[
https://issues.apache.org/jira/browse/GUACAMOLE-355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16100008#comment-16100008
]
Nick Couchman commented on GUACAMOLE-355:
-----------------------------------------
{quote}
Where specifically is that FileNotFoundException being thrown?
{quote}
I believe it gets thrown by the CAS Client module that is imported into the
guacamole-auth-cas module. Here's the top part of the stack trace:
{code}
20:40:08.007 [http-nio-8080-exec-512] ERROR o.jasig.cas.client.util.CommonUtils
-
https://guac.example.com/cas/login/proxyValidate?ticket=ST-1-9s3clpKb2Ph4S0t39nEj-guac.example.com&service=https%3A%2F%2Fguac.example.com%2Fguacamole
java.io.FileNotFoundException:
https://guac.example.com/cas/login/proxyValidate?ticket=ST-1-9s3clpKb2Ph4S0t39nEj-guac.example.com&service=https%3A%2F%2Fguac.example.com%2Fguacamole
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1872)
~[na:1.8.0_131]
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)
~[na:1.8.0_131]
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
~[na:1.8.0_131]
at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:429)
~[guacamole-auth-cas-0.9.13-incubating.jar:na]
at
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41)
[guacamole-auth-cas-0.9.13-incubating.jar:na]
at
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193)
[guacamole-auth-cas-0.9.13-incubating.jar:na]
at
org.apache.guacamole.auth.cas.ticket.TicketValidationService.processUsername(TicketValidationService.java:72)
[guacamole-auth-cas-0.9.13-incubating.jar:na]
at
org.apache.guacamole.auth.cas.AuthenticationProviderService.authenticateUser(AuthenticationProviderService.java:86)
[guacamole-auth-cas-0.9.13-incubating.jar:na]
{code}
Here's roughly what happens.
* User enables CAS module and puts in an incorrect URL for the CAS base (like
adding /login to the end)
* User logs in, which redirects successfully to the CAS login page, but then
the CAS module's TicketValidationService class goes to validate the ticket,
which results in a 404 from the CAS server
* Somewhere along the line, this turns into a FileNotFoundException, which gets
handled by
guacamole/src/main/java/org/apache/guacamole/rest/RESTExceptionWrapper.java in
the invoke method, down in the {code} catch (Throwable t) {code} block as an
unchecked exception.
I was playing around last night and tried to catch the FileNotFoundException
both in the CAS module and in the RESTExceptionWrapper up with the previous
Guacamole exceptions, but neither of those options panned out.
> CAS Module Missing Error Handling
> ---------------------------------
>
> Key: GUACAMOLE-355
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-355
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-cas
> Affects Versions: 0.9.13-incubating
> Reporter: Nick Couchman
> Assignee: Nick Couchman
>
> As reported by Kaushnik on the dev mailing list, attempting to use the
> guacamole-auth-cas module with an incorrect CAS authentication endpoint
> results in very generic and not very useful 500 Internal Server errors rather
> than meaningful messages that point the user in the right direction for
> correcting the error. Need to see if the CAS framework has any built-in
> error checking facilities and try to leverage those, or at least throw some
> more meaningful Guacamole errors when we run into problems.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
