CAS Server
  1. CAS Server
  2. CAS-975

500 ISE while attempting to validate an invalid service ticket

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 3.4.8
    • Fix Version/s: 3.4.9
    • Component/s: None
    • Labels:
      None
    • Environment:
      Tomcat 7.0.11
      OS X 10.6.7

      Description

      When attempting to validate an invalid ticket while specifying a valid pgtUrl the following Exception is thrown which drives up a 500 ISE instead of the standard unknown ticket response XML.

      In my testing the 500 ISE is only generated when a valid pgtUrl (ssl url, valid certificate chain, and 200 response) is specified, but the correct unknown ticket response is generated if the pgtUrl isn't valid.

      The error appears to be related to the auditing annotation on the delegateTicketGrantingTicket method in CentralAuthenticationServiceImpl.

      Example:

      serviceValidate URL:
      https://localhost:8443/cas/serviceValidate?service=https%3A%2F%2Fexample.com%2F&ticket=ST&pgtUrl=https%3A%2F%2Fdev.mygcx.org%2Fsystem%2Fcas%2Fpgt

      Exception thrown:
      org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.IllegalArgumentException: resourceOperatedUpon cannot be null
      at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:656)
      at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
      at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:115)
      at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:44)
      at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
      at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
      at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
      at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:498)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:394)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:243)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:188)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:166)
      at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302)
      at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
      at java.lang.Thread.run(Thread.java:680)
      Caused by: java.lang.IllegalArgumentException: resourceOperatedUpon cannot be null
      at com.github.inspektr.audit.AuditActionContext.assertNotNull(AuditActionContext.java:81)
      at com.github.inspektr.audit.AuditActionContext.<init>(AuditActionContext.java:64)
      at com.github.inspektr.audit.AuditTrailManagementAspect.executeAuditCode(AuditTrailManagementAspect.java:148)
      at com.github.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:139)
      at sun.reflect.GeneratedMethodAccessor28.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)
      at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)
      at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)
      at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
      at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
      at $Proxy23.delegateTicketGrantingTicket(Unknown Source)
      at org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:127)
      at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
      at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
      at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790)
      at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
      at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644)
      ... 32 more

        Activity

        Hide
        Daniel Frett added a comment -

        I did a bit of debugging and found the exception is caused when the delegateTicketGrantingTicket method throws an exception that returns null for the getMessage method, such as the following exception: "throw new TicketCreationException(e)".

        I filed an issue with the inspektr project (https://github.com/dima767/inspektr/issues/8) about the underlying issue.

        Show
        Daniel Frett added a comment - I did a bit of debugging and found the exception is caused when the delegateTicketGrantingTicket method throws an exception that returns null for the getMessage method, such as the following exception: "throw new TicketCreationException(e)". I filed an issue with the inspektr project ( https://github.com/dima767/inspektr/issues/8 ) about the underlying issue.

          People

          • Assignee:
            Scott Battaglia
            Reporter:
            Daniel Frett
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: