guacamole-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nick Couchman (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (GUACAMOLE-355) CAS Module Missing Error Handling
Date Tue, 25 Jul 2017 13:12:00 GMT

    [ https://issues.apache.org/jira/browse/GUACAMOLE-355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16100008#comment-16100008
] 

Nick Couchman commented on GUACAMOLE-355:
-----------------------------------------

{quote}
Where specifically is that FileNotFoundException being thrown?
{quote}

I believe it gets thrown by the CAS Client module that is imported into the guacamole-auth-cas
module.  Here's the top part of the stack trace:
{code}
20:40:08.007 [http-nio-8080-exec-512] ERROR o.jasig.cas.client.util.CommonUtils - https://guac.example.com/cas/login/proxyValidate?ticket=ST-1-9s3clpKb2Ph4S0t39nEj-guac.example.com&service=https%3A%2F%2Fguac.example.com%2Fguacamole
java.io.FileNotFoundException: https://guac.example.com/cas/login/proxyValidate?ticket=ST-1-9s3clpKb2Ph4S0t39nEj-guac.example.com&service=https%3A%2F%2Fguac.example.com%2Fguacamole
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1872)
~[na:1.8.0_131]
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)
~[na:1.8.0_131]
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
~[na:1.8.0_131]
        at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:429)
~[guacamole-auth-cas-0.9.13-incubating.jar:na]
        at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41)
[guacamole-auth-cas-0.9.13-incubating.jar:na]
        at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193)
[guacamole-auth-cas-0.9.13-incubating.jar:na]
        at org.apache.guacamole.auth.cas.ticket.TicketValidationService.processUsername(TicketValidationService.java:72)
[guacamole-auth-cas-0.9.13-incubating.jar:na]
        at org.apache.guacamole.auth.cas.AuthenticationProviderService.authenticateUser(AuthenticationProviderService.java:86)
[guacamole-auth-cas-0.9.13-incubating.jar:na]
{code}

Here's roughly what happens.
* User enables CAS module and puts in an incorrect URL for the CAS base (like adding /login
to the end)
* User logs in, which redirects successfully to the CAS login page, but then the CAS module's
TicketValidationService class goes to validate the ticket, which results in a 404 from the
CAS server
* Somewhere along the line, this turns into a FileNotFoundException, which gets handled by
guacamole/src/main/java/org/apache/guacamole/rest/RESTExceptionWrapper.java in the invoke
method, down in the {code} catch (Throwable t) {code} block as an unchecked exception.

I was playing around last night and tried to catch the FileNotFoundException both in the CAS
module and in the RESTExceptionWrapper up with the previous Guacamole exceptions, but neither
of those options panned out.

> CAS Module Missing Error Handling
> ---------------------------------
>
>                 Key: GUACAMOLE-355
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-355
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole-auth-cas
>    Affects Versions: 0.9.13-incubating
>            Reporter: Nick Couchman
>            Assignee: Nick Couchman
>
> As reported by Kaushnik on the dev mailing list, attempting to use the guacamole-auth-cas
module with an incorrect CAS authentication endpoint results in very generic and not very
useful 500 Internal Server errors rather than meaningful messages that point the user in the
right direction for correcting the error.  Need to see if the CAS framework has any built-in
error checking facilities and try to leverage those, or at least throw some more meaningful
Guacamole errors when we run into problems.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message