Announcement Announcement Module
Collapse
No announcement yet.
CAS proxy -spring security issue Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • CAS proxy -spring security issue

    I have got 2 web applications secured by the spring security .
    Both of them are casified .

    When I try to access the secured resource under Webapp1,it is redirecting me correctly to Cas login page and finally to the secured resource.
    My problem starts now.
    From the secured resource under Webapp1 ,I have to access a secured resource under Webapp2.For this I have set up the the proxycallback url.
    i think I have done this set up correctly as I can see PGT tickets being loggedin the logs.

    But still I get the login page as response from the request to secured resource under Webapp2

    My security.xml is as below:

    Code:
     <security:http entry-point-ref="casProcessingFilterEntryPoint">
            <security:intercept-url pattern="/**" access="ROLE_USER" />
            <security:intercept-url pattern="/am/rest/accessDenied"
                filters="none" />
            <security:logout logout-url="/logout"
                logout-success-url="https://w02222/logoutSuccess" />
        </security:http>
        
        <bean id="pgtStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl"/>
    
        <security:authentication-manager alias="casAuthenticationManager" />
    
        <bean id="casSingleSignOutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter">
            <security:custom-filter before="CAS_PROCESSING_FILTER" />
        </bean>
    
        <bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties"
            p:service="https://w02222/webapp1/j_spring_cas_security_check"
            p:sendRenew="false" />
    
        <bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter"
            p:authenticationManager-ref="casAuthenticationManager"
            p:authenticationFailureUrl="/authorizationFailure.jsp"
            p:alwaysUseDefaultTargetUrl="false" p:filterProcessesUrl="/j_spring_cas_security_check"
            p:defaultTargetUrl="/">
             <property name="proxyGrantingTicketStorage" ref="pgtStorage"/>
        <property name="proxyReceptorUrl" value="/j_spring_cas_security_proxyreceptor"/>
            <security:custom-filter after="CAS_PROCESSING_FILTER" />
        </bean>
    
        <bean id="casProcessingFilterEntryPoint"
            class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint"
            p:loginUrl="https://w02222/cas/login"
            p:serviceProperties-ref="serviceProperties" />
    
    	<bean id="casAuthenticationProvider"
    		class="org.springframework.security.providers.cas.CasAuthenticationProvider"
    		p:key="my_password_for_this_auth_provider_only"
    		p:serviceProperties-ref="serviceProperties" p:userDetailsService-ref="userDetailsService">
    		<security:custom-authentication-provider />
    		<property name="ticketValidator">
    			<bean class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator">
    				<constructor-arg index="0"
    					value="https://w02222/cas" />
    
    				<property name="proxyCallbackUrl"
    					value="https://w02222/webapp1/j_spring_cas_security_proxyreceptor" />
    				<property name="proxyGrantingTicketStorage" ref="pgtStorage" />
    			</bean>
    		</property>
    
    	</bean>
    My calling code is as below:
    Code:
     
    
      String ticket = ((CasAuthenticationToken)SecurityContextHolder.getContext().getAuthentication()).getAssertion().
            getPrincipal().getProxyTicketFor("https://w02222/webapp2/am/rest/users/");	
    		String targetUrl="https://w02222/webapp2/am/rest/users/";
    		final String serviceUrl = targetUrl+"?ticket="+URLEncoder.encode(ticket, "UTF-8");
    	    String proxyResponse = CommonUtils.getResponseFromServer(serviceUrl, "UTF-8");
    Proxyresponse I am getting in the above page is the html code for the login page.

    Related Log piece is asbelow if it is of any help:

    Code:
    2012-07-23 13:59:50,680 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] Attempting to retrieve ticket [TGT-35-f2CgnH04IMTmIPeg69dDkL0WzGw5B9iuwSzGOn1PpPGC0ehUdR-cas]
    2012-07-23 13:59:50,680 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] Ticket [TGT-35-f2CgnH04IMTmIPeg69dDkL0WzGw5B9iuwSzGOn1PpPGC0ehUdR-cas] found in registry.
    2012-07-23 13:59:50,680 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] Added ticket [ST-63-QwUvMscLdBF2eIukGRtb-cas] to registry.
    2012-07-23 13:59:50,680 INFO  [org.jasig.cas.CentralAuthenticationServiceImpl] Granted service ticket [ST-63-QwUvMscLdBF2eIukGRtb-cas] for service [https://w02222/webapp2/am/rest/users/] for user [https://w02222/webapp1/j_spring_cas_security_proxyreceptor]
    2012-07-23 13:59:50,729 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] Action 'InitialFlowSetupAction' beginning execution
    2012-07-23 13:59:55,012 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] Extractor generated service for: https://w02222/webapp2/j_spring_cas_security_check
    2012-07-23 13:59:55,012 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] Placing service in FlowScope: https://w02222/webapp2/j_spring_cas_security_check
    2012-07-23 13:59:55,795 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] Action 'InitialFlowSetupAction' completed execution; result is 'success'
    2012-07-23 13:59:55,796 DEBUG [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] Action 'X509CertificateCredentialsNonInteractiveAction' beginning execution
    
    2012-07-23 14:18:29,820 DEBUG [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] Certificates not found in request.
    2012-07-23 14:18:29,820 DEBUG [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] ==================== IN DO EXECUTE ==================
    2012-07-23 14:18:29,821 INFO  [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] === NO Credentials present AbstractNonInteractiveCredentialsAction
    2012-07-23 14:18:29,821 DEBUG [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] Action 'X509CertificateCredentialsNonInteractiveAction' completed execution; result is 'error'
    2012-07-23 14:18:29,821 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] Action 'AuthenticationViaFormAction' beginning execution
    2012-07-23 14:18:29,823 INFO  [org.jasig.cas.web.flow.AuthenticationViaFormAction] SET LANGUAGES -----
    2012-07-23 14:18:29,823 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] Executing setupForm
    2012-07-23 14:18:29,824 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] Creating new form object with name 'credentials'
    2012-07-23 14:18:29,824 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials]
    2012-07-23 14:18:29,824 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials'
    2012-07-23 14:18:29,824 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] Creating new form errors for object with name 'credentials'
    2012-07-23 14:18:29,825 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] No property editor registrar set, no custom editors to register
    2012-07-23 14:18:29,825 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] Putting form errors instance in scope Flash
    2012-07-23 14:18:29,825 DEBUG [
    Can anyone please let me if I have missed any configuration here or done anything wrong here.

  • #2
    Ensure you are using Spring Security 3.1.x and try reading the CAS reference. Note there is a working sample application included in the distribution.

    Comment


    • #3
      Thanks for replying.
      I have build my proxyurl sample from the reference whose link you have provided but we have been using 2.0.4.
      I will give it a try with 3.X version.

      Comment


      • #4
        Please ensure to use Spring Security 3.1.x not 3.0.x (proxy support was not added until 3.1.x)

        Comment


        • #5
          Hi Rob,

          When I upgraded to 3.1.1.RELEASE for spring-security-core & cas and after doing some changes,I am getting below exception at line mentioned in the code tags.
          cannot access org.springframework.security.providers.AbstractAut henticationToken
          class file for org.springframework.security.providers.AbstractAut henticationToken not found
          Code:
               String ticket = ((CasAuthenticationToken)SecurityContextHolder.getContext().getAuthentication()).getAssertion().
          .
          Last edited by Rippon; Jul 24th, 2012, 06:47 AM.

          Comment


          • #6
            Got past that issue..I needed to refractor some of the package names while migrating from 2.0.4 to 3.1.1.release.
            Last edited by Rippon; Jul 24th, 2012, 07:28 AM.

            Comment

            Working...
            X