Proxy Granting Tickets (PGT tickets) + JDBCTicketRegistry + Cas Server 3.0.7

Wed Jun 4 00:50:45 EDT 2008

Hi Everyone,

In my project, we use Cas Server 3.0.7. Since we have a clustered environment we are using JDBCTicketRegistry as documented on CAS confluence. 

I am trying to secure remote invocations from App A to App B by relying on the proxy ticket. The problem is that the CAS server always errors out with the exception given below. The basic problem is that although the CAS Server webapp is generating and passing the PGTIOU ticket, it is never saved in the database. When App B tries to authenticate the user with the PGTIOU ticket, since it is not present in the database, the JdbcTicketRegistry class creates an expired ticket. All this is happening in my development desktop and there is no clustering in there.

I have the following queries:
1 - Since database is not used for storing PGTIOUs, why is CAS trying to read it from JDBCTicketRegistry on validation? Am I doing something wrong?
2 - How can I configure/customize CAS to use JDBCTicketRegistry for proxy tickets as well

Thanks
Rahul
\
PS: Please ignore the ClassCastException for org.jasig.cas.modules.ticket.JdbcTicketRegistry$ExpiredTicketImpl. The root problem is that the JdbcTicketRegistry is being invoked but the ticket was never saved in the database in the first place. I also confirmed this by debugging the registry and seeing all the tickets that were saved using it.

[6/4/08 0:12:36:185 EDT] 00000048 ServletWrappe E   SRVE0068E: Could not invoke the service() method on servlet cas. Exception thrown : org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.ClassCastException: Ticket [PGTIOU-2-GgOQjXvaUrBrEsVaoShObWVlbnbSAqr9wgK-localhost is of type class org.jasig.cas.modules.ticket.JdbcTicketRegistry$ExpiredTicketImpl when we were expecting interface org.jasig.cas.ticket.ServiceTicket
Caused by: java.lang.ClassCastException: Ticket [PGTIOU-2-GgOQjXvaUrBrEsVaoShObWVlbnbSAqr9wgK-localhost is of type class org.jasig.cas.modules.ticket.JdbcTicketRegistry$ExpiredTicketImpl when we were expecting interface org.jasig.cas.ticket.ServiceTicket
 at org.jasig.cas.ticket.registry.AbstractTicketRegistry.getTicket(AbstractTicketRegistry.java:42)
 at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:198)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:85)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:58)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
 at java.lang.reflect.Method.invoke(Method.java:391)
 at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:299)
 at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:172)
 at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:139)
 at org.jasig.cas.event.advice.CentralAuthenticationServiceMethodInterceptor.invoke(CentralAuthenticationServiceMethodInterceptor.java:41)
 at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)
 at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
 at $Proxy1.delegateTicketGrantingTicket(Unknown Source)
 at org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:159)
 at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
 at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
 at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:819)
 at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:754)
 at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:399)
 at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:354)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
 at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
 at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1572)
 at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:762)
 at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:89)
 at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1924)
 at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:112)
 at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:472)
 at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:411)
 at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:288)
 at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:950)
 at com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyReadCompletedCallback.complete(SSLConnectionLink.java:582)
 at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1704)
 at com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java:566)
 at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java:619)
 at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java:952)
 at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java:1039)
 at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1471)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080604/df21ba2f/attachment.html 