Merge pull request #114 from Unicon/proxying-log-warn

Added additional logs to proxy validation

cas-client-core/src/main/java/org/jasig/cas/client/validation/Cas20ProxyTicketValidator.java

@@ -18,6 +18,7 @@
  */
 package org.jasig.cas.client.validation;
 
+import java.util.Arrays;
 import java.util.List;
 import org.jasig.cas.client.util.XmlUtils;
 
@@ -53,8 +54,22 @@ public class Cas20ProxyTicketValidator extends Cas20ServiceTicketValidator {
             throws TicketValidationException {
         final List<String> proxies = XmlUtils.getTextForElements(response, "proxy");
 
+        if (proxies == null) {
+            throw new InvalidProxyChainTicketValidationException(
+                    "Invalid proxy chain: No proxy could be retrieved from response. "
+                    + "This indicates a problem with CAS validation. Review logs/configuration to find the root cause."
+            );
+        }
         // this means there was nothing in the proxy chain, which is okay
-        if ((this.allowEmptyProxyChain && proxies.isEmpty()) || this.acceptAnyProxy) {
+        if ((this.allowEmptyProxyChain && proxies.isEmpty())) {
+            logger.debug("Found an empty proxy chain, permitted by client configuration");
+            return;
+        }
+
+        if (this.acceptAnyProxy) {
+            logger.debug("Client configuration accepts any proxy. "
+                    + "It is generally dangerous to use a non-proxied CAS filter "
+                    + "specially for protecting resources that require proxy access.");
             return;
         }
 
@@ -63,6 +78,10 @@ public class Cas20ProxyTicketValidator extends Cas20ServiceTicketValidator {
             return;
         }
 
+        logger.warn("Proxies received from the CAS validation response are {}. "
+                + "However, none are allowed by allowed proxy chain of the client which is {}",
+                Arrays.toString(proxiedList), this.allowedProxyChains);
+
         throw new InvalidProxyChainTicketValidationException("Invalid proxy chain: " + proxies.toString());
     }
 

cas-client-core/src/main/java/org/jasig/cas/client/validation/Cas30ProxyTicketValidator.java

@@ -26,7 +26,7 @@ package org.jasig.cas.client.validation;
  */
 public class Cas30ProxyTicketValidator extends Cas20ProxyTicketValidator {
 
-    public Cas30ProxyTicketValidator(String casServerUrlPrefix) {
+    public Cas30ProxyTicketValidator(final String casServerUrlPrefix) {
         super(casServerUrlPrefix);
     }
     

cas-client-core/src/main/java/org/jasig/cas/client/validation/ProxyList.java

@@ -43,7 +43,7 @@ public final class ProxyList {
         this(new ArrayList<String[]>());
     }
 
-    public boolean contains(String[] proxiedList) {
+    public boolean contains(final String[] proxiedList) {
         for (final String[] list : this.proxyChains) {
             if (Arrays.equals(proxiedList, list)) {
                 return true;