We got it working by using Dmitry's suggestion. Thanks. Jim On Wed, Feb 25, 2015 at 9:59 AM, Dmitriy Kopylenko <[email protected]> wrote:
> By default there is a list of known exceptions that handler can handle > statically set. v4.0.1 doesn’t have your exception of interest: > > > https://github.com/Jasig/cas/blob/v4.0.1/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationExceptionHandler.java#L61 > > but master version does: > > > https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationExceptionHandler.java#L67 > > You could: > > a) Bring the AuthenticationExceptionHandler class into your local overlay > (and remove it when 4.1 comes out) > > b) Define the list of ALL the exceptions externally (in the Spring app > ctx) and wire them in (as the AuthenticationExceptionHandler class has the > setter for it): > https://github.com/Jasig/cas/blob/master/cas-server-core/src/main/java/org/jasig/cas/web/flow/AuthenticationExceptionHandler.java#L83 > > Cheers, > D. > > On Feb 25, 2015, at 9:28 AM, Jim Price <[email protected]> > wrote: > > Is it me or does this log say that the PASSWORD_MUST_CHANGE error is not > getting processed with the > authenticationExceptionHandler.handle(currentEvent.attributes.error, > messageContext) properly. Is this a coding thing again? > > > 2015-02-25 09:12:10,746 DEBUG > [org.jasig.cas.authentication.support.DefaultAccountStateHandler] - > <Handling PASSWORD_MUST_CHANGE> > 2015-02-25 09:12:10,746 INFO > [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - > <LdapAuthenticationHandler failed authenticating cs02357+password> > > 2015-02-25 09:12:10,748 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > 2015-02-25 09:12:10,750 DEBUG > [org.springframework.webflow.execution.AnnotatedAction] - <Clearing action > execution attributes map[[empty]]> > 2015-02-25 09:12:10,750 DEBUG > [org.springframework.webflow.execution.ActionExecutor] - <Finished > executing [EvaluateAction@4694d08f expression = > authenticationViaFormAction.submit(flowRequestContext, > flowScope.credential, messageContext), resultExpression = [null]]; result = > authenticationFailure> > 2015-02-25 09:12:10,750 DEBUG > [org.springframework.webflow.engine.Transition] - <Executing > [Transition@3c90aefd on = authenticationFailure, to = > handleAuthenticationFailure]> > 2015-02-25 09:12:10,750 DEBUG > [org.springframework.webflow.engine.Transition] - <Exiting state > 'realSubmit'> > 2015-02-25 09:12:10,750 DEBUG > [org.springframework.webflow.engine.ActionState] - <Entering state > 'handleAuthenticationFailure' of flow 'login'> > > 2015-02-25 09:12:10,750 DEBUG > [org.springframework.webflow.execution.ActionExecutor] - <Executing > [EvaluateAction@3ed0831b expression = > authenticationExceptionHandler.handle(currentEvent.attributes.error, > messageContext), resultExpression = [null]]> > > > 2015-02-25 09:12:10,750 DEBUG > [org.springframework.webflow.execution.AnnotatedAction] - <Putting action > execution attributes map[[empty]]> > 2015-02-25 09:12:10,751 DEBUG > [org.springframework.beans.factory.support.DefaultListableBeanFactory] - > <Returning cached instance of singleton bean > 'authenticationExceptionHandler'> > 2015-02-25 09:12:10,756 DEBUG > [org.springframework.binding.message.DefaultMessageContext] - <Resolving > message using [DefaultMessageResolver@100a53fa source = [null], severity > = ERROR, codes = array<String>['authenticationFailure.UNKNOWN'], args = > array<Object>[[empty]], defaultText = [null]]> > 2015-02-25 09:12:10,756 DEBUG > [org.springframework.binding.message.DefaultMessageContext] - <Adding > resolved message [Message@160f4a50 source = [null], severity = ERROR, > text = 'Invalid credentials.']> > > On Wed, Feb 25, 2015 at 8:23 AM, Jim Price <[email protected]> > wrote: > >> I added the entry and it still did not work. Wait for 4.1 so much for my >> deadline of the end of the week. >> Strange thing was the following had no effect on my logs: >> >> <logger name="org.jasig.cas.web.flow" additivity="true"> >> <level value="DEBUG" /> >> <appender-ref ref="cas" /> >> </logger> >> >> >> On Tue, Feb 24, 2015 at 4:35 PM, Dmitriy Kopylenko <[email protected] >> > wrote: >> >>> But there is one in master: >>> >>> >>> https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp/WEB-INF/webflow/login/login-webflow.xml#L116 >>> >>> So, wait for 4.1 release ;-) >>> >>> Cheers, >>> D. >>> >>> On Feb 24, 2015, at 4:30 PM, Dmitriy Kopylenko <[email protected]> >>> wrote: >>> >>> Looks like there is no explicit mapping of >>> ‘AccountPasswordMustChangeException’ to the corresponding view in 4.0.1: >>> >>> >>> https://github.com/Jasig/cas/blob/v4.0.1/cas-server-webapp/src/main/webapp/WEB-INF/login-webflow.xml#L114 >>> >>> Could be a simple overlook. >>> >>> Cheers, >>> D. >>> >>> On Feb 24, 2015, at 4:17 PM, Marvin Addison <[email protected]> >>> wrote: >>> >>> 2015-02-24 14:20:57,866 DEBUG >>>> [org.jasig.cas.authentication.support.DefaultAccountStateHandler] - >>>> <Handling PASSWORD_MUST_CHANGE> >>>> >>>> An AccountPasswordMustChangeException was thrown here. Something in the >>>> view layer is supposed to catch that and route the user appropriately. >>>> >>> >>> org.jasig.cas.web.flow.AuthenticationExceptionHandler is the key >>> component to bridge authentication errors with view dispatching. There's a >>> TRACE-level logger on that component that's worth enabling and trying >>> again. It emits a message if no mapping is found. You should scan your >>> login-webflow.xml and make sure it contains a reference to >>> AuthenticationExceptionHandler, >>> which is defined in cas-servlet.xml. All this is configured by default in >>> 4.0.1, so unless you changed it, you should be good. >>> >>> M >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
