Announcement Announcement Module
Collapse
No announcement yet.
404 error with /j_spring_cas_security_check using SWF + Spring Security + CAS Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • 404 error with /j_spring_cas_security_check using SWF + Spring Security + CAS

    Spring web flow - 2.3.0.RELEASE
    Spring security - 3.0.4.RELEASE
    Spring - 3.0.4.RELEASE
    Spring CAS Client - 3.0.4.RELEASE
    CAS - 3.4.2

    I have run into a problem integrating Spring web flow using spring security with CAS. There is a problem with the handshake between CAS Server and CAS Client (using spring security).

    On accessing the secured resource, I am redirected to the CAS sever which generates a service ticket after successful login and CAS server redirects to the URL defined in the service properties bean which is /app/j_spring_cas_security_check which is the filterProcessesUrl set on the CasAuthenticationFilter bean.

    The URL looks something like
    PHP Code:
    http://localhost:8888/acme/app/j_spring_cas_security_check?ticket=ST-4-em0DC5e6ddbETKAATTri-cas 
    However I get a 404 while trying to access /app/j_spring_cas_security_check, check the above URL, I am not sure what could be wrong, any help will be appreciated.

    Please find the web.xml and spring security config below.

    WEB.XML
    Code:
       <!-- Enables Spring Security -->
       <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>
    	 
        <filter-mapping>
          <filter-name>springSecurityFilterChain</filter-name>
          <url-pattern>/*</url-pattern>
    	  <dispatcher>FORWARD</dispatcher>
              <dispatcher>REQUEST</dispatcher>
        </filter-mapping>
    
    	
    <!-- SSO Entry start -->
        <context-param>
            <param-name>webAppRootKey</param-name>
            <param-value>cas.root</param-value>
        </context-param>
     
        <filter>
           <filter-name>CAS Single Sign Out Filter</filter-name>
           <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
        </filter>
         
        <filter-mapping>
           <filter-name>CAS Single Sign Out Filter</filter-name>
           <url-pattern>/*</url-pattern>
        </filter-mapping>
    	
        <listener>
            <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
        </listener>
    
       <error-page>
            <error-code>403</error-code>
            <location>/app/casfailed</location>
        </error-page>	
    	
        <!-- SSO Entry end -->
         
         <!-- The front controller of this Spring Web application, responsible for handling all application requests -->
    	<servlet>
    		<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
    		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    		<init-param>
    			<param-name>contextConfigLocation</param-name>
    			<param-value></param-value>
    		</init-param>
    		<load-on-startup>2</load-on-startup>
    	</servlet>
    		
    	<!-- Map all /spring requests to the Dispatcher Servlet for handling -->
    	<servlet-mapping>
    		<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
    		<url-pattern>/app/*</url-pattern>
    	</servlet-mapping>
    security-config.xml

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
    	xsi:schemaLocation="
               http://www.springframework.org/schema/beans
               http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
               http://www.springframework.org/schema/security
               http://www.springframework.org/schema/security/spring-security-3.0.xsd">
    
    	<security:http entry-point-ref="casProcessingFilterEntryPoint" use-expressions="true" access-denied-page="/app/casfailed" auto-config="true">
    		<security:intercept-url pattern="/app/casfailed" access="permitAll()" requires-channel="any" />
    		<security:intercept-url pattern="/app/cas-logout" access="permitAll()" requires-channel="any" />
    		<security:intercept-url pattern="/app/**" access="hasAnyRole('ROLE_USER')" requires-channel="any" />	
    		<security:logout logout-success-url="/app/cas-logout" />
    		
    		<security:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter" />
    	</security:http>
    
    	<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">	
    		<property name="filterProcessesUrl" value="/app/j_spring_cas_security_check" />
    		<property name="authenticationManager" ref="authenticationManager" />
    		<property name="authenticationFailureHandler">
    			<bean
    				class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
    				<property name="defaultFailureUrl" value="/app/casfailed" />
    			</bean>
    		</property>
    		<property name="authenticationSuccessHandler">
    		<bean  class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
    				<property name="defaultTargetUrl" value="/app/home" />
    			</bean>
    		</property>		
    	</bean>
    
    	<bean id="casProcessingFilterEntryPoint"
    		class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
    		<property name="loginUrl" value="https://localhost:8446/cas/login" />
    		<property name="serviceProperties" ref="serviceProperties" />
    	</bean>
    
    	<bean id="casAuthenticationProvider"
    		class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
    		<property name="userDetailsService" ref="userService" />
    		<property name="serviceProperties" ref="serviceProperties" />
    		<property name="ticketValidator">
    			<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
    				<constructor-arg index="0" value="https://localhost:8446/cas" />			
    			</bean>
    		</property>
    		<property name="key" value="an_id_for_this_auth_provider_only" />
    	</bean>
    
    	<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
    		<property name="service"
    			value="http://localhost:8888/acme/app/j_spring_cas_security_check" />
    		<property name="sendRenew" value="false" />
    	</bean>
    	
    
    	<security:authentication-manager alias="authenticationManager">
    		<security:authentication-provider ref="casAuthenticationProvider"/>
    	</security:authentication-manager>
    	
    	<security:user-service id="userService">
    		<security:user name="rod" password="rod" authorities="ROLE_SUPERVISOR,ROLE_USER" />
    		<security:user name="demo" password="demo" authorities="ROLE_USER" />
    		<security:user name="scott" password="scott" authorities="ROLE_USER" />
    	</security:user-service>
    
    </beans>

  • #2
    What do the spring security debug logs look like?

    Comment


    • #3
      There is not much information after the redirect to CAS..

      PHP Code:
      DEBUGorg.springframework.security.web.access.ExceptionTranslationFilter Access is denied (user is anonymous); redirecting to authentication entry point
      org
      .springframework.security.access.AccessDeniedExceptionAccess is denied
          at org
      .springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71)
          
      at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:203)
          
      at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106)
          
      at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
          
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
          
      at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
          
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
          
      at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)
          
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
          
      at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78)
          
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
          
      at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
          
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
          
      at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)
          
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
          
      at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177)
          
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
          
      at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91)
          
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
          
      at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
          
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
          
      at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
          
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
          
      at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
          
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
          
      at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
          
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
          
      at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:109)
          
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378)
          
      at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:167)
          
      at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
          
      at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
          
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          
      at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
          
      at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
          
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
          
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
          
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
          
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
          
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
          
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857)
          
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
          
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
          
      at java.lang.Thread.run(Thread.java:595)
      DEBUGorg.springframework.security.web.savedrequest.HttpSessionRequestCache DefaultSavedRequest added to SessionDefaultSavedRequest[http://localhost:8888/acme/app/home]
      DEBUGorg.springframework.security.web.access.ExceptionTranslationFilter Calling Authentication entry point.
      DEBUGorg.springframework.security.web.context.SecurityContextPersistenceFilter SecurityContextHolder now cleared, as request processing completed 

      Comment


      • #4
        Please include the logs that contain the j_spring_cas_security_check url

        Comment


        • #5
          For some strange reason after the redirect from the CAS server to the web application, there is no log for the /j_spring_cas_security_check and after the redirect any request to the web application returns 404 error.

          Comment


          • #6
            What is your full web.xml? Are you by chance using URLRewriteFilter? What do the redirects look like (use tamper data to obtain them)?
            Last edited by Rob Winch; Nov 2nd, 2011, 03:26 PM.

            Comment


            • #7
              What is your full web.xml? Are you by chance using URLRewriteFilter? What do the redirects look like (use tamper data to obtain them)?
              There is no URLRewriteFilters declared in the web.xml

              The request life cycle looks like this
              1) http://localhost:8888/acme
              2 http://localhost:8888/acme/app/home
              3)https://localhost:8446/cas/login?ser...security_check ( Brings up CAS login Screen)
              4) https://localhost:8446/cas/login?ser...p%2Fapp%2Fj_sp...
              with submit parameters with SSO login credentials (After submitting CAS login credentials)
              5) http://localhost:8888/acme/app/j_spr...kHy7VdEwbGSHcH..
              (After successful authentication on CAS)
              6) 404 for above URL

              Strangely neither DelegatingFilterProxy nor DispatcherServlet is picking up the URL pattern and there are no debug logs, it seems suddenly tomcat has suddenly stopped responding for applications deployed on tomcat.

              However if I goto tomcat manager and click on the deployed applications link - I can see tomcat response but after the CAS redirects, it just goes dead again.

              I may have to check if the switching from secure channel (https) to unsecured channel (http) is leading to such erroneous behavior on tomcat.

              Any help will be greatly appreciated.

              Thanks,
              Vijay


              WEB.XML
              Code:
              <?xml version="1.0" encoding="ISO-8859-1"?>
              <web-app xmlns="http://java.sun.com/xml/ns/j2ee"
              	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              	xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
              	version="2.4">
              
              	<!-- The master configuration file for this Spring web application -->
              	<context-param>
              		<param-name>contextConfigLocation</param-name>
              		<param-value>
              			/WEB-INF/config/web-application-config.xml
              		</param-value>
              	</context-param>
              	
              	<!-- Use JSF view templates saved as *.xhtml, for use with Facelets -->
              	<context-param>
              		<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
              		<param-value>.xhtml</param-value>
              	</context-param>
              	
              	<!-- Enables special Facelets debug output during development -->
                	<context-param>
                      <param-name>javax.faces.PROJECT_STAGE</param-name>
                 		<param-value>Development</param-value>
                	</context-param>
                	
                	<!-- Causes Facelets to refresh templates during development -->
                	<context-param>
                		<param-name>javax.faces.FACELETS_REFRESH_PERIOD</param-name>
                		<param-value>1</param-value>
                	</context-param>
                	<context-param>
              		<param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
              		<param-value>true</param-value>
              	</context-param>
              	
              
              	<!--
              		Uncomment this to disable partial state saving when using Apache MyFaces 2 !!
              	<context-param>
              		<param-name>javax.faces.PARTIAL_STATE_SAVING</param-name>
              		<param-value>false</param-value>
              	</context-param>
              	-->
              
                	
                	<!-- Declare Spring Security Facelets tag library -->
                	<context-param>
                		<param-name>javax.faces.FACELETS_LIBRARIES</param-name>
                		<param-value>/WEB-INF/springsecurity.taglib.xml</param-value>
                	</context-param>
                	
                  <!-- Enforce UTF-8 Character Encoding -->
                  <filter>
                      <filter-name>charEncodingFilter</filter-name>
                      <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
                      <init-param>
                          <param-name>encoding</param-name>
                          <param-value>UTF-8</param-value>
                      </init-param>
                      <init-param>
                          <param-name>forceEncoding</param-name>
                          <param-value>true</param-value>
                      </init-param>
                  </filter>
                  
                  <filter-mapping>
                      <filter-name>charEncodingFilter</filter-name>
                      <url-pattern>/*</url-pattern>
                  </filter-mapping>
                  
              	<!-- Enables Spring Security -->
              	<filter>
                      <filter-name>springSecurityFilterChain</filter-name>
                      <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
                  </filter>
              	 
                  <filter-mapping>
                    <filter-name>springSecurityFilterChain</filter-name>
                    <url-pattern>/*</url-pattern>
              	  <dispatcher>FORWARD</dispatcher>
                    <dispatcher>REQUEST</dispatcher>
                  </filter-mapping>
              
              	
              	<!-- SSO Entry start -->
              	<context-param>
                      <param-name>webAppRootKey</param-name>
                      <param-value>cas.root</param-value>
                  </context-param>
               
                  <filter>
                     <filter-name>CAS Single Sign Out Filter</filter-name>
                     <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
                  </filter>
                   
                  <filter-mapping>
                     <filter-name>CAS Single Sign Out Filter</filter-name>
                     <url-pattern>/*</url-pattern>
                  </filter-mapping>
              	
              	 <listener>
                      <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
                  </listener>
              
              	<error-page>
                      <error-code>403</error-code>
                      <location>/app/casfailed</location>
                  </error-page>	
              	
              	<!-- SSO Entry end -->
              
              
              	<!-- Loads the Spring web application context -->
              	<listener>
              		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
              	</listener>
                	
              	<!-- The front controller of this Spring Web application, responsible for handling all application requests -->
              	<servlet>
              		<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
              		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
              		<init-param>
              			<param-name>contextConfigLocation</param-name>
              			<param-value></param-value>
              		</init-param>
              		<load-on-startup>2</load-on-startup>
              	</servlet>
              		
              	<!-- Map all /spring requests to the Dispatcher Servlet for handling -->
              	<servlet-mapping>
              		<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
              		<url-pattern>/app/*</url-pattern>
              	</servlet-mapping>
              
              	<!-- Just here so the JSF implementation can initialize, *not* used at runtime -->
              	<servlet>
              		<servlet-name>Faces Servlet</servlet-name>
              		<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
              		<load-on-startup>1</load-on-startup>
              	</servlet>
              	
              	<!-- Just here so the JSF implementation can initialize -->
              	<servlet-mapping>
              		<servlet-name>Faces Servlet</servlet-name>
              		<url-pattern>*.faces</url-pattern>
              	</servlet-mapping>
              	
              	<welcome-file-list>
              		<welcome-file>index.html</welcome-file>
              	</welcome-file-list>
              </web-app>

              Comment


              • #8
                Are you certain you have logging enabled for FilterChainProxy? Do you see any logs if you copy paste the URL into the browser? If you add a debug point to FilterChainProxy#doFilter does it stop in that method when receiving the ticket?

                Comment


                • #9
                  I have enabled logging for spring security in log4j

                  Code:
                  log4j.logger.org.springframework.security=DEBUG
                  I see that FilterChainProxy#doFilter is called till the redirect happens ( sometimes with no logs ), after redirect there are neither logs nor does it stop at FilterChainProxy#doFilter.


                  Thanks,
                  Vijay

                  Comment


                  • #10
                    What happens if you type the URL in your browser? Did you try tamper data to see what requests are being made? Please copy paste the results from tamper data of requesting the protected page, logging into cas, and the redirect back to the original service.

                    Comment


                    • #11
                      It looks like this
                      Code:
                      15:16:47.805[20ms][total 20ms] Status: 302[Moved Temporarily]
                      GET http://localhost:8888/acme Load Flags[LOAD_DOCUMENT_URI  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[-1] Mime Type[application/x-unknown-content-type]
                         Request Headers:
                            Host[localhost:8888]
                            User-Agent[Mozilla/5.0 (Windows NT 6.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1]
                            Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
                            Accept-Language[en,fr;q=0.7,en-us;q=0.3]
                            Accept-Encoding[gzip, deflate]
                            Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
                            Connection[keep-alive]
                            Referer[http://localhost:8888/manager/html/]
                            Cookie[JSESSIONID=1121C3A6756511A8756FFFEEB4475F9F]
                         Response Headers:
                            Server[Apache-Coyote/1.1]
                            Location[http://localhost:8888/acme/]
                            Transfer-Encoding[chunked]
                            Date[Thu, 03 Nov 2011 19:16:47 GMT]
                      
                      
                      15:16:48.515[0ms][total 94ms] Status: pending[]
                      GET http://localhost:8888/acme/ Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[unknown] Mime Type[unknown]
                         Request Headers:
                            Host[localhost:8888]
                            User-Agent[Mozilla/5.0 (Windows NT 6.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1]
                            Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
                            Accept-Language[en,fr;q=0.7,en-us;q=0.3]
                            Accept-Encoding[gzip, deflate]
                            Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
                            Connection[keep-alive]
                            Referer[http://localhost:8888/manager/html/]
                            Cookie[JSESSIONID=1121C3A6756511A8756FFFEEB4475F9F]
                      
                      
                      15:16:48.615[0ms][total 0ms] Status: pending[]
                      GET http://localhost:8888/favicon.ico Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
                         Request Headers:
                            Host[localhost:8888]
                            User-Agent[Mozilla/5.0 (Windows NT 6.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1]
                            Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
                            Accept-Language[en,fr;q=0.7,en-us;q=0.3]
                            Accept-Encoding[gzip, deflate]
                            Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
                            Connection[keep-alive]
                      
                      
                      15:16:48.985[87ms][total 87ms] Status: 302[Moved Temporarily]
                      GET http://localhost:8888/acme/app/home Load Flags[LOAD_DOCUMENT_URI  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[0] Mime Type[application/x-unknown-content-type]
                         Request Headers:
                            Host[localhost:8888]
                            User-Agent[Mozilla/5.0 (Windows NT 6.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1]
                            Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
                            Accept-Language[en,fr;q=0.7,en-us;q=0.3]
                            Accept-Encoding[gzip, deflate]
                            Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
                            Connection[keep-alive]
                            Cookie[JSESSIONID=1121C3A6756511A8756FFFEEB4475F9F]
                         Response Headers:
                            Server[Apache-Coyote/1.1]
                            Location[https://localhost:8446/cas/login?service=http%3A%2F%2Flocalhost%3A8888%2Facme%2Fapp%2Fj_spring_cas_security_check]
                            Content-Length[0]
                            Date[Thu, 03 Nov 2011 19:16:49 GMT]
                      
                      
                      15:16:49.299[1022ms][total 1022ms] Status: 302[Moved Temporarily]
                      GET https://localhost:8446/cas/login?service=http%3A%2F%2Flocalhost%3A8888%2Facme%2Fapp%2Fj_spring_cas_security_check Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[0] Mime Type[application/x-unknown-content-type]
                         Request Headers:
                            Host[localhost:8446]
                            User-Agent[Mozilla/5.0 (Windows NT 6.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1]
                            Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
                            Accept-Language[en,fr;q=0.7,en-us;q=0.3]
                            Accept-Encoding[gzip, deflate]
                            Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
                            Connection[keep-alive]
                            Cookie[JSESSIONID=96C2C175D7938BAB9D04CE88D02E2CB5; CASTGC=TGT-9-stQcXv95KMl1rGdCMxlHcgVI4211geQRFYHAH4tZetwNaWpYxH-cas]
                         Response Headers:
                            Server[Apache-Coyote/1.1]
                            Pragma[no-cache]
                            Expires[Thu, 01 Jan 1970 00:00:00 GMT]
                            Cache-Control[no-cache, no-store]
                            Location[http://localhost:8888/acme/app/j_spring_cas_security_check?ticket=ST-31-aHrjwdqOOdNzeerdmkvz-cas]
                            Content-Length[0]
                            Date[Thu, 03 Nov 2011 19:16:50 GMT]
                      
                      
                      15:16:50.942[99ms][total 208ms] Status: 404[Not Found]
                      GET http://localhost:8888/acme/app/j_spring_cas_security_check?ticket=ST-31-aHrjwdqOOdNzeerdmkvz-cas Load Flags[LOAD_DOCUMENT_URI  LOAD_REPLACE  LOAD_INITIAL_DOCUMENT_URI  ] Content Size[1093] Mime Type[text/html]
                         Request Headers:
                            Host[localhost:8888]
                            User-Agent[Mozilla/5.0 (Windows NT 6.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1]
                            Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
                            Accept-Language[en,fr;q=0.7,en-us;q=0.3]
                            Accept-Encoding[gzip, deflate]
                            Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
                            Connection[keep-alive]
                         Response Headers:
                            Server[Apache-Coyote/1.1]
                            Content-Type[text/html;charset=utf-8]
                            Content-Length[1093]
                            Date[Thu, 03 Nov 2011 19:16:51 GMT]
                      
                      
                      15:16:51.154[0ms][total 0ms] Status: pending[]
                      GET http://localhost:8888/favicon.ico Load Flags[LOAD_NORMAL] Content Size[unknown] Mime Type[unknown]
                         Request Headers:
                            Host[localhost:8888]
                            User-Agent[Mozilla/5.0 (Windows NT 6.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1]
                            Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
                            Accept-Language[en,fr;q=0.7,en-us;q=0.3]
                            Accept-Encoding[gzip, deflate]
                            Accept-Charset[ISO-8859-1,utf-8;q=0.7,*;q=0.7]
                            Connection[keep-alive]

                      Comment


                      • #12
                        Try updating all the Spring Security jars to the latest version (3.0.7.RELEASE). If that doesn't help....I know you said the Spring Security logs do not help, but please enable them and post them to the thread for the exact same flow as you posted the tamper data logs. You might also try enabling logs for the cas server too.

                        Comment

                        Working...
                        X