search

Unicon / cas-mfa

CAS server overlay with support for multifactor authentication.
Apache License 2.0
24 stars 19 forks source link

Runtime error is thrown during registered service authn method discovery #100

Closed dima767 closed 9 years ago

dima767 commented 9 years ago

CAS version: 3.5.3

cas-mfa version: 1.0.0-RC1

pom.xml:

...
<build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-war-plugin</artifactId>
                <version>2.6</version>
                <configuration>
                    <warName>cas</warName>
                    <overlays>
                        <!-- standard cas war overlay -->
                        <overlay>
                            <groupId>org.jasig.cas</groupId>
                            <artifactId>cas-server-webapp</artifactId>
                            <excludes>
                                <exclude>WEB-INF/cas.properties</exclude>
                                <exclude>WEB-INF/classes/log4j.xml</exclude>
                            </excludes>
                        </overlay>
                        <!-- cas-mfa war overlay -->
                        <overlay>
                            <groupId>net.unicon</groupId>
                            <artifactId>cas-mfa-web</artifactId>
                            <excludes>
                                <exclude>**/cas-addons-*.jar</exclude>                                
                            </excludes>
                        </overlay>
                    </overlays>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.2</version>
                <configuration>
                    <source>1.7</source>
                    <target>1.7</target>
                </configuration>
            </plugin>
        </plugins>
        <finalName>cas</finalName>
    </build>

    <dependencies>
        <dependency>
            <groupId>org.jasig.cas</groupId>
            <artifactId>cas-server-webapp</artifactId>
            <version>${cas.version}</version>
            <type>war</type>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.jasig.cas</groupId>
            <artifactId>cas-server-support-ldap</artifactId>
            <version>${cas.version}</version>
        </dependency>

        <dependency>
            <groupId>net.unicon.cas</groupId>
            <artifactId>cas-addons</artifactId>
            <version>${cas-addons.version}</version>
            <exclusions>
                <exclusion>
                    <groupId>edu.internet2.middleware.grouper</groupId>
                    <artifactId>grouperClient</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>com.sun.jersey</groupId>
                    <artifactId>jersey-client</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>com.sun.jersey</groupId>
                    <artifactId>jersey-core</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>com.sun.jersey</groupId>
                    <artifactId>jersey-server</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>com.sun.jersey</groupId>
                    <artifactId>jersey-servlet</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>com.sun.jersey.contribs</groupId>
                    <artifactId>jersey-spring</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>javax.ws.rs</groupId>
                    <artifactId>jsr311-api</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>org.slf4j</groupId>
                    <artifactId>slf4j-log4j12</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>com.stormpath.sdk</groupId>
                    <artifactId>stormpath-sdk-api</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>com.stormpath.sdk</groupId>
                    <artifactId>stormpath-sdk-httpclient</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>org.springframework.data</groupId>
                    <artifactId>spring-data-mongodb</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>org.springframework.security</groupId>
                    <artifactId>spring-security-cas</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>com.yubico</groupId>
                    <artifactId>yubico-validation-client2</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>org.codehaus.groovy</groupId>
                    <artifactId>groovy-all</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>javax.xml.stream</groupId>
                    <artifactId>stax-api</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>org.codehaus.jettison</groupId>
                    <artifactId>jettison</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>org.jasig.cas</groupId>
                    <artifactId>cas-server-support-generic</artifactId>
                </exclusion>
            </exclusions>
        </dependency>

        <!-- cas-mfa with Duo -->
        <dependency>
            <groupId>net.unicon</groupId>
            <artifactId>cas-mfa-web</artifactId>
            <version>${cas-mfa.version}</version>
            <type>war</type>
        </dependency>

        <dependency>
            <groupId>net.unicon</groupId>
            <artifactId>cas-mfa-duo</artifactId>
            <version>${cas-mfa.version}</version>
            <scope>runtime</scope>
        </dependency>

    </dependencies>

    <properties>
        <cas.version>3.5.3</cas.version>
        <cas-addons.version>1.16</cas-addons.version>
        <cas-mfa.version>1.0.0-RC1</cas-mfa.version>
    </properties>
...

Runtime exception thrown:

...
EVERE: Servlet.service() for servlet [cas] in context with path [/cas] threw exception [Handler processing failed; nested exception is java.lang.NoSuchMethodError: org.springframework.util.StringUtils.isEmpty(Ljava/lang/Object;)Z] with root cause
java.lang.NoSuchMethodError: org.springframework.util.StringUtils.isEmpty(Ljava/lang/Object;)Z
    at net.unicon.cas.mfa.web.support.RegisteredServiceAttributeMultiFactorAuthenticationArgumentExtractor.determineDefaultAuthenticationMethod(RegisteredServiceAttributeMultiFactorAuthenticationArgumentExtractor.java:100)
    at net.unicon.cas.mfa.web.support.RegisteredServiceAttributeMultiFactorAuthenticationArgumentExtractor.getAuthenticationMethod(RegisteredServiceAttributeMultiFactorAuthenticationArgumentExtractor.java:79)
    at net.unicon.cas.mfa.web.support.AbstractMultiFactorAuthenticationArgumentExtractor.extractService(AbstractMultiFactorAuthenticationArgumentExtractor.java:71)
    at net.unicon.cas.mfa.web.support.MultiFactorAuthenticationRequestsCollectingArgumentExtractor.extractService(MultiFactorAuthenticationRequestsCollectingArgumentExtractor.java:64)

...
mmoayyed commented 9 years ago

Most likely, this is caused by cas-addons 16 which brings in a bunch of new JARs. MFA uses 13. I'll see if I can update the pom.

mmoayyed commented 9 years ago

This is now done.

xraj commented 9 years ago

Can we reopen this? I'm seeing the same problem.

It seems to be caused when the json service registry is enabled. The value of the mfa.default.authn.method property is ignored as far as I can tell. If authn_method isn't set by the service registry then the value is assumed empty and you get the NoSuchMethodError exception. Setting it explicitly to an empty value results in the same. The only thing that works is to set it to a valid value from auth-methods.conf. In my case this would duo-two-factor.

The end result of this is that there is no way to have a service with MFA disabled.

mmoayyed commented 9 years ago

What you're describing sounds different than the bug above, which had to do with dependency issues. Please open up a separate issue and we'll investigate.

mmoayyed commented 9 years ago

Also, please specify whether you are running from source, or whether you have integrated this into your overlay, and if so, please attach a pom as well as the snapshot of the error stack trace you see.