Announcement Announcement Module
Collapse
No announcement yet.
Spring Security 3 + CAS 3.3.5- redirect to home page after CAS authentication Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security 3 + CAS 3.3.5- redirect to home page after CAS authentication

    Hi All,

    i am integrating CAS (central authentication service -SSO ) with my spring security web application.

    Guest user can visit some of resouces of application and secure resource can be access by logged-in user only.

    all secure resources can be access by /*.do pattern and non-secure by /*.html.

    When user click on login link on home it will be redirected to CAS login page where user enter credentials and after
    successful authentication redirect to my application home page.

    on home i have header and body page.on header after loggedin it shows logout link and still application's login page displayed to user.
    and that is not desire.

    my application-context.security configuration as defined below.

    Code:
    <security:http entry-point-ref="casEntryPoint" auto-config="true">
    		<security:intercept-url pattern="/home" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER" />
    		<security:intercept-url pattern="/login" access="ROLE_USER" />
    		<security:intercept-url pattern="/*.do" access="ROLE_USER" />
         	<security:intercept-url pattern="/*.html" access="IS_AUTHENTICATED_ANONYMOUSLY" />
         	<security:intercept-url pattern="/*.view" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER" />
         	<security:intercept-url pattern="/*.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER" />
    
         	<security:intercept-url pattern="/*/*/*.do" access="ROLE_USER" />
    		<security:intercept-url pattern="/*/*/*/*/*/*.do" access="ROLE_USER" />
    		<security:intercept-url pattern="/**" access="ROLE_USER" />
    
    		<security:custom-filter position="CAS_FILTER" ref="casFilter" />
    		 <security:custom-filter  before="LOGOUT_FILTER" ref="requestSingleLogoutFilter"/>
    		<security:custom-filter before="CAS_FILTER" ref="casSingleSignOutFilter" />
    		<security:custom-filter before="FORM_LOGIN_FILTER" ref="facebookAuthenticationFilter" />
    		 <security:logout logout-success-url="http://localhost:8080/cas-server-webapp-3.3.5/logout?service=http://localhost:8080/Venice/home.html?actionFlag=showHome" invalidate-session="false"/>
    	</security:http>
    
    	<bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
    		<property name="authenticationManager" ref="authenticationManager"/>
    
    	</bean>
    
    	<bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
    		<property name="loginUrl" value="http://localhost:8080/cas-server-webapp-3.3.5/login?service=http://localhost:8080/Venice/home"/>
    	    <property name="serviceProperties" ref="serviceProperties"/>
    	</bean>
    
    	<bean id="userDetailsService" class="com.nihilent.venice.web.security.authenticationProvider.UserDetailServiceImpl">
    		<property name="loginService" ref="loginService" />
        </bean>
    
    	<security:authentication-manager alias="authenticationManager">
    		<security:authentication-provider ref="casAuthenticationProvider" />
    		<security:authentication-provider ref="authenticationProviderFacebook" />
    	</security:authentication-manager>
    	
    
    	<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
    		<property name="authenticationUserDetailsService">
    			<bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
    				<constructor-arg ref="userDetailsService" />
    			</bean>
    		</property>
    		<property name="serviceProperties" ref="serviceProperties" />
    		<property name="ticketValidator">
    		  <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
    			<constructor-arg index="0" value="http://localhost:8080/cas-server-webapp-3.3.5" />
    		  </bean>
    		</property>
    		<property name="key" value="cas"/>
    	 </bean>
    
    	
    	 <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
        		<property name="service" value="http://localhost:8080/Venice/j_spring_cas_security_check"/>
    	      <property name="sendRenew" value="false"/>
      	</bean>
    
    	<bean id="facebookAuthenticationFilter" class="com.nihilent.venice.web.security.filter.VeniceFacebookAuthenticationFilter">
    		<property name="authenticationManager" ref="authenticationManager" />
    		<property name="authenticationSuccessHandler" ref="facebookAuthenticationSuccessHandler" />
    		<property name="authenticationFailureHandler" ref="authenticationFailureHandler"></property>
    	</bean>
    	
    	<bean id="authenticationProviderFacebook" class="com.nihilent.venice.web.security.authenticationProvider.FacebookAuthenticationProvider">
    		<property name="roles" value="ROLE_FACEBOOK_USER" />
    	</bean>
    	
    	<bean id="facebookAuthenticationSuccessHandler" class="com.nihilent.venice.web.security.handlers.VeniceFacebookAuthenticationSuccessHandler">
    		<property name="registrationService" ref="facebookRegistrationService" />
    		<property name="facebookHelper" ref="facebookHelper" />
    	</bean>
    	
    	<bean id="facebookHelper" class="com.nihilent.venice.web.util.impl.FacebookHelperImpl" />
    	
    	<bean id="authenticationFailureHandler" class="com.nihilent.venice.web.security.handlers.VeniceAuthenticationFailureHandler" />
    
    	<bean id="casSingleSignOutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter">        
        </bean>
    
    	<bean id="requestSingleLogoutFilter"
            class="org.springframework.security.web.authentication.logout.LogoutFilter">
        <constructor-arg value="http://localhost:8080/cas-server-webapp-3.3.5/logout"/>
        <constructor-arg>
          <bean class=
              "org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
        </constructor-arg>
        <property name="filterProcessesUrl" value="http://localhost:8080/Venice/j_spring_cas_security_logout"/>
      </bean>
    Any quick hint will be greatly appreciated.

    Thanks and Regards,
    Rohit kotecha

  • #2
    Hi,

    It might be me, but your problem is not clear to me.
    That said, I found your security:http definition very strange : you could use ** instead of */*/*...
    Best regards,
    Jérôme

    Comment


    • #3
      Hi Jerome,

      I am integration CAS(SSO) with Spring security web application.
      I am facing one issue in it.

      when user hit our web application we are displaying home page to the user.this home page url is /home.
      on home page there is login link and other feature which can be access by guest user.(without logged-in).

      when user is already logged-in into some other application say App1 which also use CAS.
      and in other tab in same browser if user hit our web application say App2 we are displaying same home page to
      other which can be access by guest user but with logged-in status and welcome message for user.

      in our application non-secure resource's pattern will be *.html and secure resource's pattern is *.do.

      my spring security configurtaion is as below.

      <security:http entry-point-ref="casEntryPoint" auto-config="true">
      <security:intercept-url pattern="/home" access="IS_AUTHENTICATED_ANONYMOUSLY" />
      <security:intercept-url pattern="/login.html" access="ROLE_USER" />

      <security:intercept-url pattern="/*.html" access="IS_AUTHENTICATED_ANONYMOUSLY" />
      <security:intercept-url pattern="/*.do" access="ROLE_USER" />
      <security:intercept-url pattern="/*.view" access="IS_AUTHENTICATED_ANONYMOUSLY" />
      <security:intercept-url pattern="/*.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />

      <security:custom-filter position="CAS_FILTER" ref="casFilter" />
      <security:custom-filter before="LOGOUT_FILTER" ref="requestSingleLogoutFilter"/>
      <security:custom-filter before="CAS_FILTER" ref="casSingleSignOutFilter" />
      <security:logout logout-success-url="${cas.server.url}/logout?service=${application.service.url}/home" invalidate-session="false"/>
      </security:http>

      If user is already logged-in in application App1 and visit application App2 in other tab, controll will go to
      /home url and as there is no role require for it, controll is not going to CAS filter and home page is display to
      the user with not sign in status and that is not desire.

      Also we have implmemented url rewriting using tuckey filter.

      Configuration of filter in web.xml.

      <filter>
      <filter-name>springSecurityFilterChain</filter-name>
      <filter-class>
      org.springframework.web.filter.DelegatingFilterPro xy
      </filter-class>
      </filter>



      <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
      <dispatcher>REQUEST</dispatcher>
      <dispatcher>FORWARD</dispatcher>
      <dispatcher>INCLUDE</dispatcher>
      <dispatcher>ERROR</dispatcher>
      </filter-mapping>

      <!-- <filter-mapping>-->
      <!-- <filter-name>springSecurityFilterChain</filter-name>-->
      <!-- <url-pattern>/j_spring_security_check</url-pattern>-->
      <!-- <dispatcher>FORWARD</dispatcher>-->
      <!-- </filter-mapping>-->


      <!-- UrlRewriteFilter -->
      <filter>
      <filter-name>UrlRewriteFilter</filter-name>
      <filter-class>
      org.tuckey.web.filters.urlrewrite.UrlRewriteFilter
      </filter-class>
      <!-- Provide all extentions in lowercase -->
      <init-param>
      <param-name>logLevel</param-name>
      <param-value>ERROR</param-value>
      </init-param>
      <init-param>
      <param-name>statusEnabled</param-name>
      <param-value>true</param-value>
      </init-param>

      </filter>

      <!-- UrlRewriteFilter Mapping -->
      <filter-mapping>
      <filter-name>UrlRewriteFilter</filter-name>
      <url-pattern>/*</url-pattern>
      <dispatcher>REQUEST</dispatcher>
      <dispatcher>FORWARD</dispatcher>

      </filter-mapping>



      Home page should be displayed to the user with loggedin status.
      So how to achieve this?

      In both application individually login and logout working fine.

      Any help will be greatly appreciated.

      Thanks and Regards,
      Rohit Kotecha

      Comment


      • #4
        Rohit,

        How did you get around this issue? I'm facing exactly the same problem.

        Comment

        Working...
        X