I tried with the DefaultTicketRegistry and I still get a similar error.
Here are some more details for a better understanding of the situation (when
used with the default ticket registry):
- We are using Spring/Acegi in the project with Websphere 6.0.2.19 and JDK 1.4.2
- User tries to access AppA
- It results in redirecting to CAS
- On successful login, user is redirected to AppA - During this step I noticed
that when I was using the JdbcTicketRegistry, the addTicket method was called
thrice. none of those calls were for pgtIou
- AppA makes a request to AppB from server side logic and provides the
CasProcessFilter.CAS_STATELESS_IDENTIFIER and pgt from
CasAuthenticationToken.getProxyGrantingTicketIou()
- AppB reports the error of invalid token. During debug mode I can see that the
proxy granting ticket looked like a valid token. Also if you see my previous
email, CAS complained that "Ticket
[PGTIOU-2-GgOQjXvaUrBrEsVaoShObWVlbnbSAqr9wgK-localhost is of type class
org.jasig.cas.modules.ticket.JdbcTicketRegistry$ExpiredTicketImpl when we were
expecting interface org.jasig.cas.ticket.ServiceTicket". This to me suggests
that CAS is receiving the correct ticket but somehow not finding it.
I will appreciate any help on this.
Please find attached the case-servlet.xml file and applicationContext.xml files
Thanks
Rahul
[6/4/08 2:42:49:795 EDT] 00000055 SystemOut O [EMAIL
PROTECTED],authenticationHandlerClass=interface
org.jasig.cas.authentication.handler.AuthenticationHandler,publishedDate=1212561769780,timestamp=1212561769780]
[6/4/08 2:42:49:905 EDT] 00000055 Authenticatio I
org.jasig.cas.authentication.AuthenticationManagerImpl authenticate
AuthenticationHandler: $Proxy215 successfully authenticated the user which
provided the following credentials: rbhardwaj
[6/4/08 2:42:49:920 EDT] 00000055 SystemOut O [EMAIL
PROTECTED],ticketId=TGT-2-fj9XFXckBnJ9cfo94dYwpfzKMq5nysWY1O9-localhost,publishedDate=1212561769920,timestamp=1212561769920]
[6/4/08 2:42:50:014 EDT] 00000055 CentralAuthen I
org.jasig.cas.CentralAuthenticationServiceImpl grantServiceTicket Granted
service ticket [ST-2-bpsAkKtfOdXFdT22duiVNacgveFDS0llcvH-localhost] for service
[https://localhost:9444/AppA/j_acegi_cas_security_check] for user [rbhardwaj]
[6/4/08 2:42:50:014 EDT] 00000055 SystemOut O [EMAIL
PROTECTED],ticketId=ST-2-bpsAkKtfOdXFdT22duiVNacgveFDS0llcvH-localhost,publishedDate=1212561770014,timestamp=1212561770014]
[6/4/08 2:42:50:170 EDT] 00000048 SystemOut O [EMAIL
PROTECTED],authenticationHandlerClass=interface
org.jasig.cas.authentication.handler.AuthenticationHandler,publishedDate=1212561770170,timestamp=1212561770170]
[6/4/08 2:42:50:280 EDT] 00000048 Authenticatio I
org.jasig.cas.authentication.AuthenticationManagerImpl authenticate
AuthenticationHandler: $Proxy215 successfully authenticated the user which
provided the following credentials: https://localhost:9444/App/casProxy/receptor
[6/4/08 2:42:50:280 EDT] 00000048 SystemOut O [EMAIL
PROTECTED],ticketId=TGT-3-N1ipgNUEB6lrwTnxrrvZPvD2df0D2QHtbY6-localhost,publishedDate=1212561770280,timestamp=1212561770280]
[6/4/08 2:42:50:280 EDT] 00000048 SystemOut O [EMAIL
PROTECTED],ticketId=ST-2-bpsAkKtfOdXFdT22duiVNacgveFDS0llcvH-localhost,publishedDate=1212561770280,timestamp=1212561770280]
[6/4/08 2:42:50:451 EDT] 00000048 SystemOut O chain size is : 1
[6/4/08 2:42:50:451 EDT] 00000048 SystemOut O authenticationReq : [EMAIL
PROTECTED] Jun 04 02:42:49 EDT 2008,principal=rbhardwaj,attributes={}]
[6/4/08 2:42:50:451 EDT] 00000048 SystemOut O pgtIou in request :
PGTIOU-2-nd9TU0nyndkLyOMoGvRfVSWLkTdwzmOSGRt-localhost
[6/4/08 2:42:50:451 EDT] 00000048 SystemOut O
assertion.chainedAuthentications[chainSize-1].principal.id) rbhardwaj
[6/4/08 2:42:50:451 EDT] 00000048 SystemOut O principal is : rbhardwaj
[6/4/08 2:43:15:014 EDT] 00000048 SystemOut O [EMAIL
PROTECTED],authenticationHandlerClass=interface
org.jasig.cas.authentication.handler.AuthenticationHandler,publishedDate=1212561795014,timestamp=1212561795014]
[6/4/08 2:43:15:108 EDT] 00000048 Authenticatio I
org.jasig.cas.authentication.AuthenticationManagerImpl authenticate
AuthenticationHandler: $Proxy215 successfully authenticated the user which
provided the following credentials:
https://localhost:9444/AppB/casProxy/receptor
[6/4/08 2:43:15:202 EDT] 00000048 ServiceValida E
org.jasig.cas.web.ServiceValidateController handleRequestInternal
TicketException generating ticket for:
https://localhost:9444/AppB/casProxy/receptor
org.jasig.cas.ticket.InvalidTicketException
at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:202)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:85)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:58)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
at java.lang.reflect.Method.invoke(Method.java:391)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:299)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:172)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:139)
at
org.jasig.cas.event.advice.CentralAuthenticationServiceMethodInterceptor.invoke(CentralAuthenticationServiceMethodInterceptor.java:41)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy216.delegateTicketGrantingTicket(Unknown Source)
at
org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:159)
at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:819)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:754)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:399)
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:354)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
at
com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1572)
at
com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:762)
at
com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:89)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1924)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:112)
at
com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:472)
at
com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:411)
at
com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:288)
at
com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:950)
at
com.ibm.ws.ssl.channel.impl.SSLConnectionLink.readyInboundPostHandshake(SSLConnectionLink.java:657)
at
com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyHandshakeCompletedCallback.complete(SSLConnectionLink.java:364)
at com.ibm.ws.ssl.channel.impl.SSLUtils.handleHandshake(SSLUtils.java:760)
at
com.ibm.ws.ssl.channel.impl.SSLHandshakeIOCallback.complete(SSLHandshakeIOCallback.java:70)
at
com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java:566)
at
com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java:619)
at
com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java:952)
at
com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java:1039)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1471)
________________________________
From: [EMAIL PROTECTED] on behalf of Rahul Bhardwaj
Sent: Wed 6/4/2008 12:50 AM
To: [email protected]
Subject: Proxy Granting Tickets (PGT tickets) + JDBCTicketRegistry + CasServer
3.0.7
Hi Everyone,
In my project, we use Cas Server 3.0.7. Since we have a clustered environment
we are using JDBCTicketRegistry as documented on CAS confluence.
I am trying to secure remote invocations from App A to App B by relying on the
proxy ticket. The problem is that the CAS server always errors out with the
exception given below. The basic problem is that although the CAS Server webapp
is generating and passing the PGTIOU ticket, it is never saved in the database.
When App B tries to authenticate the user with the PGTIOU ticket, since it is
not present in the database, the JdbcTicketRegistry class creates an expired
ticket. All this is happening in my development desktop and there is no
clustering in there.
I have the following queries:
1 - Since database is not used for storing PGTIOUs, why is CAS trying to read
it from JDBCTicketRegistry on validation? Am I doing something wrong?
2 - How can I configure/customize CAS to use JDBCTicketRegistry for proxy
tickets as well
Thanks
Rahul
PS: Please ignore the ClassCastException for
org.jasig.cas.modules.ticket.JdbcTicketRegistry$ExpiredTicketImpl. The root
problem is that the JdbcTicketRegistry is being invoked but the ticket was
never saved in the database in the first place. I also confirmed this by
debugging the registry and seeing all the tickets that were saved using it.
[6/4/08 0:12:36:185 EDT] 00000048 ServletWrappe E SRVE0068E: Could not invoke
the service() method on servlet cas. Exception thrown :
org.springframework.web.util.NestedServletException: Request processing failed;
nested exception is java.lang.ClassCastException: Ticket
[PGTIOU-2-GgOQjXvaUrBrEsVaoShObWVlbnbSAqr9wgK-localhost is of type class
org.jasig.cas.modules.ticket.JdbcTicketRegistry$ExpiredTicketImpl when we were
expecting interface org.jasig.cas.ticket.ServiceTicket
Caused by: java.lang.ClassCastException: Ticket
[PGTIOU-2-GgOQjXvaUrBrEsVaoShObWVlbnbSAqr9wgK-localhost is of type class
org.jasig.cas.modules.ticket.JdbcTicketRegistry$ExpiredTicketImpl when we were
expecting interface org.jasig.cas.ticket.ServiceTicket
at
org.jasig.cas.ticket.registry.AbstractTicketRegistry.getTicket(AbstractTicketRegistry.java:42)
at
org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:198)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:85)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:58)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
at java.lang.reflect.Method.invoke(Method.java:391)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:299)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:172)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:139)
at
org.jasig.cas.event.advice.CentralAuthenticationServiceMethodInterceptor.invoke(CentralAuthenticationServiceMethodInterceptor.java:41)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy1.delegateTicketGrantingTicket(Unknown Source)
at
org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:159)
at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:819)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:754)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:399)
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:354)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
at
com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1572)
at
com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:762)
at
com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:89)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1924)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:112)
at
com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:472)
at
com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:411)
at
com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:288)
at
com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:950)
at
com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyReadCompletedCallback.complete(SSLConnectionLink.java:582)
at
com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1704)
at
com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java:566)
at
com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java:619)
at
com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java:952)
at
com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java:1039)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1471)
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:flow="http://www.springframework.org/schema/webflow-config";
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/webflow-config
http://www.springframework.org/schema/webflow-config/spring-webflow-config-1.0.xsd";>
<!-- Theme Resolver -->
<bean
id="themeResolver"
class="org.jasig.cas.services.web.ServiceThemeResolver">
<property
name="defaultThemeName"
value="default" />
</bean>
<!-- View Resolver -->
<bean
id="viewResolver"
class="org.springframework.web.servlet.view.ResourceBundleViewResolver">
<property
name="basename"
value="default_views" />
<property
name="order"
value="0" />
</bean>
<!-- Locale Resolver -->
<bean
id="localeResolver"
class="org.springframework.web.servlet.i18n.CookieLocaleResolver" />
<bean
id="localeChangeInterceptor"
class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor" />
<bean
id="urlBasedViewResolver"
class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<property
name="viewClass"
value="org.springframework.web.servlet.view.AbstractUrlBasedView" />
</bean>
<bean
id="errorHandlerResolver"
class="org.jasig.cas.web.NoSuchFlowExecutionExceptionResolver" />
<!-- Handler Mapping -->
<bean
id="handlerMappingA"
class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property
name="mappings">
<props>
<prop
key="/login">
loginController
</prop>
</props>
</property>
<property
name="interceptors">
<list>
<ref bean="localeChangeInterceptor" />
</list>
</property>
</bean>
<bean
id="handlerMappingB"
class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property
name="mappings">
<props>
<prop
key="/logout">
logoutController
</prop>
<prop
key="/serviceValidate">
serviceValidateController
</prop>
<prop
key="/validate">
legacyValidateController
</prop>
<prop
key="/proxy">
proxyController
</prop>
<prop
key="/proxyValidate">
proxyValidateController
</prop>
<!--
uncomment this to enable remote access to web service
<prop
key="/CentralAuthenticationService">
xFireCentralAuthenticationService
</prop>
-->
</props>
</property>
<!--
uncomment this to enable sending PageRequest events.
<property
name="interceptors">
<list>
<ref bean="pageRequestHandlerInterceptorAdapter" />
</list>
</property>
-->
</bean>
<bean
id="loginController"
class="org.springframework.webflow.executor.mvc.FlowController">
<property name="flowExecutor" ref="flowExecutor"/>
<property
name="defaultFlowId"
value="login-webflow" />
<property
name="argumentHandler">
<bean
class="org.springframework.webflow.executor.support.RequestParameterFlowExecutorArgumentHandler">
<property
name="flowExecutionKeyArgumentName"
value="lt" />
<property
name="defaultFlowId"
value="login-webflow" />
</bean>
</property>
</bean>
<flow:executor id="flowExecutor" registry-ref="flowRegistry">
<flow:execution-attributes>
<flow:alwaysRedirectOnPause value="false"/>
</flow:execution-attributes>
</flow:executor>
<flow:registry id="flowRegistry">
<flow:location path="/WEB-INF/login-webflow.xml"/>
</flow:registry>
<bean id="proxyValidateController"
class="org.jasig.cas.web.ServiceValidateController">
<property
name="centralAuthenticationService"
ref="centralAuthenticationService" />
<property
name="proxyHandler"
ref="proxy20Handler" />
</bean>
<bean
id="serviceValidateController"
class="org.jasig.cas.web.ServiceValidateController">
<property
name="validationSpecificationClass"
value="org.jasig.cas.validation.Cas20ProtocolValidationSpecification" />
<property
name="centralAuthenticationService"
ref="centralAuthenticationService" />
<property
name="proxyHandler"
ref="proxy20Handler" />
</bean>
<bean
id="legacyValidateController"
class="org.jasig.cas.web.ServiceValidateController">
<property
name="proxyHandler"
ref="proxy10Handler" />
<property
name="successView"
value="cas1ServiceSuccessView" />
<property
name="failureView"
value="cas1ServiceFailureView" />
<property
name="validationSpecificationClass"
value="org.jasig.cas.validation.Cas10ProtocolValidationSpecification" />
<property
name="centralAuthenticationService"
ref="centralAuthenticationService" />
</bean>
<bean
id="proxyController"
class="org.jasig.cas.web.ProxyController">
<property
name="centralAuthenticationService"
ref="centralAuthenticationService" />
</bean>
<bean
id="logoutController"
class="org.jasig.cas.web.LogoutController">
<property
name="centralAuthenticationService"
ref="centralAuthenticationService" />
<property
name="logoutView"
value="casLogoutView" />
<property
name="warnCookieGenerator"
ref="warnCookieGenerator" />
<property
name="ticketGrantingTicketCookieGenerator"
ref="ticketGrantingTicketCookieGenerator" />
</bean>
<!--
uncomment this to allow access to web service
<bean
id="xFireCentralAuthenticationService"
class="org.codehaus.xfire.spring.remoting.XFireExporter">
<property
name="serviceBean"
ref="remoteCentralAuthenticationService" />
<property
name="serviceInterface"
value="org.jasig.cas.CentralAuthenticationService" />
<property
name="serviceFactory"
ref="xfire.serviceFactory" />
<property
name="xfire"
ref="xfire" />
</bean>
<bean
id="remoteCentralAuthenticationService"
class="org.jasig.cas.remoting.server.RemoteCentralAuthenticationService">
<property
name="centralAuthenticationService"
ref="centralAuthenticationService" />
<property
name="validators">
<list>
<bean
class="org.jasig.cas.validation.UsernamePasswordCredentialsValidator" />
</list>
</property>
</bean>
-->
<bean
id="simpleMappingHandlerExceptionResolver"
class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
<property
name="exceptionMappings">
<props>
<prop
key="UndeclaredThrowableException">
serviceErrorView
</prop>
</props>
</property>
</bean>
<bean
id="abstractLoginAction"
abstract="true"
class="org.jasig.cas.web.flow.AbstractLoginAction">
<property name="warnCookieGenerator" ref="warnCookieGenerator" />
<property name="ticketGrantingTicketCookieGenerator" ref="ticketGrantingTicketCookieGenerator" />
</bean>
<bean
id="abstractCasLoginAction"
abstract="true"
parent="abstractLoginAction"
class="org.jasig.cas.web.flow.AbstractCasLoginAction">
<property name="centralAuthenticationService" ref="centralAuthenticationService" />
</bean>
<bean
id="automaticCookiePathSetterAction"
class="org.jasig.cas.web.flow.AutomaticCookiePathSetterAction">
<property name="warnCookieGenerator" ref="warnCookieGenerator" />
<property name="ticketGrantingTicketCookieGenerator" ref="ticketGrantingTicketCookieGenerator" />
</bean>
<bean
id="authenticationViaFormAction"
parent="abstractCasLoginAction"
class="org.jasig.cas.web.flow.AuthenticationViaFormAction" />
<bean
id="gatewayRequestCheckAction"
parent="abstractLoginAction"
class="org.jasig.cas.web.flow.GatewayRequestCheckAction" />
<bean
id="generateServiceTicketAction"
parent="abstractCasLoginAction"
class="org.jasig.cas.web.flow.GenerateServiceTicketAction" />
<bean
id="hasServiceCheckAction"
parent="abstractLoginAction"
class="org.jasig.cas.web.flow.HasServiceCheckAction" />
<bean
id="renewRequestCheckAction"
parent="abstractLoginAction"
class="org.jasig.cas.web.flow.RenewRequestCheckAction" />
<bean
id="sendTicketGrantingTicketAction"
parent="abstractCasLoginAction"
class="org.jasig.cas.web.flow.SendTicketGrantingTicketAction" />
<bean
id="ticketGrantingTicketExistsAction"
parent="abstractLoginAction"
class="org.jasig.cas.web.flow.TicketGrantingTicketExistsAction" />
<bean
id="warnAction"
parent="abstractLoginAction"
class="org.jasig.cas.web.flow.WarnAction" />
<!--
<bean
id="x509Check"
parent="abstractCasLoginAction"
class="org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction" />
-->
<bean id="warnCookieGenerator" class="org.springframework.web.util.CookieGenerator">
<property name="cookieSecure" value="false" />
<property name="cookieMaxAge" value="-1" />
<property name="cookieName" value="CASPRIVACY" />
<property name="cookiePath" value="/cas" />
</bean>
<bean id="ticketGrantingTicketCookieGenerator" class="org.springframework.web.util.CookieGenerator">
<property name="cookieSecure" value="false" />
<property name="cookieMaxAge" value="-1" />
<property name="cookieName" value="CASTGC" />
<property name="cookiePath" value="/cas" />
</bean>
</beans><?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd";>
<beans>
<!-- Message source for this context, loaded from localized "messages_xx" files -->
<bean
id="messageSource"
class="org.springframework.context.support.ResourceBundleMessageSource">
<property
name="basename"
value="messages" />
</bean>
<bean
id="httpClient"
class="org.jasig.cas.util.HttpClient3FactoryBean">
<property
name="soTimeout"
value="5000" />
<property
name="connectionManagerTimeout"
value="5000" />
<property
name="connectionTimeout"
value="5000" />
<property
name="defaultMaxConnectionsPerHost"
value="50" />
<property
name="maxTotalConnections"
value="50" />
</bean>
<!-- Expiration policies -->
<bean
id="serviceTicketExpirationPolicy"
class="org.jasig.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy">
<!-- This argument is the number of times that a ticket can be used before its considered expired. -->
<constructor-arg
index="0"
value="1" />
<!-- This argument is the time a ticket can exist before its considered expired. -->
<constructor-arg
index="1"
value="300000" />
</bean>
<bean
id="grantingTicketExpirationPolicy"
class="org.jasig.cas.ticket.support.TimeoutExpirationPolicy">
<!-- This argument is the time a ticket can exist before its considered expired. -->
<constructor-arg
index="0"
value="7200000" />
</bean>
<!-- CentralAuthenticationService -->
<bean
id="centralAuthenticationService"
class="org.jasig.cas.CentralAuthenticationServiceImpl">
<property
name="ticketGrantingTicketExpirationPolicy"
ref="grantingTicketExpirationPolicy" />
<property
name="serviceTicketExpirationPolicy"
ref="serviceTicketExpirationPolicy" />
<property
name="authenticationManager"
ref="authenticationManager" />
<property
name="ticketGrantingTicketUniqueTicketIdGenerator"
ref="ticketGrantingTicketUniqueIdGenerator" />
<property
name="serviceTicketUniqueTicketIdGenerator"
ref="serviceTicketUniqueIdGenerator" />
<property
name="ticketRegistry"
ref="ticketRegistry" />
</bean>
<bean
id="proxy10Handler"
class="org.jasig.cas.ticket.proxy.support.Cas10ProxyHandler" />
<!--Quartz -->
<!-- TICKET REGISTRY CLEANER -->
<bean
id="ticketRegistryCleaner"
class="org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner">
<property
name="ticketRegistry"
ref="ticketRegistry" />
</bean>
<bean id="jobDetailTicketRegistryCleaner" class="org.springframework.scheduling.quartz.MethodInvokingJobDetailFactoryBean">
<property
name="targetObject"
ref="ticketRegistryCleaner" />
<property
name="targetMethod"
value="clean" />
</bean>
<bean
id="triggerJobDetailTicketRegistryCleaner"
class="org.springframework.scheduling.quartz.SimpleTriggerBean">
<property
name="jobDetail"
ref="jobDetailTicketRegistryCleaner" />
<!-- How long after the application is started before we start attempting to clean out the registry. -->
<property
name="startDelay"
value="20000" />
<!-- How often the cleaner should be run to clean out the ticket registry. -->
<property
name="repeatInterval"
value="5000000" />
</bean>
<bean id="scheduler" class="org.springframework.scheduling.quartz.SchedulerFactoryBean">
<property name="triggers">
<list>
<ref
local="triggerJobDetailTicketRegistryCleaner" />
</list>
</property>
</bean>
<!-- ADVISORS -->
<bean
id="advisorAutoProxyCreator"
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator" />
<bean id="hostName"
class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName">
<value>HostName</value>
</property>
<property name="expectedType">
<value>java.lang.String</value>
</property>
<property name="resourceRef">
<value>false</value>
</property>
</bean>
<bean id="ticketGrantingTicketUniqueIdGenerator" class="org.jasig.cas.util.DefaultUniqueTicketIdGenerator">
<constructor-arg index="0" ref="hostName" />
</bean>
<bean id="serviceTicketUniqueIdGenerator" class="org.jasig.cas.util.DefaultUniqueTicketIdGenerator">
<constructor-arg index="0" ref="hostName"/>
</bean>
<bean id="proxy20TicketUniqueIdGenerator" class="org.jasig.cas.util.DefaultUniqueTicketIdGenerator">
<constructor-arg index="0" ref="hostName" />
</bean>
<bean id="proxy20Handler" class="org.jasig.cas.ticket.proxy.support.Cas20ProxyHandler">
<property name="httpClient" ref="httpClient" />
<property name="uniqueTicketIdGenerator" ref="proxy20TicketUniqueIdGenerator" />
</bean>
<!-- Ticket Registry -->
<bean
id="ticketRegistry"
class="org.jasig.cas.ticket.registry.DefaultTicketRegistry" />
<!-- <bean id="ticketRegistry"
class="org.jasig.cas.modules.ticket.JdbcTicketRegistry">
<property name="dataSource" ref="dataSource" />
</bean>
<bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName" value="jdbc/uim"/>
</bean>
-->
</beans>_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
