Hello All, I am new to CAS, but I have almost completed my CAS server configurations. I have a few questions of which I am hoping to get some answers from the CAS experts.
1. I am using mysql to manage services. After my first entry, I can no longer access the services management page https://cas.domainname.com:8443/cas/services/. If I delete the entries from the database, I am able to access the service management page once again. In the cas documentation, it states that the first service that should be added is the service itself. Can someone tell me the purpose of the service management page? Do I need to add the URL for each of my applications that will be authenticating through cas in service management? Thanks, Kurt On Tue, Oct 1, 2013 at 8:29 AM, Jérôme LELEU <[email protected]> wrote: > Hi, > > Your stacktrace is hard to read. I see an "Access is denied" and a > redirection through the authentication entry point, which is pretty normal > when you are not authenticated and try to access a protected page. > The main settings are the urls of the services webapp and entry point > ("CAS URLs" in the wiki page) and the ROLE_ADMIN for the right user. > The blank screen is pretty strange : sure that you don't have any error > logs somewhere ? > Best regards, > Jérôme > > > > 2013/10/1 Sébastien Toulmonde <[email protected]> > >> Hi CAS gurus, >> >> I'm having the strangest issue right now regarding the services >> management app... It's no more accessible: I get a blank screen ( >> https://cas-server:8181/cas/services) >> >> I've tried on several servers, including a separate workstation, and hit >> several DBs - same issue. >> >> I'm using Mysql as a back-end for services management (like in the wiki >> https://wiki.jasig.org/display/CASUM/Configuring) >> >> Lowering the logs to debug/trace, I found this: >> >> 2013-10-01 09:37:28,956 DEBUG >> [org.springframework.security.web.FilterChainProxy] - Converted URL to >> lowercase, from: '/services'; to: '/services' 2013-10-01 09:37:28,957 DEBUG >> [org.springframework.security.web.FilterChainProxy] - Candidate is: >> '/services'; pattern is /services/loggedout.html; matched=false 2013-10-01 >> 09:37:28,957 DEBUG [org.springframework.security.web.FilterChainProxy] - >> Converted URL to lowercase, from: '/services'; to: '/services' 2013-10-01 >> 09:37:28,957 DEBUG [org.springframework.security.web.FilterChainProxy] - >> Candidate is: '/services'; pattern is /**; matched=true 2013-10-01 >> 09:37:28,957 DEBUG [org.springframework.security.web.FilterChainProxy] - >> /services at position 1 of 12 in additional filter chain; firing Filter: >> 'org.springframework.security.web.context.SecurityContextPersistenceFilter@461e4b' >> 2013-10-01 09:37:28,957 DEBUG >> [org.springframework.security.web.context.HttpSessionSecurityContextRepository] >> - HttpSession returned null object for SPRING_SECURITY_CONTEXT 2013-10-01 >> 09:37:28,957 DEBUG >> [org.springframework.security.web.context.HttpSessionSecurityContextRepository] >> - No SecurityContext was available from the HttpSession: >> org.apache.catalina.session.StandardSessionFacade@b0ce1f. A new one will >> be created. 2013-10-01 09:37:28,957 DEBUG >> [org.springframework.security.web.FilterChainProxy] - /services at position >> 2 of 12 in additional filter chain; firing Filter: >> 'org.springframework.security.web.authentication.logout.LogoutFilter@e55a5c' >> 2013-10-01 09:37:28,957 DEBUG >> [org.springframework.security.web.FilterChainProxy] - /services at position >> 3 of 12 in additional filter chain; firing Filter: >> 'org.springframework.security.cas.web.CasAuthenticationFilter@19a1fd9' >> 2013-10-01 09:37:28,957 DEBUG >> [org.springframework.security.web.FilterChainProxy] - /services at position >> 4 of 12 in additional filter chain; firing Filter: >> 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@1dce27e' >> 2013-10-01 09:37:28,957 DEBUG >> [org.springframework.security.web.FilterChainProxy] - /services at position >> 5 of 12 in additional filter chain; firing Filter: >> 'org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@19cf5f6' >> 2013-10-01 09:37:28,957 DEBUG >> [org.springframework.security.web.FilterChainProxy] - /services at position >> 6 of 12 in additional filter chain; firing Filter: >> 'org.springframework.security.web.authentication.www.BasicAuthenticationFilter@e8bccf' >> 2013-10-01 09:37:28,957 DEBUG >> [org.springframework.security.web.FilterChainProxy] - /services at position >> 7 of 12 in additional filter chain; firing Filter: >> 'org.springframework.security.web.savedrequest.RequestCacheAwareFilter@1b21964' >> 2013-10-01 09:37:28,957 DEBUG >> [org.springframework.security.web.savedrequest.DefaultSavedRequest] - >> pathInfo: both null (property equals) 2013-10-01 09:37:28,957 DEBUG >> [org.springframework.security.web.savedrequest.DefaultSavedRequest] - >> queryString: both null (property equals) 2013-10-01 09:37:28,957 DEBUG >> [org.springframework.security.web.savedrequest.DefaultSavedRequest] - >> requestURI: arg1=/cas/services; arg2=/cas/services (property equals) >> 2013-10-01 09:37:28,958 DEBUG >> [org.springframework.security.web.savedrequest.DefaultSavedRequest] - >> serverPort: arg1=8181; arg2=8181 (property equals) 2013-10-01 09:37:28,958 >> DEBUG [org.springframework.security.web.savedrequest.DefaultSavedRequest] - >> requestURL: arg1=https://localhost:8181/cas/services; arg2= >> https://localhost:8181/cas/services (property equals) 2013-10-01 >> 09:37:28,958 DEBUG >> [org.springframework.security.web.savedrequest.DefaultSavedRequest] - >> scheme: arg1=https; arg2=https (property equals) 2013-10-01 09:37:28,958 >> DEBUG [org.springframework.security.web.savedrequest.DefaultSavedRequest] - >> serverName: arg1=localhost; arg2=localhost (property equals) 2013-10-01 >> 09:37:28,958 DEBUG >> [org.springframework.security.web.savedrequest.DefaultSavedRequest] - >> contextPath: arg1=/cas; arg2=/cas (property equals) 2013-10-01 09:37:28,958 >> DEBUG [org.springframework.security.web.savedrequest.DefaultSavedRequest] - >> servletPath: arg1=/services; arg2=/services (property equals) 2013-10-01 >> 09:37:28,958 DEBUG >> [org.springframework.security.web.savedrequest.HttpSessionRequestCache] - >> Removing DefaultSavedRequest from session if present 2013-10-01 >> 09:37:28,966 DEBUG [org.springframework.security.web.FilterChainProxy] - >> /services at position 8 of 12 in additional filter chain; firing Filter: >> 'org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@149e2b7' >> 2013-10-01 09:37:28,966 DEBUG >> [org.springframework.security.web.FilterChainProxy] - /services at position >> 9 of 12 in additional filter chain; firing Filter: >> 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@a38463' >> 2013-10-01 09:37:28,966 DEBUG >> [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] >> - Populated SecurityContextHolder with anonymous token: >> 'org.springframework.security.authentication.AnonymousAuthenticationToken@9054b1a2: >> Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; >> Details: >> org.springframework.security.web.authentication.WebAuthenticationDetails@1c07a: >> RemoteIpAddress: 127.0.0.1; SessionId: 2f21e121748cc93b0432261b8990; >> Granted Authorities: ROLE_ANONYMOUS' 2013-10-01 09:37:28,966 DEBUG >> [org.springframework.security.web.FilterChainProxy] - /services at position >> 10 of 12 in additional filter chain; firing Filter: >> 'org.springframework.security.web.session.SessionManagementFilter@16fd35b' >> 2013-10-01 09:37:28,966 DEBUG >> [org.springframework.security.web.FilterChainProxy] - /services at position >> 11 of 12 in additional filter chain; firing Filter: >> 'org.springframework.security.web.access.ExceptionTranslationFilter@1d72cee' >> 2013-10-01 09:37:28,966 DEBUG >> [org.springframework.security.web.FilterChainProxy] - /services at position >> 12 of 12 in additional filter chain; firing Filter: >> 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor@19900fa' >> 2013-10-01 09:37:28,966 DEBUG >> [org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource] >> - Converted URL to lowercase, from: '/services'; to: '/services' 2013-10-01 >> 09:37:28,967 DEBUG >> [org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource] >> - Candidate is: '/services'; pattern is /**; matched=true 2013-10-01 >> 09:37:28,967 DEBUG >> [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] >> - Secure object: FilterInvocation: URL: /services; Attributes: [ROLE_ADMIN >> ] 2013-10-01 09:37:28,967 DEBUG >> [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] >> - Previously Authenticated: >> org.springframework.security.authentication.AnonymousAuthenticationToken@9054b1a2: >> Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; >> Details: >> org.springframework.security.web.authentication.WebAuthenticationDetails@1c07a: >> RemoteIpAddress: 127.0.0.1; SessionId: 2f21e121748cc93b0432261b8990; >> Granted Authorities: ROLE_ANONYMOUS 2013-10-01 09:37:28,967 DEBUG >> [org.springframework.security.access.vote.AffirmativeBased] - Voter: >> org.springframework.security.access.vote.RoleVoter@1bac611, returned: -1 >> 2013-10-01 09:37:28,967 DEBUG >> [org.springframework.security.access.vote.AffirmativeBased] - Voter: >> org.springframework.security.access.vote.AuthenticatedVoter@45f1f2, >> returned: 0 2013-10-01 09:37:28,967 DEBUG >> [org.springframework.security.web.access.ExceptionTranslationFilter] - >> Access is denied (user is anonymous); redirecting to authentication entry >> point org.springframework.security.access.AccessDeniedException: Access is >> denied at >> org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71) >> at >> org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:203) >> at >> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106) >> at >> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) >> at >> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97) >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) >> at >> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:96) >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) >> at >> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78) >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) >> at >> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) >> at >> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35) >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) >> at >> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177) >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) >> at >> org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:90) >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) >> at >> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187) >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) >> at >> org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187) >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) >> at >> org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) >> at >> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79) >> at >> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) >> at >> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:149) >> at >> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) >> at >> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:217) >> at >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:279) >> at >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) >> at >> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655) >> at >> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595) >> at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161) >> at >> org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:331) >> at >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231) >> at >> com.sun.enterprise.v3.services.impl.ContainerMapper$AdapterCallable.call(ContainerMapper.java:317) >> at >> com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:195) >> at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:860) >> at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:757) at >> com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1056) at >> com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:229) >> at >> com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137) >> at >> com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104) >> at >> com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90) >> at >> com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79) >> at >> com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54) >> at >> com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59) >> at com.sun.grizzly.ContextTask.run(ContextTask.java:71) at >> com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532) >> at >> com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513) >> at java.lang.Thread.run(Thread.java:722) >> >> >> I did mapped my user as ROLE_ADMIN: >> <sec:user-service id="userDetailsService"> >> <sec:user name="[email protected]"<mailto: >> [email protected]> password="notused" >> authorities="ROLE_ADMIN" /> >> </sec:user-service> >> >> >> And as I get a blank screen, I'm a bit stuck... Does someone has a clue >> on what I've done wrong? I've already dropped the tables in Mysql to >> elemininate any thrash there - same issue. >> >> Thanks for your help! >> >> >> -- >> ___________________________________________________ >> >> SEBASTIEN TOULMONDE >> UNIX System Administrator >> Information Services Department >> >> BISNODE >> >> Direct: +32 2 555 96 86 >> Mobile: +32 475 49 81 45 >> Office fax: +32 2 521 21 98 >> E-mail: [email protected]<mailto: >> [email protected]> >> Address: Researchdreef 65 Allée de la Recherche, 1070 Brussels, Belgium >> www.bisnode.be<http://www.bisnode.be> >> __________________________________________________ >> >> **** DISCLAIMER **** >> "This e-mail and any attachments thereto may contain information which is >> confidential and/or protected by intellectual property rights and are >> intended for the sole use of the recipient(s)named above. Any use of the >> information contained herein (including, but not limited to, total or >> partial reproduction, communication or distribution in any form)by persons >> other than the designated recipient(s) is prohibited. If you have received >> this e-mail in error, please notify the sender either by telephone or by >> e-mail and delete the material from any computer. Thank you for your >> cooperation." >> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
