Re: [Matterhorn-users] CAS implementation failure

Fri, 30 Nov 2012 11:14:24 -0800 

I changed this (in mh_default_org.xml)

>    <!-- CAS auth is used for authentication via browsers -->
>    <sec:custom-filter position="FORM_LOGIN_FILTER" ref="casFilter" />

to this

>    <!-- CAS auth is used for authentication via browsers -->
>    <sec:custom-filter position="CAS_FILTER" ref="casFilter" />


And got...

12:58:04 ERROR (SpringSecurityConfigurationArtifactInstaller:121) - Unable to 
refresh spring security configuration file 
/opt/matterhorn/trunk/etc/security/mh_default_org.xml: 
org.springframework.beans.factory.BeanCreationException: Error creating bean 
with name 'org.springframework.security.filterChains': Cannot resolve reference 
to bean 'org.springframework.security.web.DefaultSecurityFilterChain#7' while 
setting bean property 'sourceList' with key [7]; nested exception is 
org.springframework.beans.factory.BeanCreationException: Error creating bean 
with name 'org.springframework.security.web.DefaultSecurityFilterChain#7': 
Cannot resolve reference to bean 'casFilter' while setting constructor argument 
with key [3]; nested exception is 
org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find 
class [org.springframework.security.cas.web.CasAuthenticationFilter] for bean 
with name 'casFilter' defined in OSGi 
resource[file:/opt/matterhorn/trunk/etc/security/mh_
 default_org.xml|bnd.id=142|bnd.sym=matterhorn-kernel]; nested exception is 
java.lang.ClassNotFoundException: 
org.springframework.security.cas.web.CasAuthenticationFilter not found from 
bundle [matterhorn-kernel]

Undaunted, based on what Tobias said here:

        
http://lists.opencastproject.org/pipermail/matterhorn-users/2012-November/003584.html

 I edited 

        /opt/matterhorn/trunk/modules/matterhorn-cas/pom.xml

and added stars to these lines

            <Import-Package>
              org.jasig.cas.client.authentication.*;resolution:=optional,
              org.jasig.cas.client.proxy.*;resolution:=optional,
              org.jasig.cas.client.session.*;resolution:=optional,
              org.jasig.cas.client.util.*;resolution:=optional,
              org.jasig.cas.client.validation.*;resolution:=optional,
              org.springframework.security.cas.*;resolution:=optional,
              
org.springframework.security.cas.authentication.*;resolution:=optional,
              org.springframework.security.cas.web.*;resolution:=optional
            </Import-Package>

clean installed matterhorn, and restarted with this new result


 
ERROR (SpringSecurityConfigurationArtifactInstaller:121) - Unable to refresh 
spring security configuration file 
/opt/matterhorn/trunk/etc/security/mh_default_org.xml: 
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: 

Configuration problem: Unable to locate Spring NamespaceHandler for XML schema 
namespace [http://www.springframework.org/schema/security]
Offending resource: OSGi 
resource[file:/opt/matterhorn/trunk/etc/security/mh_default_org.xml|bnd.id=151|bnd.sym=matterhorn-kernel]

i should like to point out tobias also said here:

        
http://lists.opencastproject.org/pipermail/matterhorn-users/2012-November/003586.html

"As stated in my last response, this should be working ootb in 1.4, so even if 
it is broken, there should be an easy fix for it."







On Nov 14, 2012, at 5:26 PM, Wesley Alan Wright <[email protected]> wrote:

> Wel, after all my bellyaching over LDAP Authentication, I have come to learn 
> our institution indeed has a CAS authentication server.
> 
> So I read all the HOW-Tos and edited mh_default_org.xml only to get
> 
> 17:20:05 ERROR (SpringSecurityConfigurationArtifactInstaller:121) - Unable to 
> refresh spring security configuration file 
> /opt/matterhorn/trunk/etc/security/mh_default_org.xml: 
> org.springframework.beans.factory.parsing.BeanDefinitionParsingException: 
> Configuration problem: Filter beans '<casFilter>' and 
> '<org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0>'
>  have the same 'order' value. When using custom filters, please make sure the 
> positions do not conflict with default filters. Alternatively you can disable 
> the default filters by removing the corresponding child elements from <http> 
> and avoiding the use of <http auto-config='true'>.
> 
> Offending resource: OSGi 
> resource[file:/opt/matterhorn/trunk/etc/security/mh_default_org.xml|bnd.id=142|bnd.sym=matterhorn-kernel]
> 
> here's the partial http stanza from mh_default_org.xml
> 
>    <!-- ############################# -->
>    <!-- # LOGIN / LOGOUT MECHANISMS # -->
>    <!-- ############################# -->
> 
>    <!-- Uncomment to enable x509 client certificates for identifying clients 
> -->
>    <!-- sec:x509 subject-principal-regex="CN=(.*?)," 
> user-service-ref="userDetailsService" / -->
> 
>    <!-- Enable and configure the failure URL for form-based logins -->
>    <sec:form-login authentication-failure-url="/login.html?error" 
> authentication-success-handler-ref="authSuccessHandler" />
> 
>    <!-- Digest auth is used by capture agents and is used to enable 
> transparent clustering of services -->
>    <sec:custom-filter position="BASIC_AUTH_FILTER" ref="digestFilter" />
> 
>    <!-- CAS auth is used for authentication via browsers -->
>    <sec:custom-filter position="FORM_LOGIN_FILTER" ref="casFilter" />
> 
>    <!--
>      2-legged oauth is used by trusted 3rd party applications, including LTI 
> producers.
>      If you do not plan to use OAuth, comment this out.
>    -->
>    <sec:custom-filter after="BASIC_AUTH_FILTER" 
> ref="oauthProtectedResourceFilter" />
> 
>    <!-- Enables "remember me" functionality -->
>    <sec:remember-me key="matterhorn" user-service-ref="userDetailsService" />
> 
>    <!-- Set the request cache -->
>    <sec:request-cache ref="requestCache" />
> 
>    <!-- If any URLs are to be exposed to anonymous users, the "sec:anonymous" 
> filter must be present -->
>    <sec:anonymous />
> 
>    <!-- Enables log out -->
>    <sec:logout />
> 
>    <!-- Enables Single Sign Out -->
>       <sec:logout logout-success-url="/cas-logout.jsp"/>
>       <sec:custom-filter ref="requestSingleLogoutFilter" 
> before="LOGOUT_FILTER"/>
>       <sec:custom-filter ref="singleLogoutFilter" before="FORM_LOGIN_FILTER"/>
> 
> 

-----------------------------------------------------------------------
| Wesley Alan Wright <mailto:[email protected]>                   |
| Center for Teaching and Learning  __0__                             |
| Room 407 Lafayette Building      / \ | \                            |
| University of Vermont              \77                              |
| Burlington, Vermont 05405-0160 USA. \\  http://www.uvm.edu/skivt-l  |
| Voice: 802-656-1254                  vv                             |
| aim:goim?screenname=maddogskideath      http://www.uvm.edu/~waw/    |
-----------------------------------------------------------------------





_______________________________________________
Matterhorn-users mailing list
[email protected]
http://lists.opencastproject.org/mailman/listinfo/matterhorn-users

Reply via email to