Username/password authentication
Jonathan Hayward http://JonathansCorner.com
christos.jonathan.hayward at gmail.com
Tue Dec 4 16:21:54 EST 2007
It built, but when I run it, I got the same error as before:
CAS is Unavailable
There was a fatal error initializing the CAS application context. This is
almost always because of an error in the Spring bean configuration files.
Are the files valid XML? Do the beans they refer to all exist?
Before placing CAS in production, you should change this page to present a
UI appropriate for the case where the CAS web application is fundamentally
broken. Perhaps "Sorry, CAS is currently unavailable." with some links to
your user support information.
The Throwable encountered at context listener initialization was:
org.springframework.beans.factory.BeanDefinitionStoreException: Error
registering bean with name 'contextSource' defined in ServletContext
resource [/WEB-INF/deployerConfigContext.xml]: Bean class [
org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource] not found;
nested exception is java.lang.ClassNotFoundException:
org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource
The Throwable encountered at dispatcher servlet initialization was:
org.springframework.beans.factory.BeanDefinitionStoreException: Error
registering bean with name 'contextSource' defined in ServletContext
resource [/WEB-INF/deployerConfigContext.xml]: Bean class [
org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource] not found;
nested exception is java.lang.ClassNotFoundException:
org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource
The comment Dave gave when I posted this message earlier was:
The missing class will be defined in cas-server-support-ldap. Adding this
dependency to the webapp pom.xml should include it in the built cas.jar
*-* <dependency>
* * <groupId>*org.jasig.cas*</groupId>
* * <artifactId>*cas-server-support-ldap*</artifactId>
* * <version>*${project.version}*</version>
</dependency>
Or, as a quick fix you could copy cas-server-support-ldap-3.1.1.jar to the
cas WEB-INF/lib directory on the app server.
While working on this message, I also tried the copy suggested in the last
line, bounced the server, and got the same message on trying to login to
CAS.
On Dec 4, 2007 3:02 PM, Jonathan Hayward http://JonathansCorner.com <
christos.jonathan.hayward at gmail.com> wrote:
> I had edited the pom.xml one directory higher. I've moved the dependency
> and am compiling.
>
> Thanks,
>
>
> On Dec 4, 2007 2:52 PM, Scott Battaglia < scott.battaglia at gmail.com>
> wrote:
>
> > Which pom.xml did you edit?
> >
> >
> > On Dec 4, 2007 3:24 PM, Jonathan Hayward http://JonathansCorner.com <christos.jonathan.hayward at gmail.com>
> > wrote:
> >
> > > P.S.
> > >
> > > From a fresh computer I installed maven, downloaded a fresh copy of http://www.ja-sig.org/downloads/cas/cas-server-3.1.1-release.zip
> > > , unzipped it, changed pom.xml by adding:
> > >
> > > <dependency>
> > > <groupId>${project.groupId}</groupId>
> > > <artifactId> cas-server-support-ldap</artifactId>
> > > <version>${project.version}</version>
> > > </dependency>
> > >
> > > and cas-server-3.1.1/cas-server-webapp/src/main/webapp/WEB-INF/deployeConfigContext.xml
> > > by adding what's at the end of this e-mail, and then running:
> > >
> > > mvn -Dmaven.test.skip=true package install
> > >
> > > I got the cyclical dependency error I reported earlier. Is there
> > > something wrong with the sanitized XML below that would have introduced a
> > > dependency from cas-server-support-ldap onto itself?
> > >
> > > <?xml version="1.0" encoding="UTF-8"?>
> > > <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "
> > > http://www.springframework.org/dtd/spring-beans.dtd">
> > > <!--
> > > | deployerConfigContext.xml centralizes into one file some of
> > > the declarative configuration that
> > > | all CAS deployers will need to modify.
> > > |
> > > | This file declares some of the Spring-managed JavaBeans that
> > > make up a CAS deployment.
> > > | The beans declared in this file are instantiated at context
> > > initialization time by the Spring
> > > | ContextLoaderListener declared in web.xml. It finds this
> > > file because this
> > > | file is among those declared in the context parameter
> > > "contextConfigLocation".
> > > |
> > > | By far the most common change you will need to make in this
> > > file is to change the last bean
> > > | declaration to replace the default
> > > SimpleTestUsernamePasswordAuthenticationHandler with
> > > | one implementing your approach for authenticating usernames
> > > and passwords.
> > > +-->
> > > <beans>
> > > <!--
> > > | This bean declares our AuthenticationManager. The
> > > CentralAuthenticationService service bean
> > > | declared in applicationContext.xml picks up this
> > > AuthenticationManager by reference to its id,
> > > | "authenticationManager". Most deployers will be
> > > able to use the default AuthenticationManager
> > > | implementation and so do not need to change the
> > > class of this bean. We include the whole
> > > | AuthenticationManager here in the
> > > userConfigContext.xml so that you can see the things you will
> > > | need to change in context.
> > > +-->
> > > <bean id="authenticationManager"
> > > class="
> > > org.jasig.cas.authentication.AuthenticationManagerImpl">
> > > <!--
> > > | This is the List of
> > > CredentialToPrincipalResolvers that identify what Principal is trying to
> > > authenticate.
> > > | The AuthenticationManagerImpl considers them
> > > in order, finding a CredentialToPrincipalResolver which
> > > | supports the presented credentials.
> > > |
> > > | AuthenticationManagerImpl uses these
> > > resolvers for two purposes. First, it uses them to identify the Principal
> > > | attempting to authenticate to CAS /login .
> > > In the default configuration, it is the
> > > DefaultCredentialsToPrincipalResolver
> > > | that fills this role. If you are using some
> > > other kind of credentials than UsernamePasswordCredentials, you will need to
> > > replace
> > > | DefaultCredentialsToPrincipalResolver with a
> > > CredentialsToPrincipalResolver that supports the credentials you are
> > > | using.
> > > |
> > > | Second, AuthenticationManagerImpl uses these
> > > resolvers to identify a service requesting a proxy granting ticket.
> > > | In the default configuration, it is the
> > > HttpBasedServiceCredentialsToPrincipalResolver that serves this purpose.
> > > | You will need to change this list if you are
> > > identifying services by something more or other than their callback URL.
> > > +-->
> > > <property name="credentialsToPrincipalResolvers">
> > > <list>
> > > <!--
> > > |
> > > UsernamePasswordCredentialsToPrincipalResolver supports the
> > > UsernamePasswordCredentials that we use for /login
> > > | by default and produces
> > > SimplePrincipal instances conveying the username from the credentials.
> > > |
> > > | If you've changed your
> > > LoginFormAction to use credentials other than UsernamePasswordCredentials
> > > then you will also
> > > | need to change this bean
> > > declaration (or add additional declarations) to declare a
> > > CredentialsToPrincipalResolver that supports the
> > > | Credentials you are using.
> > > +-->
> > > <bean
> > > class="
> > > org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
> > > <!--
> > > |
> > > HttpBasedServiceCredentialsToPrincipalResolver supports
> > > HttpBasedCredentials. It supports the CAS 2.0 approach of
> > > | authenticating services by
> > > SSL callback, extracting the callback URL from the Credentials and
> > > representing it as a
> > > | SimpleService identified by
> > > that callback URL.
> > > |
> > > | If you are representing
> > > services by something more or other than an HTTPS URL whereat they are able
> > > to
> > > | receive a proxy callback,
> > > you will need to change this bean declaration (or add additional
> > > declarations).
> > > +-->
> > > <bean
> > > class="
> > > org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
> > > />
> > > </list>
> > > </property>
> > >
> > > <!--
> > > | Whereas CredentialsToPrincipalResolvers
> > > identify who it is some Credentials might authenticate,
> > > | AuthenticationHandlers actually authenticate
> > > credentials. Here we declare the AuthenticationHandlers that
> > > | authenticate the Principals that the
> > > CredentialsToPrincipalResolvers identified. CAS will try these handlers in
> > > turn
> > > | until it finds one that both supports the
> > > Credentials presented and succeeds in authenticating.
> > > +-->
> > > <property name="authenticationHandlers">
> > > <list>
> > > <!--
> > > | This is the authentication
> > > handler that authenticates services by means of callback via SSL, thereby
> > > validating
> > > | a server side SSL
> > > certificate.
> > > +-->
> > > <bean
> > > class="
> > > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> > > />
> > >
> > > <!--
> > > | This is the authentication
> > > handler declaration that every CAS deployer will need to change before
> > > deploying CAS
> > > | into production. The
> > > default SimpleTestUsernamePasswordAuthenticationHandler authenticates
> > > UsernamePasswordCredentials
> > > | where the username equals
> > > the password. You will need to replace this with an AuthenticationHandler
> > > that implements your
> > > | local authentication
> > > strategy. You might accomplish this by coding a new such handler and
> > > declaring
> > > |
> > > edu.someschool.its.cas.MySpecialHandler here, or you might use one of
> > > the handlers provided in the adaptors modules.
> > > +-->
> > > <bean class="
> > > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler ">
> > > <property name="filter"
> > > value="sAMAccountName=%u" />
> > > <property name="searchBase"
> > > value="[DELETED]" />
> > > <property name="contextSource"
> > > ref="contextSource" />
> > > <property
> > > name="ignorePartialResultException" value="yes" /> <!-- fix because of how
> > > AD returns results -->
> > > </bean>
> > >
> > >
> > > </list>
> > > </property>
> > > </bean>
> > >
> > > <bean id="contextSource" class="
> > > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
> > > <property name="anonymousReadOnly" value="false" />
> > > <property name="pooled" value="true" />
> > > <property name="urls">
> > > <list>
> > > <value>ldap://[DELETED]</value>
> > > </list>
> > > </property>
> > > <property name="userName" value="[DELETED]" />
> > > <property name="password" value="[DELETED]" />
> > > <property name="baseEnvironmentProperties">
> > > <map>
> > > <entry>
> > > <key><value>
> > > java.naming.security.protocol</value></key>
> > > <value>ssl</value>
> > > </entry>
> > > <entry>
> > > <key><value>
> > > java.naming.security.authentication</value></key>
> > > <value>simple</value>
> > > </entry>
> > > </map>
> > > </property>
> > > </bean>
> > >
> > > </beans>
> > >
> > > On 12/4/07, Jonathan Hayward http://JonathansCorner.com <christos.jonathan.hayward at gmail.com >
> > > wrote:
> > > >
> > > > I was working with a fresh copy, and got the following error after
> > > > changing the root pom.xml file by inserting the requested dependency
> > > > before the others. The error also occurs if I insert it at the end, and it
> > > > builds if I comment the dependency out. cas-server-support-ldap only depends
> > > > on the core.
> > > >
> > > > What would I have done to
> > > >
> > > > $ mvn -Dmaven.test.skip=true clean package install
> > > > [INFO] Scanning for projects...
> > > > [INFO]
> > > > ------------------------------------------------------------------------
> > > > [ERROR] BUILD FAILURE
> > > > [INFO]
> > > > ------------------------------------------------------------------------
> > > > [INFO] The projects in the reactor contain a cyclic reference: Edge
> > > > between 'Vertex{label='org.jasig.cas:cas-server-support-ldap ' }'
> > > > and 'Vertex{label='org.jasig.cas:cas-server-support-ldap'}'
> > > > introduces to cycle in the graph org.jasig.c
> > > > as:cas-server-support-ldap --> org.jasig.cas:cas-server-support-ldap
> > > > [INFO]
> > > > ------------------------------------------------------------------------
> > > > [INFO] For more information, run Maven with the -e switch
> > > > [INFO]
> > > > ------------------------------------------------------------------------
> > > > [INFO] Total time: < 1 second
> > > > [INFO] Finished at: Tue Dec 04 13:33:44 CST 2007
> > > > [INFO] Final Memory: 1M/3M
> > > > [INFO]
> > > > ------------------------------------------------------------------------
> > > >
> > > > On Dec 4, 2007 12:44 PM, Scott Battaglia < scott.battaglia at gmail.com>
> > > > wrote:
> > > >
> > > > > If its still authenticating username/username that means that your
> > > > > deployerConfigContext.xml in
> > > > > cas-server-webapp/src/main/webapp/WEB-INF has not been updated or you've
> > > > > deployed an incorrect WAR file.
> > > > >
> > > > > -Scott
> > > > >
> > > > >
> > > > > On Dec 4, 2007 11:41 AM, Jonathan Hayward
> > > > > http://JonathansCorner.com <http://jonathanscorner.com/> <christos.jonathan.hayward at gmail.com >
> > > > > wrote:
> > > > >
> > > > > > I had some initial issues with a web proxy handing Maven a
> > > > > > "Please authenticate yourself" redirect when Maven tried to download its
> > > > > > first XML file. Those are solved now.
> > > > > >
> > > > > > After that, I tried a rebuild, wiped Liferay's tmp directory,
> > > > > > and bounced Liferay. It's still authenticating username/username rather than
> > > > > > password/password.
> > > > > >
> > > > > >
> > > > > > On Dec 3, 2007 10:03 PM, Scott Battaglia <
> > > > > > scott.battaglia at gmail.com> wrote:
> > > > > >
> > > > > > > If you have correctly added the cas-server-support-ldap to the
> > > > > > > cas-server-webapp/pom.xml all you should need to do is run
> > > > > > > mvn -Dmaven.test.skip=true clean package install
> > > > > > >
> > > > > > > Then you'll find the war with the correct jars in
> > > > > > > cas-server-webapp/target/cas.war
> > > > > > >
> > > > > > > You'll want to delete any cas directory in the Tomcat webapps
> > > > > > > just to make sure your new one gets deployed correctly.
> > > > > > >
> > > > > > > -Scott
> > > > > > >
> > > > > > >
> > > > > > > On Dec 3, 2007 5:44 PM, Jonathan Hayward
> > > > > > > http://JonathansCorner.com <http://jonathanscorner.com/> <christos.jonathan.hayward at gmail.com>
> > > > > > > wrote:
> > > > > > >
> > > > > > > > I had already placed that in the webapp pom.xml, modulo a
> > > > > > > > variable interpolation for the groupId. I tried adding the jar to the CAS
> > > > > > > > WEB-INF/lib directory; I can't tell any improvement in the behaviour.
> > > > > > > >
> > > > > > > > Are there other possibilities?
> > > > > > > >
> > > > > > > > On Dec 3, 2007 4:15 PM, Dale Ogilvie <
> > > > > > > > Dale.Ogilvie at trimble.co.nz> wrote:
> > > > > > > >
> > > > > > > >
> > > > > > > > > The missing class will be defined in
> > > > > > > > > cas-server-support-ldap. Adding this dependency to the webapp
> > > > > > > > > pom.xml should include it in the built cas.jar
> > > > > > > > >
> > > > > > > > > *-* <dependency>
> > > > > > > > > * * <groupId> *org.jasig.cas*</groupId>
> > > > > > > > > * * <artifactId> *cas-server-support-ldap*</artifactId>
> > > > > > > > > * * <version> *${project.version}*</version>
> > > > > > > > > </dependency>
> > > > > > > > >
> > > > > > > > > Or, as a quick fix you could copy
> > > > > > > > > cas-server-support-ldap-3.1.1.jar to the cas WEB-INF/lib
> > > > > > > > > directory on the app server.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > ------------------------------
> > > > > > > > > *From:* cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu]
> > > > > > > > > *On Behalf Of *Jonathan Hayward http://JonathansCorner.com<http://jonathanscorner.com/>
> > > > > > > > >
> > > > > > > > > * Sent:* Tuesday, 4 December 2007 10:30 a.m.
> > > > > > > > > *To:* Yale CAS mailing list
> > > > > > > > > *Subject:* Re: Username/password authentication
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > I ran through that and got an error on trying to log in
> > > > > > > > > to CAS:
> > > > > > > > >
> > > > > > > > > CAS is Unavailable
> > > > > > > > >
> > > > > > > > > There was a fatal error initializing the CAS application
> > > > > > > > > context. This is almost always because of an error in the Spring bean
> > > > > > > > > configuration files. Are the files valid XML? Do the beans they refer to all
> > > > > > > > > exist?
> > > > > > > > >
> > > > > > > > > Before placing CAS in production, you should change this
> > > > > > > > > page to present a UI appropriate for the case where the CAS web application
> > > > > > > > > is fundamentally broken. Perhaps "Sorry, CAS is currently unavailable." with
> > > > > > > > > some links to your user support information.
> > > > > > > > >
> > > > > > > > > The Throwable encountered at context listener
> > > > > > > > > initialization was:
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > org.springframework.beans.factory.BeanDefinitionStoreException:
> > > > > > > > > Error registering bean with name 'contextSource' defined in ServletContext
> > > > > > > > > resource [/WEB-INF/deployerConfigContext.xml]: Bean class [
> > > > > > > > > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource]
> > > > > > > > > not found; nested exception is
> > > > > > > > > java.lang.ClassNotFoundException:
> > > > > > > > > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource
> > > > > > > > >
> > > > > > > > > The Throwable encountered at dispatcher servlet
> > > > > > > > > initialization was:
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > org.springframework.beans.factory.BeanDefinitionStoreException:
> > > > > > > > > Error registering bean with name 'contextSource' defined in ServletContext
> > > > > > > > > resource [/WEB-INF/deployerConfigContext.xml]: Bean class [
> > > > > > > > > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource]
> > > > > > > > > not found; nested exception is
> > > > > > > > > java.lang.ClassNotFoundException:
> > > > > > > > > org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource
> > > > > > > > > I built it incorporating changes from http://www.ja-sig.org/wiki/display/CAS/Examples+to+Configure+CAS
> > > > > > > > > and http://www.ja-sig.org/wiki/display/CASUM/LDAP .
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > _______________________________________________
> > > > > > > > > Yale CAS mailing list
> > > > > > > > > cas at tp.its.yale.edu
> > > > > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > --
> > > > > > > > ++ Jonathan Hayward, jonathan.hayward at pobox.com
> > > > > > > > ** To see an award-winning website with stories, essays,
> > > > > > > > artwork,
> > > > > > > > ** games, and a four-dimensional maze, why not visit my home
> > > > > > > > page?
> > > > > > > > ** All of this is waiting for you at http://JonathansCorner.com
> > > > > > > > <http://jonathanscorner.com/>
> > > > > > > >
> > > > > > > > _______________________________________________
> > > > > > > > Yale CAS mailing list
> > > > > > > > cas at tp.its.yale.edu
> > > > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > >
> > > > > > > -Scott Battaglia
> > > > > > >
> > > > > > > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > Yale CAS mailing list
> > > > > > > cas at tp.its.yale.edu
> > > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > ++ Jonathan Hayward, jonathan.hayward at pobox.com
> > > > > > ** To see an award-winning website with stories, essays,
> > > > > > artwork,
> > > > > > ** games, and a four-dimensional maze, why not visit my home
> > > > > > page?
> > > > > > ** All of this is waiting for you at http://JonathansCorner.com<http://jonathanscorner.com/>
> > > > > >
> > > > > > _______________________________________________
> > > > > > Yale CAS mailing list
> > > > > > cas at tp.its.yale.edu
> > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > -Scott Battaglia
> > > > >
> > > > > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > > > >
> > > > > _______________________________________________
> > > > > Yale CAS mailing list
> > > > > cas at tp.its.yale.edu
> > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > ++ Jonathan Hayward, jonathan.hayward at pobox.com
> > > > ** To see an award-winning website with stories, essays, artwork,
> > > > ** games, and a four-dimensional maze, why not visit my home page?
> > > > ** All of this is waiting for you at http://JonathansCorner.com
> > > > <http://jonathanscorner.com/>
> > > >
> > >
> > >
> > >
> > > --
> > > ++ Jonathan Hayward, jonathan.hayward at pobox.com
> > > ** To see an award-winning website with stories, essays, artwork,
> > > ** games, and a four-dimensional maze, why not visit my home page?
> > > ** All of this is waiting for you at http://JonathansCorner.com
> > >
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> > >
> >
> >
> > --
> > -Scott Battaglia
> >
> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
>
>
> --
> ++ Jonathan Hayward, jonathan.hayward at pobox.com
> ** To see an award-winning website with stories, essays, artwork,
> ** games, and a four-dimensional maze, why not visit my home page?
> ** All of this is waiting for you at http://JonathansCorner.com
>
--
++ Jonathan Hayward, jonathan.hayward at pobox.com
** To see an award-winning website with stories, essays, artwork,
** games, and a four-dimensional maze, why not visit my home page?
** All of this is waiting for you at http://JonathansCorner.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20071204/7e259865/attachment-0001.html
More information about the cas
mailing list