[cas-user] Re: Using Eclipse
Hi Colin! I am also an Eclipse user and I can confirm the Gradle support currently present in Eclipse Oxygen is not 100% finished and able to work with the CAS code base seamlessly. I can just add the following to your remarks: - When creating Eclipse projects on the command line, I must sometimes use "-DskipVersionConflict=true". That's because sometimes there are conflicts of version in the dependencies - very little differences but Gradle in Eclipse stops on them. This happened to me some time ago with CAS 5.1 but it was fixed after some time. - On some projects, I must manually create a few directories like "src/test/java" etc. They may not always exist and it's probably correct but Eclipse reports build errors. - There is some documentation on CAS and Eclipse here: https://apereo.github.io/cas/developer/Build-Process.html#eclipse - On the other hand, Eclipse sometimes reveals problems that normally pass the Gradle build. For example, I know of a class placed in a wrong package. Gradle is OK with it but Eclipse shows an error (which is probably correct). Best Regards, Jarda -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/88736592-3154-4039-a120-491b9dd4205b%40apereo.org.
[cas-user] Re: Inspektr audit - Failed authentication treated like throttling?
Hello everybody, I submitted a pull request for that, here it is: https://github.com/apereo/cas/pull/2667 Could someone from the developers have a look, please? Thank you in advance, Jarda Dne úterý 23. května 2017 10:52:07 UTC+2 Jaroslav Kačer napsal(a): > > Dear CAS user/developers, > > We are using CAS 5.0.4 with the Inspektr library for storing audit logs > into a database. We are using it together with login throttling, which > depends on the data in the audit table. > > Everything works just fine, I just spotted a little surprising thing: It > seems that authentication failures (i.e. input data for the throttling > mechanism) are reported as actual throttling. CAS works fine, no actual > throttling occurs (yet), just the audit log contains little misleading > information. > > In a text log file, it looks like this: > > 2017-05-23T10:05:02,992 [http-nio-8443-exec-7] DEBUG org.apereo.cas.web. > support. > InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter > - Recording submission failure for /cas/login > 2017-05-23T10:05:02,992 [http-nio-8443-exec-7] WARN org.apereo.cas.web. > support. > InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter > - Throttling submission from 0:0:0:0:0:0:0:1. More than 5 failed login > attempts within 60 seconds. Authentication attempt exceeds the failure > threshold 5 > > > The first line looks OK to me, while the second one does not; no actual > throttling occurred and this was the 1st failed login attempt. > > In the database, it looks like this: > xx...@xxx.com 0:0:0:0:0:0:0:1 0:0:0:0:0:0:0:1 Supplied credentials: [ > xx...@xxx.com] AUTHENTICATION_FAILED CAS 22-MAY-17 05.15.13.08600 PM > xx...@xxx.com 0:0:0:0:0:0:0:1 0:0:0:0:0:0:0:1 xx...@xxx.com > THROTTLED_LOGIN_ATTEMPT CAS 22-MAY-17 05.15.35.07900 PM > > > (The time difference results from debugging, please ignore it.) Again, the > first row looks OK, the 2nd one is misleading. > > When I look into the source code, > class > InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter, > I can see this method: > @Override > public void recordSubmissionFailure(final HttpServletRequest request) { > recordThrottle(request); > } > > > > Calling recordThrottle(record) here is probably the source of the behavior > I've just described. I think something else should be called instead. Do > you agree? Or do I understand it wrong and this behavior is OK? > > Thank you! > > Best Regards, > Jarda > > > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4e6479bd-9cd8-4e58-ad6d-2a45bfbe4c18%40apereo.org.
[cas-user] Inspektr audit - Failed authentication treated like throttling?
Dear CAS user/developers, We are using CAS 5.0.4 with the Inspektr library for storing audit logs into a database. We are using it together with login throttling, which depends on the data in the audit table. Everything works just fine, I just spotted a little surprising thing: It seems that authentication failures (i.e. input data for the throttling mechanism) are reported as actual throttling. CAS works fine, no actual throttling occurs (yet), just the audit log contains little misleading information. In a text log file, it looks like this: 2017-05-23T10:05:02,992 [http-nio-8443-exec-7] DEBUG org.apereo.cas.web. support. InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter - Recording submission failure for /cas/login 2017-05-23T10:05:02,992 [http-nio-8443-exec-7] WARN org.apereo.cas.web. support. InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter - Throttling submission from 0:0:0:0:0:0:0:1. More than 5 failed login attempts within 60 seconds. Authentication attempt exceeds the failure threshold 5 The first line looks OK to me, while the second one does not; no actual throttling occurred and this was the 1st failed login attempt. In the database, it looks like this: xx...@xxx.com 0:0:0:0:0:0:0:1 0:0:0:0:0:0:0:1 Supplied credentials: [ xx...@xxx.com] AUTHENTICATION_FAILED CAS 22-MAY-17 05.15.13.08600 PM xx...@xxx.com 0:0:0:0:0:0:0:1 0:0:0:0:0:0:0:1 xx...@xxx.com THROTTLED_LOGIN_ATTEMPT CAS 22-MAY-17 05.15.35.07900 PM (The time difference results from debugging, please ignore it.) Again, the first row looks OK, the 2nd one is misleading. When I look into the source code, class InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter, I can see this method: @Override public void recordSubmissionFailure(final HttpServletRequest request) { recordThrottle(request); } Calling recordThrottle(record) here is probably the source of the behavior I've just described. I think something else should be called instead. Do you agree? Or do I understand it wrong and this behavior is OK? Thank you! Best Regards, Jarda -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/faf74be0-eaba-4db1-bce8-85060159fcd8%40apereo.org.