Announcement Announcement Module
Collapse
No announcement yet.
Spring project using CAS for Authentication and LDAP for Authorities Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring project using CAS for Authentication and LDAP for Authorities

    Can I have a Spring 3 project that would use CAS for Authentication and LDAP for Authorities? My Spring project used to use LDAP for Authentication and Authorities but we are moving to CAS for Authentication and SSO but I dont see anyway to use LDAP for Authorities. Below is my XML file can someone help me out here.

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <b:beans xmlns:b="http://www.springframework.org/schema/beans"
    	xmlns="http://www.springframework.org/schema/security" xmlns:p="http://www.springframework.org/schema/p"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
    	xmlns:util="http://www.springframework.org/schema/util"
    	xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
            http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
            http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
            http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
    
    	<http entry-point-ref="casEntryPoint" use-expressions="true">
    		<intercept-url pattern="/" access="permitAll" />
    
    		<intercept-url pattern="/index.jsp" access="permitAll" />
    		<intercept-url pattern="/cas-logout.jsp" access="permitAll" />
    		<intercept-url pattern="/casfailed.jsp" access="permitAll" />
    
    		<intercept-url pattern="/secure/**" access="hasRole('ROLE_USER')" />
    		<intercept-url pattern="/requests/**" access="hasRole('ROLE_MEMBER_INQUIRY')" />
    
    		<custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />
    		<custom-filter ref="singleLogoutFilter" before="CAS_FILTER" />
    		<custom-filter ref="casFilter" position="CAS_FILTER" />
    
    
    		<logout logout-success-url="/cas-logout.jsp" />
    	</http>
    
    	<authentication-manager alias="authManager">
    		<authentication-provider ref="casAuthProvider" />
    	</authentication-manager>
    
    	 <user-service id="userService">
    		<user name="rod" password="rod" authorities="ROLE_SUPERVISOR,ROLE_USER" />
    		<user name="[email protected]" password="testing"
    			authorities="ROLE_MEMBER_INQUIRY" />
    	</user-service>
     
    	<!-- This filter handles a Single Logout Request from the CAS Server -->
    	<b:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" />
    	<!-- This filter redirects to the CAS Server to signal Single Logout should 
    		be performed -->
    	<b:bean id="requestSingleLogoutFilter"
    		class="org.springframework.security.web.authentication.logout.LogoutFilter"
    		p:filterProcessesUrl="/j_spring_cas_security_logout">
    		<b:constructor-arg
    			value="https://${cas.server.host}/cas-server-webapp/logout" />
    		<b:constructor-arg>
    			<b:bean
    				class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
    		</b:constructor-arg>
    	</b:bean>
    
    	<b:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"
    		p:service="https://${cas.service.host}/MemberInquiry/j_spring_cas_security_check"
    		p:authenticateAllArtifacts="true" />
    
    	<b:bean id="casEntryPoint"
    		class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"
    		p:serviceProperties-ref="serviceProperties"
    		p:loginUrl="https://${cas.server.host}/cas-server-webapp/login" />
    
    	<b:bean id="casFilter"
    		class="org.springframework.security.cas.web.CasAuthenticationFilter"
    		p:authenticationManager-ref="authManager" p:serviceProperties-ref="serviceProperties"
    		p:proxyGrantingTicketStorage-ref="pgtStorage"
    		p:proxyReceptorUrl="/j_spring_cas_security_proxyreceptor">
    		<b:property name="authenticationDetailsSource">
    			<b:bean
    				class="org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource" />
    		</b:property>
    
    		<b:property name="authenticationFailureHandler">
    			<b:bean
    				class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
    				p:defaultFailureUrl="/casfailed.jsp" />
    		</b:property>
    
    
    		<b:property name="authenticationSuccessHandler">
    			<b:bean
    				class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"
    				p:defaultTargetUrl="/requests/add.html" />
    		</b:property>
    	</b:bean>
    	<!-- NOTE: In a real application you should not use an in memory implementation. 
    		You will also want to ensure to clean up expired tickets by calling ProxyGrantingTicketStorage.cleanup() -->
    	<b:bean id="pgtStorage"
    		class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />
    	<b:bean id="casAuthProvider"
    		class="org.springframework.security.cas.authentication.CasAuthenticationProvider"
    		p:serviceProperties-ref="serviceProperties" p:key="casAuthProviderKey">
    		<b:property name="authenticationUserDetailsService">
    			<b:bean
    				class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
    				<b:constructor-arg ref="userService" />
    			</b:bean>
    		</b:property>
    		<b:property name="ticketValidator">
    			<b:bean class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator"
    				p:acceptAnyProxy="true"
    				p:proxyCallbackUrl="https://${cas.service.host}/MemberInquiry/j_spring_cas_security_proxyreceptor"
    				p:proxyGrantingTicketStorage-ref="pgtStorage">
    				<b:constructor-arg value="https://${cas.server.host}/cas-server-webapp" />
    			</b:bean>
    		</b:property>
    		<b:property name="statelessTicketCache">
    			<b:bean
    				class="org.springframework.security.cas.authentication.EhCacheBasedTicketCache">
    				<b:property name="cache">
    					<b:bean class="net.sf.ehcache.Cache" init-method="initialise"
    						destroy-method="dispose">
    						<b:constructor-arg value="casTickets" />
    						<b:constructor-arg value="50" />
    						<b:constructor-arg value="true" />
    						<b:constructor-arg value="false" />
    						<b:constructor-arg value="3600" />
    						<b:constructor-arg value="900" />
    					</b:bean>
    				</b:property>
    			</b:bean>
    		</b:property>
    	</b:bean>
    
    	<!-- Configuration for the environment can be overriden by system properties -->
    	<context:property-placeholder
    		system-properties-mode="OVERRIDE" properties-ref="environment" />
    
    	<util:properties id="environment">
    		<b:prop key="cas.service.host">wcmisdlin07.uftmasterad.org:8443</b:prop>
    		<b:prop key="cas.server.host">wcmisdlin07.uftmasterad.org:8443</b:prop>
    	</util:properties>
    	
    	
    	
    
    
    </b:beans>

  • #2
    Please do not submit the same question multiple times.

    Comment


    • #3
      Closing to move discussion to single thread http://forum.springsource.org/showth...-and-CAS-login

      Comment

      Working...
      X