Lavandysh
Reputation: 571
How to correctly handle error templating in Jasig Cas?
I'm using jasig cas serverside based on [[email protected]:casinthecloud/cas-pac4j-oauth-demo.git][1]
I'm having trouble with the error handling. When a 404 page should be shown I get a json file with the data instead. Like this:
{
"type": "problemDetail.type.org.springframework.web.servlet.resource.NoResourceFoundException",
"title": "problemDetail.title.org.springframework.web.servlet.resource.NoResourceFoundException",
"status": 404,
"detail": "problemDetail.org.springframework.web.servlet.resource.NoResourceFoundException",
"instance": "/cas/css/fonts.css"
}
I would like to create my own 404 page using templating.
I tried asking chatGPT for help. It recommended using the following config:
cas:
view:
template-prefixes: classpath:/templates/...
error:
not-found: classpath:/templates/.../error/404.html
unauthorized: classpath:/templates/.../error/unauthorized.html
access-denied: classpath:/templates/.../error/accessDenied.html
login-failure: classpath:/templates/.../error/loginFailure.html
error: classpath:/templates/error/.../generalError.html
But this doesn't work. It still get the JSON file instead. And I cannot find these properties anywhere in the documentation. Asking ChatGPT where it found it lead to nowhere. The error pages are all in the correct directories, for example: \src\main\resources\templates...\error\404.html
Logs:
cas-1 | org.pac4j.core.exception.TechnicalException: com.github.scribejava.core.model.OAuth2AccessTokenErrorResponse: {"error":"invalid_grant","error_description":"AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token. Trace ID: 2e19189a-c3df-4a34-9b59-63b5f27f7901 Correlation ID: 32
d725fb-0f20-4550-9447-bd2000ec549e Timestamp: 2024-11-13 10:35:08Z","error_codes":[54005],"timestamp":"2024-11-13 10:35:08Z","trace_id":"2e19189a-c3df-4a34-9b59-63b5f27f7901","correlation_id":"32d725fb-0f20-4550-9447-bd2000ec549e"}
cas-1 | at org.pac4j.oauth.credentials.authenticator.OAuthAuthenticator.validate(OAuthAuthenticator.java:50) ~[pac4j-oauth-6.0.6.jar!/:6.0.6]
cas-1 | at org.pac4j.oauth.credentials.authenticator.OAuth20Authenticator.validate(OAuth20Authenticator.java:22) ~[pac4j-oauth-6.0.6.jar!/:6.0.6]
cas-1 | at org.pac4j.core.client.BaseClient.internalValidateCredentials(BaseClient.java:113) ~[pac4j-core-6.0.6.jar!/:6.0.6]
cas-1 | at org.pac4j.core.client.BaseClient.validateCredentials(BaseClient.java:95) ~[pac4j-core-6.0.6.jar!/:6.0.6]
cas-1 | at org.apereo.cas.authentication.principal.DefaultDelegatedAuthenticationCredentialExtractor.lambda$getCredentialsFromDelegatedClient$1(DefaultDelegatedAuthenticationCredentialExtractor.java:51) ~[cas-server-support-pac4j-core-7.1.1.jar!/:7.1.1]
cas-1 | at java.base/java.util.Optional.map(Optional.java:260) ~[?:?]
cas-1 | at org.apereo.cas.authentication.principal.DefaultDelegatedAuthenticationCredentialExtractor.lambda$getCredentialsFromDelegatedClient$2(DefaultDelegatedAuthenticationCredentialExtractor.java:51) ~[cas-server-support-pac4j-core-7.1.1.jar!/:7.1.1]
cas-1 | at org.apereo.cas.util.function.FunctionUtils.lambda$doAndHandle$12(FunctionUtils.java:425) ~[cas-server-core-util-api-7.1.1.jar!/:7.1.1]
cas-1 | at org.apereo.cas.authentication.principal.DefaultDelegatedAuthenticationCredentialExtractor.getCredentialsFromDelegatedClient(DefaultDelegatedAuthenticationCredentialExtractor.java:54) ~[cas-server-support-pac4j-core-7.1.1.jar!/:7.1.1]
cas-1 | at org.apereo.cas.authentication.principal.DefaultDelegatedAuthenticationCredentialExtractor.extract(DefaultDelegatedAuthenticationCredentialExtractor.java:30) ~[cas-server-support-pac4j-core-7.1.1.jar!/:7.1.1]
cas-1 | at org.apereo.cas.web.flow.actions.DelegatedClientAuthenticationAction.lambda$populateContextWithClientCredential$8(DelegatedClientAuthenticationAction.java:266) ~[cas-server-support-pac4j-webflow-7.1.1.jar!/:7.1.1]
cas-1 | at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197) ~[?:?]
cas-1 | at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:179) ~[?:?]
cas-1 | at java.base/java.util.AbstractList$RandomAccessSpliterator.tryAdvance(AbstractList.java:708) ~[?:?]
cas-1 | at java.base/java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:129) ~[?:?]
cas-1 | at java.base/java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:527) ~[?:?] ...
cas-1 | at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368) ~[spring-webflow-3.0.0.jar!/:3.0.0]
cas-1 | at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223) ~[spring-webflow-3.0.0.jar!/:3.0.0]
cas-1 | at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:139) ~[spring-webflow-3.0.0.jar!/:3.0.0]
cas-1 | at org.apereo.cas.web.flow.executor.WebflowExecutorFactory$CasFlowExecutorImpl.launchExecution(WebflowExecutorFactory.java:95) ~[cas-server-core-webflow-api-7.1.1.jar!/:7.1.1]
cas-1 | at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) ~[?:?]
cas-1 | at java.base/java.lang.reflect.Method.invoke(Method.java:580) ~[?:?]
cas-1 | at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:355) ~[spring-aop-6.1.12.jar!/:6.1.12]
cas-1 | at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196) ~[spring-aop-6.1.12.jar!/:6.1.12]
cas-1 | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-6.1.12.jar!/:6.1.12]
cas-1 | at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:102) ~[spring-aop-6.1.12.jar!/:6.1.12]
cas-1 | at org.apereo.cas.monitor.ExecutableObserver.executeJoinPoint(ExecutableObserver.java:84) ~[cas-server-core-api-monitor-7.1.1.jar!/:7.1.1]
cas-1 | at org.apereo.cas.monitor.ExecutableObserver.observe(ExecutableObserver.java:65) ~[cas-server-core-api-monitor-7.1.1.jar!/:7.1.1]
cas-1 | at org.apereo.cas.config.CasWebflowMonitoringConfiguration$CasWebflowMonitoringAspect.aroundWebflowOperations(CasWebflowMonitoringConfiguration.java:59) ~[cas-server-core-webflow-7.1.1.jar!/:7.1.1]
cas-1 | at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) ~[?:?]
cas-1 | at java.base/java.lang.reflect.Method.invoke(Method.java:580) ~[?:?]
cas-1 | at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:637) ~[spring-aop-6.1.12.jar!/:6.1.12]
cas-1 | at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:627) ~[spring-aop-6.1.12.jar!/:6.1.12]
cas-1 | at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:71) ~[spring-aop-6.1.12.jar!/:6.1.12]
cas-1 | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184) ~[spring-aop-6.1.12.jar!/:6.1.12]
cas-1 | at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97) ~[spring-aop-6.1.12.jar!/:6.1.12]
cas-1 | at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184) ~[spring-aop-6.1.12.jar!/:6.1.12]
cas-1 | at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:223) ~[spring-aop-6.1.12.jar!/:6.1.12]
cas-1 | at jdk.proxy2/jdk.proxy2.$Proxy151.launchExecution(Unknown Source) ~[?:?]
cas-1 | at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:264) ~[spring-webflow-3.0.0.jar!/:3.0.0]
cas-1 | at org.apereo.cas.web.flow.CasFlowHandlerAdapter.handle(CasFlowHandlerAdapter.java:39) ~[cas-server-core-webflow-api-7.1.1.jar!/:7.1.1]
cas-1 | at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1089) ~[spring-webmvc-6.1.12.jar!/:6.1.12]
cas-1 | at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:979) ~[spring-webmvc-6.1.12.jar!/:6.1.12]
cas-1 | at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014) ~[spring-webmvc-6.1.12.jar!/:6.1.12]
cas-1 | at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:903) ~[spring-webmvc-6.1.12.jar!/:6.1.12]
cas-1 | at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:633) ~[jakarta.servlet-api-6.1.0.jar!/:6.1.0]
cas-1 | at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885) ~[spring-webmvc-6.1.12.jar!/:6.1.12]
cas-1 | at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:723) ~[jakarta.servlet-api-6.1.0.jar!/:6.1.0]
cas-1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:195) ~[tomcat-embed-core-10.1.30.jar!/:?]
cas-1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[tomcat-embed-core-10.1.30.jar!/:?]
cas-1 | at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:110) ~[spring-web-6.1.12.jar!/:6.1.12]
cas-1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[tomcat-embed-core-10.1.30.jar!/:?]
cas-1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[tomcat-embed-core-10.1.30.jar!/:?]
cas-1 | at org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:393) ~[cas-server-core-web-api-7.1.1.jar!/:7.1.1]
cas-1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[tomcat-embed-core-10.1.30.jar!/:?]
cas-1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[tomcat-embed-core-10.1.30.jar!/:?]
cas-1 | at org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:188) ~[cas-server-core-web-api-7.1.1.jar!/:7.1.1]
cas-1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[tomcat-embed-core-10.1.30.jar!/:?]
cas-1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[tomcat-embed-core-10.1.30.jar!/:?]
cas-1 | at org.apereo.cas.web.support.filters.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:62) ~[cas-server-core-web-api-7.1.1.jar!/:7.1.1]
cas-1 | at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164) ~[tomcat-embed-core-10.1.30.jar!/:?]
cas-1 | at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140) ~[tomcat-embed-core-10.1.30.jar!/:?]
cas-1 | at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:108) ~[spring-web-6.1.12.jar!/:6.1.12]
cas-1 | at org.springframework.security.web.FilterChainProxy.lambda$doFilterInternal$3(FilterChainProxy.java:231) ~[spring-security-web-6.3.3.jar!/:6.3.3]
cas-1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:365) ~[spring-security-web-6.3.3.jar!/:6.3.3]
cas-1 | at org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:100) ~[spring-security-web-6.3.3.jar!/:6.3.3]
cas-1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.3.jar!/:6.3.3]
cas-1 | at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) ~[spring-security-web-6.3.3.jar!/:6.3.3]
cas-1 | at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) ~[spring-security-web-6.3.3.jar!/:6.3.3]
cas-1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.3.jar!/:6.3.3]
cas-1 | at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) ~[spring-security-web-6.3.3.jar!/:6.3.3]
cas-1 | at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.3.3.jar!/:6.3.3]
cas-1 | at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179) ~[spring-security-web-6.3.3.jar!/:6.3.3]
cas-1 | at ...
cas-1 | at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat-embed-core-10.1.30.jar!/:10.1.30]
cas-1 | at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:905) ~[tomcat-embed-core-10.1.30.jar!/:10.1.30]
cas-1 | at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1741) ~[tomcat-embed-core-10.1.30.jar!/:10.1.30]
cas-1 | at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat-embed-core-10.1.30.jar!/:10.1.30]
cas-1 | at java.base/java.lang.VirtualThread.run(VirtualThread.java:311) ~[?:?]
cas-1 | Caused by: com.github.scribejava.core.model.OAuth2AccessTokenErrorResponse: {"error":"invalid_grant","error_description":"AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token. Trace ID: 2e19189a-c3df-4a34-9b59-63b5f27f7901 Correlation ID: 32d725fb-0f20-4550-9447-bd2000ec549e
Timestamp: 2024-11-13 10:35:08Z","error_codes":[54005],"timestamp":"2024-11-13 10:35:08Z","trace_id":"2e19189a-c3df-4a34-9b59-63b5f27f7901","correlation_id":"32d725fb-0f20-4550-9447-bd2000ec549e"}
cas-1 | at com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor.generateError(OAuth2AccessTokenJsonExtractor.java:77) ~[scribejava-core-8.3.3.jar!/:?]
cas-1 | at com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor.extract(OAuth2AccessTokenJsonExtractor.java:37) ~[scribejava-core-8.3.3.jar!/:?]
cas-1 | at com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor.extract(OAuth2AccessTokenJsonExtractor.java:17) ~[scribejava-core-8.3.3.jar!/:?]
cas-1 | at com.github.scribejava.core.oauth.OAuth20Service.sendAccessTokenRequestSync(OAuth20Service.java:157) ~[scribejava-core-8.3.3.jar!/:?]
cas-1 | at com.github.scribejava.core.oauth.OAuth20Service.getAccessToken(OAuth20Service.java:237) ~[scribejava-core-8.3.3.jar!/:?]
cas-1 | at com.github.scribejava.core.oauth.OAuth20Service.getAccessToken(OAuth20Service.java:232) ~[scribejava-core-8.3.3.jar!/:?]
cas-1 | at org.pac4j.oauth.credentials.authenticator.OAuth20Authenticator.retrieveAccessToken(OAuth20Authenticator.java:43) ~[pac4j-oauth-6.0.6.jar!/:6.0.6]
cas-1 | at org.pac4j.oauth.credentials.authenticator.OAuthAuthenticator.validate(OAuthAuthenticator.java:48) ~[pac4j-oauth-6.0.6.jar!/:6.0.6]
cas-1 | ... 165 more
cas-1 | 2024-11-13 10:35:08,284 DEBUG [org.apereo.cas.web.flow.actions.DelegatedClientAuthenticationAction] - <Single sign-on session in inactive for service [null]>
cas-1 | 2024-11-13 10:35:08,284 ERROR [org.apereo.cas.web.flow.actions.DelegatedClientAuthenticationAction] - <Client EntraID failed to validate credentials>
[1]: https://[email protected]:casinthecloud/cas-pac4j-oauth-demo.git
Upvotes: 1
Views: 24
Answers (0)
Related Questions
- Silent authentification with cas oidc (prompt=none)
- JASIG CAS Login without CAS login screen
- CAS 6.1.5 - Service Registry fails to load definition (using MongoDB as storage)
- High availability configuration of CAS
- jasig CAS hibernate mapping
- JASIG CAS certificate
- Jasig CAS login workflow
- Response from Jasig CAS
- Jasig CAS store services in Database
- Jasig CAS: Remember Me