uPortal IRC Logs-2012-04-17

Owned by Apereo Infrastructure
Last updated: Apr 17, 2012
6 min read

[10:16:15 CDT(-0500)] <EricDalquist> yay google chat works for me again!

[10:16:21 CDT(-0500)] <EricDalquist> the magic google faeries fixed it

[10:16:33 CDT(-0500)] <EricDalquist> if only it hadn't taken two weeks (tongue)

[10:17:21 CDT(-0500)] <athena> yay!!

[10:17:23 CDT(-0500)] <athena> no kidding

[11:06:22 CDT(-0500)] <EricDalquist> athena: do you know if it is ok to set both Last-Modified and ETag?

[11:07:20 CDT(-0500)] <athena> yes that should be ok

[11:07:33 CDT(-0500)] <EricDalquist> ok, that is what I found online as well

[11:07:41 CDT(-0500)] <EricDalquist> just wanted to see if you knew anything otherwise

[11:07:57 CDT(-0500)] <athena> i assume then it'd just check the etag only if necessary?

[11:08:18 CDT(-0500)] <EricDalquist> yeah, it sounds like if both are set

[11:08:22 CDT(-0500)] <EricDalquist> the browser has to at least use ETag

[11:08:26 CDT(-0500)] <EricDalquist> but can use both

[11:27:27 CDT(-0500)] <athena> ugh, we're going to need to get the google visualization lib into maven

[11:29:04 CDT(-0500)] <EricDalquist> you want to send a note to ossrh-users@sonatype.org and see if they have any recommendations on how to get it into central?

[11:46:53 CDT(-0500)] <athena> i think we can use the third-party thing

[11:47:02 CDT(-0500)] <athena> i can send a request later today

[11:47:33 CDT(-0500)] <EricDalquist> that's goodf

[11:55:41 CDT(-0500)] <athena> ugh.

[11:55:51 CDT(-0500)] <athena> i don't know, maybe we'll have to drop down to google viz 1.0.2

[11:56:02 CDT(-0500)] <athena> they don' appear to really have ever tagged 1.1.1 publicly

[11:56:06 CDT(-0500)] <athena> it's the current download

[11:56:17 CDT(-0500)] <athena> but it's not tagged in SVN :/

[11:57:00 CDT(-0500)] <athena> but . . . actually i know there are some differences and i'm not sure 1.0.2 will work for us

[11:57:33 CDT(-0500)] <athena> probably going to have to go through their changelog and build the source and javadoc jars manually

[11:57:35 CDT(-0500)] <athena> PITA

[12:03:24 CDT(-0500)] <EricDalquist> do you have a link to the project site handy?

[12:10:51 CDT(-0500)] <athena> http://code.google.com/p/google-visualization-java/

[12:11:02 CDT(-0500)] <athena> wonder if the zip has those resources

[12:11:03 CDT(-0500)] <athena> we'll see

[12:12:03 CDT(-0500)] <EricDalquist> looking at http://code.google.com/p/google-visualization-java/source/list

[12:12:24 CDT(-0500)] <EricDalquist> it looks like not much has happened since 1.1.1

[12:13:06 CDT(-0500)] <EricDalquist> actually doing an svn log

[12:13:17 CDT(-0500)] <EricDalquist> http://code.google.com/p/google-visualization-java/source/detail?r=65

[12:13:26 CDT(-0500)] <EricDalquist> that is the commit that 1.1.1 was most likely built from

[12:17:20 CDT(-0500)] <athena> ah excellent

[12:17:29 CDT(-0500)] <athena> well, we'll make it work out

[12:44:10 CDT(-0500)] <b-sure> hello uPortal devs: does someone here know what configuration works in the latest personDirectoryContext.xml -> requestAttributeSourceFilter . I"m getting http://pastebin.com/raw.php?i=wdbyMLh8 with the 4.0.5 build where I set in security.properties the RemoteUserSecurityContextFactoryurity properties.

[12:45:20 CDT(-0500)] <b-sure> I'm sure it must be configuration related, but I'm not sure where the misconfiguration is. I'm using the packaged version of personDirectoryContext.xml

[12:46:29 CDT(-0500)] <EricDalquist> that might just be overzealous logging

[12:46:40 CDT(-0500)] <EricDalquist> you have shib setup to populate REMOTE_USER right?

[12:48:03 CDT(-0500)] <b-sure> yes. we do have it set up. in fact it works for the 4.0.3 build. but not in the 4.0.4 build. so I've reverted the configs to the packaged version to try to debug

[12:48:36 CDT(-0500)] <b-sure> I see in the wiki https://wiki.jasig.org/display/UPM40/Shibboleth to use some extra properties.

[12:48:55 CDT(-0500)] <b-sure> not sure if EricDalquist has madison configured like that ?

[12:49:57 CDT(-0500)] <EricDalquist> https://gist.github.com/2407776

[12:49:59 CDT(-0500)] <EricDalquist> that is what we have

[12:50:16 CDT(-0500)] <b-sure> ok. thanks. I'm gonna compare it to ours...

[13:33:25 CDT(-0500)] <b-sure> hi EricDalquist. in the gist post of your requestAttributeSourceFilter, is the "remoteUser" value for usernameAttribute and remoteUserAttribute the name of the attribute coming from shibboleth?

[13:34:12 CDT(-0500)] <b-sure> I'm looking at our shibb sp configs and looks like we use an attribute uid as the attribute for REMOTE_USER

[13:34:24 CDT(-0500)] <EricDalquist> remoteUserAttribute=remoteUser means "Take the value from HttpServletRequest.getRemoteUser() and store it as user attribute named remoteUser"

[13:34:45 CDT(-0500)] <EricDalquist> usernameAttribute=remoteUser means "The attribute which denotes the username is remoteUser"

[13:37:31 CDT(-0500)] <b-sure> ok. oddly I do see request.getRemoteUser() in the requestAttributeSourceFilter containing the value, but it still fails the in authentication test.

[13:39:49 CDT(-0500)] <b-sure> I"ve got these settings in security.properties as the principalToken and credentialToken http://pastebin.com/raw.php?i=tD84btDZ

[13:40:00 CDT(-0500)] <b-sure> I think those are the defaults.

[13:40:53 CDT(-0500)] <EricDalquist> https://gist.github.com/2408106

[13:40:56 CDT(-0500)] <EricDalquist> that is what we have

[13:54:41 CDT(-0500)] <b-sure> ok I think I'm getting closer. I no longer get the logged error in RequestAttributeSourceFilter but instead get this in the portal log http://pastebin.com/raw.php?i=WAGRZkh8

[13:54:59 CDT(-0500)] <b-sure> I think that is coming from the LoginController.java

[13:59:06 CDT(-0500)] <b-sure> rather the RemoteUserSecurityContext.java remoteUser is not set

[14:01:37 CDT(-0500)] <b-sure> could there be somewhere else in the personDirectoryContext.xml where the requestAttributeSourceFilter is being overridden like here ? http://pastebin.com/raw.php?i=wBx1iNPS in the personAttributeDaos

[14:38:41 CDT(-0500)] <EricDalquist> RemoteUserSecurityContext doesn't even use person directory

[14:39:27 CDT(-0500)] <EricDalquist> it would be calling RemoteUserPersonManager calls getRemoteUser on the HttpServletRequest

[14:39:33 CDT(-0500)] <EricDalquist> and uses that when creating the security context

[14:40:01 CDT(-0500)] <EricDalquist> so that warning implies that HttpServletRequest.getRemoteUser() isn't set

[14:40:11 CDT(-0500)] <EricDalquist> do you have any modifications to web.xml?

[14:40:40 CDT(-0500)] <b-sure> hi. no I"m using the packaged version in master branch

[14:41:01 CDT(-0500)] <EricDalquist> hrm

[14:41:14 CDT(-0500)] <EricDalquist> ok I'll double check our web.xml vs the one in master next chance I get

[14:41:14 CDT(-0500)] <b-sure> I see httpservletrequest.getRemoteUser is set when the requestattributefilter runs

[14:41:20 CDT(-0500)] <b-sure> ok thanks.

[14:42:35 CDT(-0500)] <b-sure> also, EricDalquist. When I was remote debugging the portal, I was noticing that the spring security filtering seemed to invalidate the session and after that the request.getRemoteUser was null.

[14:43:06 CDT(-0500)] <b-sure> like in the filterchain, it was passing through the LogoutFilter during the login.

[14:43:42 CDT(-0500)] <EricDalquist> looks like I may have missed one little section

[14:43:43 CDT(-0500)] <EricDalquist> https://gist.github.com/2408541

[14:43:54 CDT(-0500)] <EricDalquist> add that requireValidSession filter-mapping

[14:44:00 CDT(-0500)] <EricDalquist> after the requestAttributeSourcefilter in web.xml

[14:44:01 CDT(-0500)] <EricDalquist> yes it does

[14:44:14 CDT(-0500)] <EricDalquist> that is part of the standard spring-security filter set

[14:44:26 CDT(-0500)] <EricDalquist> but it doesn't actually do anything unless some specific rules are met'

[14:46:18 CDT(-0500)] <b-sure> ok EricDalquist. should I add those 2 filter mappings at the bottom of the filter mappings?

[14:46:29 CDT(-0500)] <EricDalquist> no

[14:46:38 CDT(-0500)] <EricDalquist> add the requireValidSession filter-mapping

[14:46:42 CDT(-0500)] <EricDalquist> after the requestAttributeSourcefilter in web.xml

[14:46:48 CDT(-0500)] <b-sure> ok.

[15:06:17 CDT(-0500)] <b-sure> ok EricDalquist. after adding the requireValidSessionFilter im still seeing the RemoteUserSecurityContext.java with null remoteUser http://pastebin.com/raw.php?i=WAGRZkh8

[15:06:33 CDT(-0500)] <EricDalquist> that is the only diff from master we have I think

[15:10:23 CDT(-0500)] <b-sure> ok. EricDalquist. hers another angle. here is the total set of files I've got customized from todays' master. http://pastebin.com/raw.php?i=6PFWuKNW .. do you think the PAGS or GroupServices cofig files would get in the way? Because of whats in the db, its hard for me to disable grouper without rebuilding the database.

[15:10:35 CDT(-0500)] <EricDalquist> nope

[15:10:49 CDT(-0500)] <b-sure> yeah i didn't think so either.

[15:10:49 CDT(-0500)] <EricDalquist> if you're debugging the place to look first is RemoteUserPersonManager

[15:10:54 CDT(-0500)] <EricDalquist> find the line where getRemoteUser is called

[15:11:09 CDT(-0500)] <EricDalquist> look at the HttpServletRequest object at that point

[15:11:15 CDT(-0500)] <EricDalquist> it is likely wrapped several times

[15:11:22 CDT(-0500)] <b-sure> ok

[15:11:26 CDT(-0500)] <EricDalquist> what could be useful is to "step into" the getRemoteUser() call

[15:11:30 CDT(-0500)] <EricDalquist> and follow that as far as you can

[15:11:34 CDT(-0500)] <b-sure> ok

[15:11:43 CDT(-0500)] <EricDalquist> see if some wrapper is returning null

[15:11:50 CDT(-0500)] <EricDalquist> instead of the REMOTE_USER http header

[15:15:08 CDT(-0500)] <athena> EricDalquist: any objection to me cutting a release of the maven-uportal-plugin?

[15:15:17 CDT(-0500)] <athena> made some updates for the deploy-war goal

[15:15:31 CDT(-0500)] <EricDalquist> nope

[15:22:51 CDT(-0500)] <b-sure> Hi EricDalquist. Looks like my portal doesn't make it to the RemoteUserPersonManager. the target for the login is https://ourPortal/Login

[15:23:21 CDT(-0500)] <EricDalquist> ah ... did you change the person manager you're using in userContext.xml?

[15:23:36 CDT(-0500)] <b-sure> I'm not sure.

[15:23:51 CDT(-0500)] <b-sure> I don't think thats on the list of files I modded today.

[15:23:56 CDT(-0500)] <b-sure> do I need to set something there?

[15:24:05 CDT(-0500)] <EricDalquist> yes, you need to switch to the remote user person manager

[15:24:14 CDT(-0500)] <b-sure> let me checky

[15:31:38 CDT(-0500)] <b-sure> allright. looks like that did the trick. thanks EricDalquist! now I think I can get back to finalizing the ECP mods we did for uMobile and get the pull request in hopefully this week.

[15:31:42 CDT(-0500)] <EricDalquist> yay!

[15:32:00 CDT(-0500)] <b-sure> yeah. I've been banging my head over this for a couple of weeks.

[15:47:21 CDT(-0500)] <b-sure> so. is setting the default theme for the portal a configuration property?

[15:47:44 CDT(-0500)] <b-sure> I blew away the default while importing data today.

[15:48:14 CDT(-0500)] <EricDalquist> it is in your theme's .stylesheet-descriptor.xml file

[15:49:21 CDT(-0500)] <b-sure> ok. I'll change it there and redo the import

[15:49:54 CDT(-0500)] <EricDalquist> yeah you can just reimport that one file

[16:01:48 CDT(-0500)] <b-sure> Thanks for all of your help today EricDalquist. it is much appreciated.

[16:01:55 CDT(-0500)] <EricDalquist> no problem (smile)