protected] > <mailto:[email protected]> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > <http://www.ja-sig.org/wiki/display/JSG/cas-user> > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
