I'm having a spring-mvc project set up with spring-roo, that runs on tomcat.
After setting up spring-security, I can not see exceptions/stacktrace in the console anymore...
I just go to the login page and try to login. In my UserService (that is called during the login process) I throw a NullPointerException to "test" this.
The Exception is not shown in the console. The only thing I can see, is the message of the exception on the login page (/login?login_error=t) like "Your login attempt was not successful, try again. Reason: blablabla".
That is not good, because I want to be able to see (in console) what is going on an where the problem is.
I commented out the filter 'springSecurityFilterChain' that was added when setting up spring-security.
When I throw an exception within a controller, the exception is shown in console as expected. So my guess is, that something handles the exception during the Filter chain and does not print it to the console. I wasn't able to find out, how to avoid this...
Any help would be appreciated!
Thanks
Yes you are correct, spring-security is taking care of the authentication part, so all you need is set the log level of spring-security to DEBUG
org.springframework.security.level=DEBUG
This should print all the exceptions which are occurring while authenticating.
Related
This is in regards to the sample: msal-web-sample-0.1.0
I am using tomcat 9 and maven to build and run the msal-web-sample code. It is building fine and running, loading spring, etc. I am able to go out and get a username and passowrd login. However, when it tries to return back to my system (https://localhost:8443/msal4jsample/secure/aad) it just has a bit "ERROR PAGE!" heading with Home Page link going back to the main tomcat page.
In the tomcat runtime it has:
2021-06-29 15:28:06.108 ERROR 6360 --- [io-8443-exec-10] o.s.b.w.servlet.support.ErrorPageFilter : Cannot forward to error page for request [/secure/aad] as the response has already been committed. As a result, the response may have the wrong status code. If your application is running on WebSphere Application Server you may be able to resolve this problem by setting com.ibm.ws.webcontainer.invokeFlushAfterService to false
Of course, that doesn't apply to my setup.
I see the get in the logs returning back OK and don't see any errors on startup. I am at a loss as to where to go from here. Any thoughts?
Also, is there a non-spring implementation that can be used with java but still using MSAL?
Thanks
Alan
Please share additional information about the error. Do you have trouble regrading AAD? Check your environmental settings (Tomcat) if this isn't the case.
We have a JSF webapp with Primefaces 4.0 and CAS Single Sign On.
When a user requests an ajax action (by clicking a p:commandButton or similar component with ajax=true) after he has lost his session because SSOut in another tab, nothing happens, no response from server or action is triggered.
We need to manage that situation to inform the user that his session is no longer available, by showing a dialog or redirecting him to home or a custom page, but we don't know how.
ajax=false solves the problem, but this is not what we want to do.
No ViewExpiredException is thrown.
EDIT:
We had already read and tried this BalusC's solution without success. No Exception is thrown and Handler has nothing to do. Note that isn't an Expired Session or Invalidated by TimeOut session, is just an explicit session.invalidate caused by Cas Sign Out in another tab.
We also tried javascript jsf.ajax.addOnError() solution, and again nothing to capture.
Only p:ajaxStatus onError event catches something, but no way to identify that particular error. Even overriding ajaxStatus javascript function, error data parameter is undefined...
Also, p:log says "Request return with error:error." but, which error is it? how do we identify it?
We are stuck on this issue...
This has been discussed many times, and as far as know there aren't any out-of-the-box solutions yet. One solution is to add a custom ExceptionHandler as stated in this post.
Another option is to register client error handler using jsf.ajax.addOnError(...), and to handle this exception in it. You might need some server code to add a custom header in case session is invalid, which you would use in error handler to be able to differentiate that specific case from other errors.
I am using ASP.NET MVC for a project, Everything works fine. Recently someone reported that if he tried to login to the interface with this password J&Mg<in5 the interface showed error page I mean not even the custom 500 error page which we have configured and works otherwise.
I have elmah configured on this project, no error is shown there too.
I little more investigation showed that all password of type, examples below
<ee
<fd
<reee
i.e "<" followed by any character gave this error.
Why is this error coming, and how to resolve this ?
I think it's the request validation that triggers in this case. Try disabling it and see if it helps. Also, try looking at the event log, it should contain a bit more useful details on the matter.
Hope this helps.
Is there a way to redirect the user to an error page (view) when an exception is raised in application_start method of global.asax? I get a Request object is null message when I try to do a redirect. How would i handle this? I have to raise the exception if certain conditions are not met and I want the user to go to a specific View.
My application is MVC3 based, btw.
Thanks
Application_Start happens before ASP.Net starts processing the request.
You could set a global static flag to indicate the error condition, then handle BeginRequest and check the flag and redirect.
You can refer this page.
The thing you are trying to do is possible via Web.config Just show what page to load when http error 500 occurs.
Edit
Sorry gave wrong url
I am supporting an application that has some DWR components. Whenever there is a server error i get a javascript alert that simply says 'error'.
Does anyone know where this might be configured and if there is a way to disable this. Id rather it silently fail at whatever then do this very distracting message.
Use DWR exception handlers in the positions wherever there is a chance for run time errors.
Use try catch mechanism and printstacktrace() in catch block. It works for me!