Announcement Announcement Module
Collapse
No announcement yet.
Spring Security 3 and CAS login Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security 3 and CAS login

    Spring Security 3 and CAS login.. I am moving Spring Web Project using LDAP Authentication and Authorities to Spring and CAS. once I updated my XML file everything stopped. can someone help me.


    XML File:
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:security="http://www.springframework.org/schema/security"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans
                http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                http://www.springframework.org/schema/security
                http://www.springframework.org/schema/security/spring-security-3.1.xsd">
    
    	<security:http entry-point-ref="casProcessingFilterEntryPoint">
    
    		<security:intercept-url pattern="/index.jsp"
    			access="ROLE_ANONYMOUS, ROLE_MEMBER" requires-channel="http" />
    		<security:intercept-url pattern="/"
    			access="ROLE_ANONYMOUS, ROLE_MEMBER" requires-channel="http" />
    
    		<!-- finally a default catch-all. cannot set requires-channel on this because 
    			it breaks CAS logout -->
    		<security:intercept-url pattern="/**" access="ROLE_MEMBER" />
    
    		<security:anonymous />
    
    		<security:logout invalidate-session="true" logout-url="/logout"
    			logout-success-url="/cas/logout" />
    
    		<security:custom-filter ref="casAuthenticationFilter"
    			after="PRE_AUTH_FILTER" />
    
    		<security:custom-filter ref="casSingleSignOutFilter"
    			after="LOGOUT_FILTER" />
    
    		<security:session-management>
    			<security:concurrency-control
    				max-sessions="1" expired-url="/logout" />
    		</security:session-management>
    
    	</security:http>
    
    	<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
    		<property name="service"
    			value="https://dvjvm11.uftwf.dev:8443/cas-server-webapp/j_spring_cas_security_check" />
    		<property name="sendRenew" value="false" />
    	</bean>
    
    	<security:authentication-manager alias="authenticationManager">
    		<security:authentication-provider
    			ref="casAuthenticationProvider" />
    	</security:authentication-manager>
    
    	<bean id="casSingleSignOutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter">
    	</bean>
    
    	<bean id="casAuthenticationFilter"
    		class="org.springframework.security.cas.web.CasAuthenticationFilter">
    		<property name="authenticationManager" ref="authenticationManager" />
    		<property name="authenticationFailureHandler">
    			<bean
    				class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
    				<property name="defaultFailureUrl" value="/casfailed.jsp" />
    			</bean>
    		</property>
    		<property name="authenticationSuccessHandler">
    			<bean
    				class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
    				<property name="defaultTargetUrl" value="/" />
    			</bean>
    		</property>
    	</bean>
    
    	<bean id="casProcessingFilterEntryPoint"
    		class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
    		<property name="loginUrl"
    			value="https://dvjvm11.uftwf.dev:8443/cas-server-webapp/login" />
    		<property name="serviceProperties" ref="serviceProperties" />
    	</bean>
    
    	<bean id="casAuthenticationProvider"
    		class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
    		<property name="userDetailsService" ref="userCredentialsMutatorDao" />
    		<property name="serviceProperties" ref="serviceProperties" />
    		<property name="ticketValidator">
    			<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
    				<constructor-arg index="0"
    					value="https://dvjvm11.uftwf.dev:8443/cas-server-webapp" />
    				<property name="proxyCallbackUrl" value="https://localhost:8443/secure/receptor" />
    				<property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
    			</bean>
    		</property>
    		<property name="key" value="an_id_for_this_auth_provider_only" />
    	</bean>
    
    	<bean id="proxyGrantingTicketStorage"
    		class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />
    
    </beans>
    Here is the Error:
    Code:
    2012-06-19 15:20:15,943 [main] ERROR org.springframework.web.context.ContextLoader - Context initialization failed
    org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#0' while setting bean property 'sourceList' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#0': Cannot resolve reference to bean 'casAuthenticationFilter'

  • #2
    Please post the full stacktrace as there might be a problem deeper down...

    Comment


    • #3
      its to big

      Comment


      • #4
        Put it in a text file and attach it... The snippet isn't telling us everything.

        Comment


        • #5
          it would NOT let me attach it so I put it in google docs.

          https://docs.google.com/document/d/1...o71RmoGg8/edit

          Comment


          • #6
            I asked the stack trace not the full log. However if you take a closer look at the stack trace you will notice that there is a problem in constructing the 'casAuthenticationProvider' as it refers to a bean named 'userCredentialsMutatorDao' which doesn't exists.

            Code:
            Error creating bean with name 'casAuthenticationProvider' defined in ServletContext resource [/WEB-INF/CAS-DEV.xml]: Cannot resolve reference to bean 'userCredentialsMutatorDao' while setting bean property 'userDetailsService'; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'userCredentialsMutatorDao' is defined

            Comment


            • #7
              Originally posted by JohnTheDroider View Post
              it would NOT let me attach it so I put it in google docs.

              https://docs.google.com/document/d/1...o71RmoGg8/edit
              Google docs seems to work poorly for this. After spending 5 minutes trying to copy and paste the relevent portion and being denied I'm giving up. That said, the answer to your question is in the nested exception of what you initially pasted. The portion with userCredentialsMutatorDAO.

              Comment


              • #8
                ok thanks but now I am really lost.. here is what I am trying to do.. I had a Spring Web Project using Spring Security and LDAP and everything was working great. Then I try to replace LDAP with CAS and started to have so many issues so someone give me the above XML file but it does not work... can someone point me to a LDAP to CAS for dummy guide or just be willing to help me

                Comment


                • #9
                  Hi,

                  To use CAS, you need to configure your application to authenticate against the CAS server and the CAS server to authenticate against the LDAP.
                  You have a clear documentations for both purposes at : http://static.springsource.org/sprin...rence/cas.html and https://wiki.jasig.org/display/CASUM/LDAP.

                  In your XML configuration, I see strange things :
                  <property name="proxyCallbackUrl" value="https://localhost:8443/secure/receptor" />
                  <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
                  and :
                  <bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTic ketStorageImpl" />

                  I'm pretty sure you don't need this as you certainly don't want to use CAS in proxy mode.

                  Regarding your stacktrace, you don't have the userCredentialsMutatorDao bean that's why it fails as it was previously pointed out.
                  You need to create a userDetailsService bean.

                  Best regards,
                  Jérôme

                  Comment


                  • #10
                    Would it be to much to ask for someone to review the following XML and insert the XML

                    Would it be to much to ask for someone to review the following XML and insert the XML the is need it for CAS..

                    Code:
                    <?xml version="1.0" encoding="UTF-8"?>
                    <beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
                    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jdbc="http://www.springframework.org/schema/jdbc"
                    	xmlns:jee="http://www.springframework.org/schema/jee"
                    
                    	xsi:schemaLocation="http://www.springframework.org/schema/beans
                               http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                    	       http://www.springframework.org/schema/jdbc
                    		   http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
                    	       http://www.springframework.org/schema/security
                    	       http://www.springframework.org/schema/security/spring-security-3.1.xsd
                    	       http://www.springframework.org/schema/jee 
                    	       http://www.springframework.org/schema/jee/spring-jee-3.1.xsd
                    	       "
                    	xmlns="http://www.springframework.org/schema/security">
                    
                    	<http auto-config="true" use-expressions="true">
                    
                    		<intercept-url access="hasRole('ROLE_MEMBER_INQUIRY')"
                    			pattern="/requests/**" />
                    
                    		<form-login default-target-url="/requests/add.html" />
                    
                    	</http>
                    
                    	<authentication-manager>
                    
                    		<ldap-authentication-provider
                    			user-search-base="ou=webusers" user-search-filter="(uid={0})">
                    
                    			<password-compare>
                    
                    				<password-encoder ref="passwordEncoder">
                    				</password-encoder>
                    			</password-compare>
                    		</ldap-authentication-provider>
                    	</authentication-manager>
                    
                    	<beans:bean id="passwordEncoder"
                    		class="org.springframework.security.authentication.encoding.Md5PasswordEncoder">
                    	</beans:bean>
                    
                    	<beans:bean id="contextSource"
                    		class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
                    
                    		<beans:constructor-arg
                    			value="ldaps://dvldap01.uftwf.dev:636/dc=uftwf,dc=dev" />
                    
                    		<beans:property name="userDn" value="cn=Manager,dc=uftwf,dc=dev" />
                    
                    		<beans:property name="password" value="uftwf" />
                    	</beans:bean>
                    
                    	<beans:bean id="ldapAuthProvider"
                    		class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
                    
                    		<beans:constructor-arg>
                    
                    			<beans:bean
                    				class="org.springframework.security.ldap.authentication.BindAuthenticator">
                    				<beans:constructor-arg ref="contextSource" />
                    				<beans:property name="userDnPatterns">
                    					<beans:list>
                    						<beans:value>
                    							uid={0},ou=webusers
                    						</beans:value>
                    					</beans:list>
                    				</beans:property>
                    			</beans:bean>
                    		</beans:constructor-arg>
                    		<beans:constructor-arg>
                    			<beans:bean
                    				class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
                    				<beans:constructor-arg ref="contextSource" />
                    				<beans:constructor-arg value="ou=groups" />
                    				<beans:property name="groupRoleAttribute" value="ou" />
                    			</beans:bean>
                    		</beans:constructor-arg>
                    	</beans:bean>
                    	<ldap-server url="ldaps://dvldap01.uftwf.dev:636/dc=uftwf,dc=dev" />
                    	<beans:bean id="propertyConfigurer"
                    		class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
                    		<beans:property name="location" value="classpath:jdbc.properties2" />
                    	</beans:bean>
                    
                    	<beans:bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
                    		<beans:property name="driverClassName" value="${database.driver}" />
                    		<beans:property name="url" value="${database.url}" />
                    		<beans:property name="username" value="${database.user}" />
                    		<beans:property name="password" value="${database.password}" />
                    		<beans:property name="initialSize" value="5" />
                    		<beans:property name="maxActive" value="10" />
                    	</beans:bean>
                    
                    </beans:beans>

                    Comment


                    • #11
                      Hi,

                      The first XML file of this thread looks good.
                      Remove :
                      <property name="proxyCallbackUrl" value="https://localhost:8443/secure/receptor" />
                      <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
                      <bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTic ketStorageImpl" />

                      1. What is your CAS server url ?

                      2. What is your context application ?

                      3. What behaviour do you expect from your userDetailsService bean ?
                      I don't know Spring LDAP configuration in Spring Security but I imagine by reading the DefaultLdapAuthoritiesPopulator javadoc that you want to populate your authenticated user with its roles. Correct ?

                      4. Do you have to configure a CAS server also or is it already configured ? If so, how ?

                      Best regards,
                      Jérôme

                      Comment


                      • #12
                        CAS Please help

                        Thanks jleleu


                        1. What is your CAS server url ?
                        https://dvjvm11.uftwf.dev:8443/cas-server-webapp/


                        2. What is your context application ?
                        http://localhost:8080/Members/

                        3. What behaviour do you expect from your userDetailsService bean ?
                        I dont know if I need this bean

                        I don't know Spring LDAP configuration in Spring Security but I imagine by reading the DefaultLdapAuthoritiesPopulator javadoc that you want to populate your authenticated user with its roles. Correct ?

                        4. Do you have to configure a CAS server also or is it already configured ? If so, how ?
                        yes it is setup and running


                        Here is the XML as it is now... maybe you can show me what to change..

                        Code:
                        <?xml version="1.0" encoding="UTF-8"?>
                         
                        <beans xmlns="http://www.springframework.org/schema/beans"
                            xmlns:sec="http://www.springframework.org/schema/security"
                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                            xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                                                http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
                         
                            <bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
                                <sec:filter-chain-map path-type="ant">
                                    <sec:filter-chain pattern="/" filters="casValidationFilter, wrappingFilter" />
                                    <sec:filter-chain pattern="/secure/receptor" filters="casValidationFilter" />
                                    <sec:filter-chain pattern="/j_spring_security_logout" filters="logoutFilter,etf,fsi" />
                                    <sec:filter-chain pattern="/**" filters="casAuthenticationFilter, casValidationFilter, wrappingFilter, sif,j2eePreAuthFilter,logoutFilter,etf,fsi"/>
                                </sec:filter-chain-map>
                            </bean>
                         
                            <bean id="sif" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
                         
                         
                            <sec:authentication-manager alias="authenticationManager">
                                <sec:authentication-provider ref="preAuthAuthProvider"/>
                            </sec:authentication-manager>
                         
                             <bean id="preAuthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
                                <property name="preAuthenticatedUserDetailsService">
                                    <bean id="userDetailsServiceWrapper" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
                                        <property name="userDetailsService" ref="userService"/>
                                    </bean>
                                </property>
                            </bean>
                         
                            <bean id="preAuthEntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />
                         
                            <bean id="j2eePreAuthFilter" class="org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">
                                <property name="authenticationManager" ref="authenticationManager"/>
                                <property name="authenticationDetailsSource">
                                    <bean class="org.springframework.security.web.authentication.WebAuthenticationDetailsSource" />
                                </property>
                            </bean>
                         
                            <bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
                                <constructor-arg value="/"/>
                                <constructor-arg>
                                    <list>
                                        <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
                                    </list>
                                </constructor-arg>
                            </bean>
                         
                            <bean id="servletContext" class="org.springframework.web.context.support.ServletContextFactoryBean"/>
                         
                            <bean id="etf" class="org.springframework.security.web.access.ExceptionTranslationFilter">
                                <property name="authenticationEntryPoint" ref="preAuthEntryPoint"/>
                            </bean>
                         
                            <bean id="httpRequestAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
                                <property name="allowIfAllAbstainDecisions" value="false"/>
                                <property name="decisionVoters">
                                    <list>
                                        <ref bean="roleVoter"/>
                                    </list>
                                </property>
                            </bean>
                         
                           <bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
                                <property name="authenticationManager" ref="authenticationManager"/>
                                <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
                                <property name="securityMetadataSource">
                                    <sec:filter-invocation-definition-source>
                                        <sec:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
                                        <sec:intercept-url pattern="/secure/**" access="ROLE_USER"/>
                                        <sec:intercept-url pattern="/**" access="ROLE_USER"/>
                                    </sec:filter-invocation-definition-source>
                                </property>
                            </bean>
                         
                            <bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter"/>
                         
                            <bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter"/>
                             
                            <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator" id="ticketValidator">
                                <constructor-arg index="0" value="https://dvjvm11.uftwf.dev:8443/cas-server-webapp" />
                                <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
                                <property name="proxyCallbackUrl" value="https://localhost:8443/cas-sample/secure/receptor" />
                            </bean>
                         
                            <bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />
                         
                            <sec:user-service id="userService">
                                <sec:user name="rod" password="rod" authorities="ROLE_SUPERVISOR,ROLE_USER" />
                                <sec:user name="dianne" password="dianne" authorities="ROLE_USER" />
                                <sec:user name="scott" password="scott" authorities="ROLE_USER" />
                            </sec:user-service>
                         
                            <bean id="casAuthenticationFilter" class="org.jasig.cas.client.authentication.AuthenticationFilter">
                                <property name="casServerLoginUrl" value="https://dvjvm11.uftwf.dev:8443/cas-server-webapp/login" />
                                <property name="serverName" value="https://dvjvm11.uftwf.dev:8443" />
                            </bean>
                         
                            <bean id="casValidationFilter" class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter">
                                <property name="serverName" value="https://dvjvm11.uftwf.dev:8443" />
                                <property name="exceptionOnValidationFailure" value="true" />
                                <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
                                <property name="redirectAfterValidation" value="true" />
                                <property name="ticketValidator" ref="ticketValidator" />
                                <property name="proxyReceptorUrl" value="/secure/receptor" />
                            </bean>
                         
                            <bean id="wrappingFilter" class="org.jasig.cas.client.util.HttpServletRequestWrapperFilter" />

                        Comment


                        • #13
                          Hi,

                          I'm a bit lost, this new XML file looks like very different from the first one. It seems that you try to handle CAS protocol by hands, it looks very complicated.

                          Regarding questions I asked :
                          1. the CAS server url is defined in two places :
                          - in entry point for the loginUrl property
                          - as first argument in the ticket validator (CAS or SAML)
                          2. your context application is used in serviceProperties bean for the service property
                          3. You might not need the userDetailsService bean but it's part of the CAS configuration to define one so you need to know what you want to do
                          4. Good news

                          Here is a sample from a private demo I have. http://localhost:8080/cas/login is the url of the CAS server and http://localhost:8080/app is the url of my web application which I want to protect with CAS.

                          Code:
                          <beans xmlns:sec="http://www.springframework.org/schema/security" xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                              xsi:schemaLocation="http://www.springframework.org/schema/beans
                                     http://www.springframework.org/schem...-beans-3.0.xsd
                                     http://www.springframework.org/schema/security
                                     http://www.springframework.org/schema/security/spring-security-3.1.xsd">
                          
                              <sec:http entry-point-ref="casEntryPoint">
                                  <sec:intercept-url pattern="/sso/**" access="IS_AUTHENTICATED_FULLY" />
                                  <sec:intercept-url pattern="/rme/**" access="IS_AUTHENTICATED_REMEMBERED" />
                                  <sec:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
                                  <sec:logout />
                                  <sec:custom-filter position="CAS_FILTER" ref="casFilter" />
                              </sec:http>
                          
                              <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
                                  <property name="service" value="http://localhost:8080/app/j_spring_cas_security_check" />
                                  <property name="sendRenew" value="false" />
                              </bean>
                          
                              <bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
                                  <property name="authenticationManager" ref="authenticationManager" />
                              </bean>
                          
                              <bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
                                  <property name="loginUrl" value="http://localhost:8080/cas/login" />
                                  <property name="serviceProperties" ref="serviceProperties" />
                              </bean>
                          
                              <sec:authentication-manager alias="authenticationManager">
                                  <sec:authentication-provider ref="casAuthenticationProvider" />
                              </sec:authentication-manager>
                          
                              <bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
                                  <property name="authenticationUserDetailsService" ref="casUserDetailsService" />
                                  <property name="serviceProperties" ref="serviceProperties" />
                                  <property name="ticketValidator">
                                      <bean class="org.jasig.cas.client.validation.Saml11TicketValidator">
                                          <constructor-arg index="0" value="http://localhost:8080/cas" />
                                      </bean>
                                  </property>
                                  <property name="key" value="an_id_for_this_auth_provider_only" />
                              </bean>
                          
                              <bean id="casUserDetailsService" class="com.github.leleuj.ss.cas.userdetails.DefaultRoleUserDetailsService" />
                          </beans>
                          The casUserDetailsService bean is a class which defines a default role for every authenticated user. Here is the code :

                          Code:
                          public class DefaultRoleUserDetailsService extends AbstractCasAssertionUserDetailsService {
                              
                              private static final SimpleGrantedAuthority ROLE_USER = new SimpleGrantedAuthority("ROLE_USER");
                              
                              @Override
                              protected UserDetails loadUserDetails(Assertion assertion) {
                                  final List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
                                  grantedAuthorities.add(ROLE_USER);
                                  return new User(assertion.getPrincipal().getName(), "NO_PASSWORD", true, true, true, true, grantedAuthorities);
                              }
                          }
                          I use SAML validation (i.e. I use the Saml11TicketValidator class instead of the Cas20ServiceTicketValidator class) as I want to receive attributes in CAS response.

                          Hope things are getting clearer to you.

                          Best regards,
                          Jérôme

                          Comment


                          • #14
                            I am trying to find out how to use Spring-LDAP and just use the LDAP roles

                            Comment


                            • #15
                              Changes did not working

                              I try to update my XML file to have the changes you posted and everything stopped working.. here is my XML file

                              Code:
                              <?xml version="1.0" encoding="UTF-8"?>
                              <b:beans xmlns:b="http://www.springframework.org/schema/beans"
                              	xmlns="http://www.springframework.org/schema/security" xmlns:p="http://www.springframework.org/schema/p"
                              	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
                              	xmlns:util="http://www.springframework.org/schema/util"
                              	xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
                                      http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                                      http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
                                      http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
                              
                              	<http entry-point-ref="casEntryPoint" use-expressions="true">
                              		<intercept-url pattern="/" access="permitAll" />
                              
                              		<intercept-url pattern="/index.jsp" access="permitAll" />
                              		<intercept-url pattern="/cas-logout.jsp" access="permitAll" />
                              		<intercept-url pattern="/casfailed.jsp" access="permitAll" />
                              
                              		<intercept-url pattern="/secure/**" access="hasRole('ROLE_USER')" />
                              		<intercept-url pattern="/requests/**" access="hasRole('ROLE_MEMBER_INQUIRY')" />
                              
                              		<custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />
                              		<custom-filter ref="singleLogoutFilter" before="CAS_FILTER" />
                              		<custom-filter ref="casFilter" position="CAS_FILTER" />
                              
                              
                              		<logout logout-success-url="/cas-logout.jsp" />
                              	</http>
                              
                              	<authentication-manager alias="authManager">
                              		<authentication-provider ref="casAuthProvider" />
                              	</authentication-manager>
                              
                              	<!--  <user-service id="userService">
                              		<user name="rod" password="rod" authorities="ROLE_SUPERVISOR,ROLE_USER" />
                              		<user name="[email protected]" password="testing"
                              			authorities="ROLE_MEMBER_INQUIRY" />
                              	</user-service> -->
                               
                              	<!-- This filter handles a Single Logout Request from the CAS Server -->
                              	<b:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" />
                              	<!-- This filter redirects to the CAS Server to signal Single Logout should 
                              		be performed -->
                              	<b:bean id="requestSingleLogoutFilter"
                              		class="org.springframework.security.web.authentication.logout.LogoutFilter"
                              		p:filterProcessesUrl="/j_spring_cas_security_logout">
                              		<b:constructor-arg
                              			value="https://${cas.server.host}/cas-server-webapp/logout" />
                              		<b:constructor-arg>
                              			<b:bean
                              				class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
                              		</b:constructor-arg>
                              	</b:bean>
                              
                              	<b:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"
                              		p:service="https://${cas.service.host}/MemberInquiry/j_spring_cas_security_check"
                              		p:authenticateAllArtifacts="true" />
                              
                              	<b:bean id="casEntryPoint"
                              		class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"
                              		p:serviceProperties-ref="serviceProperties"
                              		p:loginUrl="https://${cas.server.host}/cas-server-webapp/login" />
                              
                              	<b:bean id="casFilter"
                              		class="org.springframework.security.cas.web.CasAuthenticationFilter"
                              		p:authenticationManager-ref="authManager" p:serviceProperties-ref="serviceProperties"
                              		p:proxyGrantingTicketStorage-ref="pgtStorage"
                              		p:proxyReceptorUrl="/j_spring_cas_security_proxyreceptor">
                              		<b:property name="authenticationDetailsSource">
                              			<b:bean
                              				class="org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource" />
                              		</b:property>
                              
                              		<b:property name="authenticationFailureHandler">
                              			<b:bean
                              				class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
                              				p:defaultFailureUrl="/casfailed.jsp" />
                              		</b:property>
                              
                              
                              		<b:property name="authenticationSuccessHandler">
                              			<b:bean
                              				class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"
                              				p:defaultTargetUrl="/requests/add.html" />
                              		</b:property>
                              	</b:bean>
                              	<!-- NOTE: In a real application you should not use an in memory implementation. 
                              		You will also want to ensure to clean up expired tickets by calling ProxyGrantingTicketStorage.cleanup() -->
                              	<b:bean id="pgtStorage"
                              		class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />
                              		
                              		
                              	<!-- <b:bean id="casAuthProvider"
                              		class="org.springframework.security.cas.authentication.CasAuthenticationProvider"
                              		p:serviceProperties-ref="serviceProperties">
                              		<b:property name="authenticationUserDetailsService" ref="casUserDetailsService" />
                              		<b:property name="ticketValidator">
                              			<b:bean class="org.jasig.cas.client.validation.Saml11TicketValidator"
                              				<b:constructor-arg value="https://${cas.server.host}/cas-server-webapp" />
                              			</b:bean>
                              			
                              		</b:property>
                              		
                              	</b:bean> -->
                              
                              	<b:bean id="casAuthProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
                                      <b:property name="authenticationUserDetailsService" ref="casUserDetailsService" />
                                      <b:property name="serviceProperties" ref="serviceProperties" />
                                      <b:property name="ticketValidator">
                                          <b:bean class="org.jasig.cas.client.validation.Saml11TicketValidator">
                                              <b:constructor-arg index="0" value="http://localhost:8080/cas" />
                                          </b:bean>
                                      </b:property>
                                      <b:property name="key" value="0001" />
                                  </b:bean>
                                  
                                      <b:bean id="casUserDetailsService" class="org.wftwf.cas.userdetails.DefaultRoleUserDetailsService" />
                                  
                              	<!-- Configuration for the environment can be overriden by system properties -->
                              	<context:property-placeholder
                              		system-properties-mode="OVERRIDE" properties-ref="environment" />
                              
                              	<util:properties id="environment">
                              		<b:prop key="cas.service.host">wcmisdlin07.uftmasterad.org:8443</b:prop>
                              		<b:prop key="cas.server.host">wcmisdlin07.uftmasterad.org:8443</b:prop>
                              	</util:properties>
                              	</b:beans>
                              below is the error I am getting now
                              [CODE]

                              2012-06-26 09:02:26,432 [main] ERROR org.springframework.web.context.ContextLoader - Context initialization failed
                              org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityF ilterChain#0' while setting bean property 'sourceList' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'org.springframework.security.web.DefaultSecurityF ilterChain#0': Cannot resolve reference to bean 'casFilter' while setting constructor argument with key [4]; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'casFilter' defined in ServletContext resource [/WEB-INF/security-CAS.xml]: Cannot resolve reference to bean 'authManager' while setting bean property 'authenticationManager'; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'org.springframework.security.authenticationManage r': Cannot resolve reference to bean 'casAuthProvider' while setting constructor argument with key [0]; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name 'casAuthProvider' defined in ServletContext resource [/WEB-INF/security-CAS.xml]: Cannot resolve reference to bean 'casUserDetailsService' while setting bean property 'authenticationUserDetailsService'; nested exception is org.springframework.beans.factory.CannotLoadBeanCl assException: Cannot find class [org.uftwf.cas.userdetails.DefaultRoleUserDetailsSe rvice] for bean with name 'casUserDetailsService' defined in ServletContext resource [/WEB-INF/security-CAS.xml]; nested exception is java.lang.ClassNotFoundException: org.uftwf.cas.userdetails.DefaultRoleUserDetailsSe rvice

                              Comment

                              Working...
                              X