Announcement Announcement Module
Collapse
No announcement yet.
Why is my web project not going to CAS for login??? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Why is my web project not going to CAS for login???

    I am working on a web project with Spring secuity but I would like to know why I cant get it going to CAS for login.

    Here is my XML:
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <b:beans xmlns:b="http://www.springframework.org/schema/beans"
        xmlns="http://www.springframework.org/schema/security"
        xmlns:p="http://www.springframework.org/schema/p"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:context="http://www.springframework.org/schema/context"
        xmlns:util="http://www.springframework.org/schema/util"
        xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
            http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
            http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
            http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
    
        <http entry-point-ref="casEntryPoint" use-expressions="true">
            <intercept-url pattern="/" access="permitAll"/>
            
            <intercept-url pattern="/index.jsp" access="permitAll"/>
            <intercept-url pattern="/cas-logout.jsp" access="permitAll"/>
            <intercept-url pattern="/casfailed.jsp" access="permitAll"/>
    
            <intercept-url pattern="/requests/**" access="hasRole('ROLE_MEMBER_INQUIRY')" />
            <custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/>
            <custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
            <custom-filter ref="casFilter" position="CAS_FILTER" />
            
            <logout logout-success-url="/cas-logout.jsp"/>
        </http>
    
        <authentication-manager alias="authManager">
            <authentication-provider ref="casAuthProvider" />
        </authentication-manager>
    
        <user-service id="userService">
            <user name="rod" password="rod" authorities="ROLE_SUPERVISOR,ROLE_USER" />
            <user name="dianne" password="dianne" authorities="ROLE_USER" />
            <user name="scott" password="scott" authorities="ROLE_USER" />
        </user-service>
    
        <!-- This filter handles a Single Logout Request from the CAS Server -->
        <b:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
        <!-- This filter redirects to the CAS Server to signal Single Logout should be performed -->
        <b:bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"
            p:filterProcessesUrl="/j_spring_cas_security_logout">
            <b:constructor-arg value="https://${cas.server.host}/cas-server-webapp/logout"/>
            <b:constructor-arg>
                <b:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
            </b:constructor-arg>
        </b:bean>
    
        <b:bean id="serviceProperties"
            class="org.springframework.security.cas.ServiceProperties"
            p:service="https://${cas.service.host}/MemberInquiry/j_spring_cas_security_check"
            p:authenticateAllArtifacts="true"/>
            
        <b:bean id="casEntryPoint"
            class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"
            p:serviceProperties-ref="serviceProperties" p:loginUrl="https://${cas.server.host}/cas-server-webapp/login" />
            
        <b:bean id="casFilter"
            class="org.springframework.security.cas.web.CasAuthenticationFilter"
            p:authenticationManager-ref="authManager"
            p:serviceProperties-ref="serviceProperties"
            p:proxyGrantingTicketStorage-ref="pgtStorage"
            p:proxyReceptorUrl="/j_spring_cas_security_proxyreceptor">
            <b:property name="authenticationDetailsSource">
                <b:bean class="org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource"/>
            </b:property>
            <b:property name="authenticationFailureHandler">
                <b:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
                    p:defaultFailureUrl="/casfailed.jsp"/>
            </b:property>
        </b:bean>
        <!--
            NOTE: In a real application you should not use an in memory implementation. You will also want
                  to ensure to clean up expired tickets by calling ProxyGrantingTicketStorage.cleanup()
         -->
        <b:bean id="pgtStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl"/>
        <b:bean id="casAuthProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"
            p:serviceProperties-ref="serviceProperties"
            p:key="casAuthProviderKey">
            <b:property name="authenticationUserDetailsService">
                <b:bean
                    class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
                    <b:constructor-arg ref="userService" />
                </b:bean>
            </b:property>
            <b:property name="ticketValidator">
                <b:bean
                    class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator"
                    p:acceptAnyProxy="true"
                    p:proxyCallbackUrl="https://${cas.service.host}/MemberInquiry/j_spring_cas_security_proxyreceptor"
                    p:proxyGrantingTicketStorage-ref="pgtStorage">
                    <b:constructor-arg value="https://${cas.server.host}/cas-server-webapp" />
                </b:bean>
            </b:property>
            <b:property name="statelessTicketCache">
                <b:bean class="org.springframework.security.cas.authentication.EhCacheBasedTicketCache">
                    <b:property name="cache">
                        <b:bean class="net.sf.ehcache.Cache"
                          init-method="initialise"
                          destroy-method="dispose">
                            <b:constructor-arg value="casTickets"/>
                            <b:constructor-arg value="50"/>
                            <b:constructor-arg value="true"/>
                            <b:constructor-arg value="false"/>
                            <b:constructor-arg value="3600"/>
                            <b:constructor-arg value="900"/>
                        </b:bean>
                    </b:property>
                </b:bean>
            </b:property>
        </b:bean>
    
        <!-- Configuration for the environment can be overriden by system properties -->
        <context:property-placeholder system-properties-mode="OVERRIDE" properties-ref="environment"/>
        
        <util:properties id="environment">
            <b:prop key="cas.service.host">dvjvm11.uftwf.dev:8443</b:prop>
            <b:prop key="cas.server.host">dvjvm11.uftwf.dev:8443</b:prop>
        </util:properties>
        
    </b:beans>

  • #2
    Hi,

    You really seem to have troubles making your web application work with CAS as I already saw and replied to a thread started by you on CAS and Spring Security.

    Your XML configuration file looks correct and the casEntryPoint should redirect you to the CAS login page.
    Can you turn on DEBUG logs on org.springframework.security and org.jasig.cas packages and post the relevant logs ?
    Thanks.

    Best regards,
    Jérôme

    Comment


    • #3
      thanks but I fixed that issue but now Can I have a Spring 3 project that would use CAS for Authentication and LDAP for Authorities? My Spring project used to use LDAP for Authentication and Authorities but we are moving to CAS for Authentication and SSO but I dont see anyway to use LDAP for Authorities. Below is my XML file can someone help me out here.

      Comment


      • #4
        Hi,

        Good news!

        You can use CAS for authentication and in some way for authorities. During authentication process, CAS will ask your LDAP to check your login and password but it can also retrieve attributes from your LDAP. You should read this : https://wiki.jasig.org/display/CASUM/Attributes.

        Then you can push (LDAP) attributes stored in CAS to your application with SAML validation, i.e. through the Saml11TicketValidator class, I saw in your last XML configuration file that you use CAS proxy mode (Cas20ProxyTicketValidator class), I'm surprised, it's not the easiest concept to use in CAS and I don't see your need for that : nonetheless, in case of CAS proxy mode, you need some customization to push attributes stored in CAS to your application.

        In your application, you can handle authorities you received from CAS server by using the appropriate UserDetailsService (create roles) and the right security configuration (defines what roles can access to what urls). I think the GrantedAuthorityFromAssertionAttributesUserDetails Service class can totally meet your need : http://static.springsource.org/sprin...lsService.html.

        Best regards,
        Jérôme

        Comment


        • #5
          that was a sample xml file that someone helped with.. I really dont understand all of it but maybe you can show me how to get the LDAP stuff in it. do you have a example

          Comment


          • #6
            Hi,

            I already gave you a complete sample in another thread : http://forum.springsource.org/showth...AS-login/page2. You just have to change my CAS server and application urls by yours and use the GrantedAuthorityFromAssertionAttributesUserDetails Service class I talked in my previous post.

            I recommend you talk with your CAS administrator to get more information about how your CAS server is configured in your environment and how you can get your LDAP attributes.

            Best regards,
            Jérôme

            Comment


            • #7
              Closing to move discussion to single thread http://forum.springsource.org/showth...-and-CAS-login

              Comment

              Working...
              X