J'utilise CAS 5.2.0-RC3 pour authentifier les utilisateurs (en utilisant un fournisseur d'authentification REST). En ce moment, je suis passé aux services de repos simulés pour déboguer.CAS 5.2.0-RC3 Rest Webflow de gestion de mot de passe
Lors du renvoi d'un code HTTP 428 (forcer un changement de mot de passe), j'obtiens une erreur Webflow. Je souhaite que le changement de mot de passe soit également géré par un point de terminaison REST. Ai-je besoin d'ajouter un état d'action pour handleauthenticationfailure avec un paquet de transitions dans mon login-webflow.xml? Est-ce que CAS ne devrait pas faire ça pour moi?
Exception (sans superposition login-webflow.xml):
WHO: casuser
WHAT: Supplied credentials: [casuser]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Thu Oct 12 10:20:39 CEST 2017
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=============================================================
>
2017-10-12 10:20:39,711 ERROR [org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/cas].[dispatcherServlet]] - <Servlet.service() for servlet [dispatcherServlet] in context with path [/cas] threw exception [Request processing failed; nested exception is org.springframework.webflow.execution.FlowExecutionException: Exception thrown in state 'handleAuthenticationFailure' of flow 'login'] with root cause>
java.lang.IllegalArgumentException: Cannot find state with id 'casMustChangePassView' in flow 'login' -- Known state ids are 'array<String>['initialAuthenticationRequestValidationCheck', 'ticketGrantingTicketCheck', 'initializeLoginForm', 'viewLoginForm', 'realSubmit', 'showAuthenticationWarningMessages', 'sendTicketGrantingTicket', 'viewRedirectToUnauthorizedUrlView', 'viewServiceErrorView', 'redirectView', 'postView', 'headerView', 'viewGenericLoginSuccess', 'showWarningView', 'finalizeWarning', 'serviceUnauthorizedCheck', 'serviceCheck', 'warn', 'gatewayRequestCheck', 'hasServiceCheck', 'renewRequestCheck', 'generateServiceTicket', 'terminateSession', 'gatewayServicesManagementCheck', 'serviceAuthorizationCheck', 'redirect', 'handleAuthenticationFailure', 'casAuthenticationBlockedView', 'casBadWorkstationView', 'casBadHoursView', 'casAccountLockedView', 'casAccountDisabledView', 'casPasswordUpdateSuccess', 'passwordChangeAction', 'casExpiredPassView', 'casResetPasswordSendInstructionsView', 'sendInstructions', 'casResetPasswordSentInstructionsView']'
at org.springframework.webflow.engine.Flow.getStateInstance(Flow.java:342) ~[spring-webflow-2.4.5.RELEASE.jar!/:2.4.5.RELEASE]
at org.springframework.webflow.engine.support.DefaultTargetStateResolver.resolveTargetState(DefaultTargetStateResolver.java:60) ~[spring-webflow-2.4.5.RELEASE.jar!/:2.4.5.RELEASE]
at org.springframework.webflow.engine.Transition.execute(Transition.java:218) ~[spring-webflow-2.4.5.RELEASE.jar!/:2.4.5.RELEASE]
at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) ~[spring-webflow-2.4.5.RELEASE.jar!/:2.4.5.RELEASE]
at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) ~[spring-webflow-2.4.5.RELEASE.jar!/:2.4.5.RELEASE]
Comme on le voit ici sur la liste de diffusion, https://www.mail-archive.com/[email protected]/msg03913.html
Je l'ai fait à un moment donné d'ajouter cette action-état et correspondant état final/état de vue.
La page se chargerait, mais j'obtiendrais l'erreur m'indiquant que la transition de soumission pour cet état n'a pas été trouvée dans la liste d'états, quand je soumettrais la page.
Je n'ai qu'une connaissance rudimentaire du printemps.
Mes application.properties:
##
#This is a test comment
# CAS Server Context Configuration
#
server.context-path=/cas
server.port=8443
#server.ssl.key-store=file:/etc/cas/thekeystore
#server.ssl.key-store-password=changeit
#server.ssl.key-password=changeit
# server.ssl.ciphers=
# server.ssl.client-auth=
# server.ssl.enabled=
# server.ssl.key-alias=
# server.ssl.key-store-provider=
# server.ssl.key-store-type=
# server.ssl.protocol=
# server.ssl.trust-store=
# server.ssl.trust-store-password=
# server.ssl.trust-store-provider=
# server.ssl.trust-store-type=
server.max-http-header-size=2097152
server.use-forward-headers=true
server.connection-timeout=20000
server.error.include-stacktrace=NEVER
server.tomcat.max-http-post-size=2097152
server.tomcat.basedir=build/tomcat
server.tomcat.accesslog.enabled=true
server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms)
server.tomcat.accesslog.suffix=.log
server.tomcat.max-threads=10
server.tomcat.port-header=X-Forwarded-Port
server.tomcat.protocol-header=X-Forwarded-Proto
server.tomcat.protocol-header-https-value=https
server.tomcat.remote-ip-header=X-FORWARDED-FOR
server.tomcat.uri-encoding=UTF-8
spring.http.encoding.charset=UTF-8
spring.http.encoding.enabled=true
spring.http.encoding.force=true
##
# CAS Cloud Bus Configuration
#
spring.cloud.bus.enabled=false
# spring.cloud.bus.refresh.enabled=true
# spring.cloud.bus.env.enabled=true
# spring.cloud.bus.destination=CasCloudBus
# spring.cloud.bus.ack.enabled=true
endpoints.enabled=false
endpoints.sensitive=true
endpoints.restart.enabled=false
endpoints.shutdown.enabled=false
management.security.enabled=true
management.security.roles=ACTUATOR,ADMIN
management.security.sessions=if_required
management.context-path=/status
management.add-application-context-header=false
security.basic.authorize-mode=role
security.basic.enabled=false
security.basic.path=/cas/status/**
##
# CAS Web Application Session Configuration
#
server.session.timeout=300
server.session.cookie.http-only=true
server.session.tracking-modes=COOKIE
##
# CAS Thymeleaf View Configuration
#
spring.thymeleaf.encoding=UTF-8
spring.thymeleaf.cache=true
spring.thymeleaf.mode=HTML
##
# CAS Log4j Configuration
#
# logging.config=file:/etc/cas/log4j2.xml
server.context-parameters.isLog4jAutoInitializationDisabled=true
##
# CAS AspectJ Configuration
#
spring.aop.auto=true
spring.aop.proxy-target-class=true
cas.webflow.autoconfigure=true
##
# CAS Authentication Credentials
#
#cas.authn.accept.users=casuser::Mellon
cas.authn.rest.uri=http://demo5038781.mockable.io/test_cas
cas.authn.rest.passwordEncoder.type=NONE
cas.authn.pm.enabled=true
cas.authn.pm.reset.securityQuestionsEnabled=false
cas.authn.pm.rest.endpointUrlEmail=http://demo0014279.mockable.io/test_cas
cas.authn.pm.rest.endpointUrlChange=http://demo7912226.mockable.io/test_cas
Mon pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd ">
<modelVersion>4.0.0</modelVersion>
<groupId>de.kaso.itp</groupId>
<artifactId>cas-overlay</artifactId>
<packaging>war</packaging>
<version>1.0</version>
<build>
<plugins>
<plugin>
<groupId>com.rimerosolutions.maven.plugins</groupId>
<artifactId>wrapper-maven-plugin</artifactId>
<version>0.0.4</version>
<configuration>
<verifyDownload>true</verifyDownload>
<checksumAlgorithm>MD5</checksumAlgorithm>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>${springboot.version}</version>
<configuration>
<mainClass>org.springframework.boot.loader.WarLauncher</mainClass>
<addResources>true</addResources>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>2.6</version>
<configuration>
<warName>cas</warName>
<failOnMissingWebXml>false</failOnMissingWebXml>
<recompressZippedFiles>false</recompressZippedFiles>
<archive>
<compress>false</compress>
<manifestFile>${project.build.directory}/war/work/org.apereo.cas/cas-server-webapp${app.server}/META-INF/MANIFEST.MF
</manifestFile>
</archive>
<overlays>
<overlay>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp${app.server}</artifactId>
</overlay>
</overlays>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.3</version>
</plugin>
</plugins>
<finalName>cas</finalName>
</build>
<dependencies>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp${app.server}</artifactId>
<version>${cas.version}</version>
<type>war</type>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-rest-authentication</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-pm</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-pm-rest</artifactId>
<version>${cas.version}</version>
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-pm-webflow</artifactId>
<version>${cas.version}</version>
</dependency>
</dependencies>
<properties>
<cas.version>5.2.0-RC3</cas.version>
<springboot.version>1.5.7.RELEASE</springboot.version>
<!-- app.server could be -jetty, -undertow, -tomcat, or blank if you plan
to provide appserver -->
<app.server>-tomcat</app.server>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<repositories>
<repository>
<id>sonatype-releases</id>
<url>http://oss.sonatype.org/content/repositories/releases/</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
<releases>
<enabled>true</enabled>
</releases>
</repository>
<repository>
<id>sonatype-snapshots</id>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
<snapshots>
<enabled>true</enabled>
</snapshots>
<releases>
<enabled>false</enabled>
</releases>
</repository>
<repository>
<id>shibboleth-releases</id>
<url>https://build.shibboleth.net/nexus/content/repositories/releases</url>
</repository>
<repository>
<id>spring-milestones</id>
<url>https://repo.spring.io/milestone</url>
</repository>
</repositories>
<profiles>
<profile>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
<id>pgp</id>
<build>
<plugins>
<plugin>
<groupId>com.github.s4u.plugins</groupId>
<artifactId>pgpverify-maven-plugin</artifactId>
<version>1.1.0</version>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
<configuration>
<pgpKeyServer>hkp://pool.sks-keyservers.net</pgpKeyServer>
<pgpKeysCachePath>${settings.localRepository}/pgpkeys-cache</pgpKeysCachePath>
<scope>test</scope>
<verifyPomFiles>true</verifyPomFiles>
<failNoSignature>false</failNoSignature>
</configuration>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>
Merci beaucoup pour votre réponse !! Donc, en un mot, cette fonctionnalité a été publiée comme je l'ai posté (en v5.1.5)? J'ai cherché l'interwebz une tonne mais j'ai manqué la page pour la demande de traction. Merci de votre aide! Vous êtes génial! Edit: v5.1.5 a une bien meilleure structure de code pour les classes de support pm. Gloire! – fermatsmargin
Le PR est étiqueté pour 5.2.0 RC4; Je ne me souviens pas si le changement a été rétroporté en 5.1.x; c'était probablement. Essayez avec 5.1.5 en ce moment et voyez si vous remarquez la différence. –