Ticket #666 (closed clarification: fixed)

Opened 5 years ago

Last modified 5 years ago

cas problems with no webhead

Reported by: russ Assigned to: russ
Priority: critical Milestone:
Component: ambra Version: 0.8
Keywords: Cc:
Blocking: Blocked By:

Description

i upgraded plosone and topaz-mulgara on our dev server to r3871 (i think - used 0.8 rpms in /home/amit on gandalf)

we have no webhead on dev anymore. cas is complaining beacuse the proxy callback url is plosone-dev.plos.org:8080 instead of plosone-dev.plos.org. looks like another place where network.ports.plosone isn't resolving.

where do i hard code this? 

2007-09-26 15:54:32,131 DEBUG CASFilter(PLoSONE)> Redirecting browser to [https://plosone-dev.plos.org:7443/cas/login?service=http%3A%2F%2Fplosone-dev.plos.org%3A8080%2Fuser%2Fsecure%2FsecureRedirect.action%3FgoTo%3D%252Fhome.action) [http-8080-Processor24 org.plos.cas.client.filter.CASFilter]
2007-09-26 15:54:38,574 DEBUG CASFilter(PLoSONE)> about to validate ProxyTicketValidator: [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://plosone-dev.plos.org:7443/cas/proxyValidate] proxyCallbackUrl=[https://plosone-dev.plos.org:10443/CasProxyServlet] ticket=[ST-0-HpgJn2cp0pu6WrXlsha0] service=[http%3A%2F%2Fplosone-dev.plos.org%3A8080%2Fuser%2Fsecure%2FsecureRedirect.action%3FgoTo%3D%252Fhome.action] renew=false]]] [http-8080-Processor24 org.plos.cas.client.filter.CASFilter]
2007-09-26 15:54:38,583 ERROR CASReceipt(PLoSONE)> edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://plosone-dev.plos.org:7443/cas/proxyValidate] proxyCallbackUrl=[https://plosone-dev.plos.org:10443/CasProxyServlet] ticket=[ST-0-HpgJn2cp0pu6WrXlsha0] service=[http%3A%2F%2Fplosone-dev.plos.org%3A8080%2Fuser%2Fsecure%2FsecureRedirect.action%3FgoTo%3D%252Fhome.action] renew=false]]] [http-8080-Processor24 edu.yale.its.tp.cas.client.CASReceipt]
2007-09-26 15:54:38,583 ERROR CASFilter(PLoSONE)> edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://plosone-dev.plos.org:7443/cas/proxyValidate] proxyCallbackUrl=[https://plosone-dev.plos.org:10443/CasProxyServlet] ticket=[ST-0-HpgJn2cp0pu6WrXlsha0] service=[http%3A%2F%2Fplosone-dev.plos.org%3A8080%2Fuser%2Fsecure%2FsecureRedirect.action%3FgoTo%3D%252Fhome.action] renew=false]]] [http-8080-Processor24 org.plos.cas.client.filter.CASFilter]
2007-09-26 15:54:38,583 ERROR [default](PLoSONE)> Servlet.service() for servlet default threw exception [http-8080-Processor24 org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/].[default]]
java.io.IOException: HTTPS hostname wrong:  should be <plosone-dev.plos.org>
        at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:490)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:415)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:917)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
        at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
        at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
        at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
        at org.plos.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:470)
        at org.plos.cas.client.filter.CASFilter.doFilter(CASFilter.java:380)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.plos.web.DummySSOFilter.doFilter(DummySSOFilter.java:95)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.plos.web.VirtualJournalContextFilter.doFilter(VirtualJournalContextFilter.java:158)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:164)
        at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:141)
        at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:90)
        at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:406)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
        at java.lang.Thread.run(Thread.java:595)

Dependency Graph

Change History

09/26/07 16:09:37 changed by russ

  • status changed from new to closed.
  • resolution set to fixed.

ah, i see. i can hard code in cas.xml here: 

  <registration>
    <from-email>registration@your-org</from-email> <!-- From address in registration emails -->
    <from-name>My Org Registration</from-name>     <!-- Name of from user in reg emails -->
    <context>/plos-registration</context>          <!-- Directory of webapp -->
    <plosone> <!-- Location of publishing app so links in registration work -->
      <context></context> <!-- directory of publishing app -->
      <!-- URL of publicly accessible publishing app (webhead if there is one) -->
      <url>http://${network.hosts.default}:${network.ports.default}</url>
    </plosone>
  </registration>

09/26/07 16:17:39 changed by russ

  • status changed from closed to reopened.
  • resolution deleted.

i take it back. it's barfing with a webhead too. it seems like it doesn't like 10443 in a proxycallbackurl.

09/26/07 16:37:39 changed by amit

  • owner changed from jsuttor to amit.
  • status changed from reopened to new.

Hmmm...I wonder if the mvn is messing up again with the wrong version of commons configuration. But that error used to be different. Really strange as nothing has really changed here. Will look into it.

09/26/07 16:43:02 changed by russ 

at org.plos.web.DummySSOFilter.doFilter(DummySSOFilter.java:95)

why is DummySSOFilter being used - is that normal?

09/26/07 16:50:31 changed by amit

The filter is always there, but is not turned on. You have to go in explicitly and turn it on.

09/26/07 17:08:46 changed by amit

  • owner changed from amit to russ.

I brought up the complete system on black.topazproject.org and was able to login to CAS without any problems. Please take a look at the configuration files there as they might provide some indication of the deviation.

09/26/07 17:13:50 changed by russ

gen_keystores. i had a left over keystore from when the new single box server was plosone02.

sorry :( testing now.

09/26/07 17:14:04 changed by russ

  • status changed from new to closed.
  • resolution set to fixed.