Announcement Announcement Module
Collapse
No announcement yet.
Spring Security 3 + CAS 3.3.5- CAS filter configuration for home page Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security 3 + CAS 3.3.5- CAS filter configuration for home page

    Hi All,

    I am integration CAS(SSO) with Spring security web application.
    I am facing one issue in it.

    when user hit our web application we are displaying home page to the user.this home page url is /home.
    on home page there is login link and other feature which can be access by guest user.(without logged-in).

    when user is already logged-in into some other application say App1 which also use CAS.
    and in other tab in same browser if user hit our web application say App2 we are displaying same home page to
    other which can be access by guest user but with logged-in status and welcome message for user.

    in our application non-secure resource's pattern will be *.html and secure resource's pattern is *.do.

    my spring security configurtaion is as below.

    Code:
    <security:http entry-point-ref="casEntryPoint" auto-config="true">
    		<security:intercept-url pattern="/home" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    		<security:intercept-url pattern="/login.html" access="ROLE_USER" />
    
    		<security:intercept-url pattern="/*.html" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    		<security:intercept-url pattern="/*.do" access="ROLE_USER" />
    		<security:intercept-url pattern="/*.view" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    		<security:intercept-url pattern="/*.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    
    		<security:custom-filter position="CAS_FILTER" ref="casFilter" />
    		 <security:custom-filter  before="LOGOUT_FILTER" ref="requestSingleLogoutFilter"/>
    		<security:custom-filter before="CAS_FILTER" ref="casSingleSignOutFilter" />
    		 <security:logout logout-success-url="${cas.server.url}/logout?service=${application.service.url}/home" invalidate-session="false"/>
    </security:http>
    If user is already logged-in in application App1 and visit application App2 in other tab, controll will go to
    /home url and as there is no role require for it, controll is not going to CAS filter and home page is display to
    the user with not sign in status and that is not desire.

    Also we have implmemented url rewriting using tuckey filter.

    Configuration of filter in web.xml.
    Code:
    <filter>
    		<filter-name>springSecurityFilterChain</filter-name>
    		<filter-class>
    			org.springframework.web.filter.DelegatingFilterProxy
    		</filter-class>
    	</filter>
    	
    	
    	
    	<filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
    		<url-pattern>/*</url-pattern>
    		<dispatcher>REQUEST</dispatcher>
    		<dispatcher>FORWARD</dispatcher>
    		<dispatcher>INCLUDE</dispatcher>
    		<dispatcher>ERROR</dispatcher>
    	</filter-mapping>
        
    <!--    <filter-mapping>-->
    <!--        <filter-name>springSecurityFilterChain</filter-name>-->
    <!--		<url-pattern>/j_spring_security_check</url-pattern>-->
    <!--		<dispatcher>FORWARD</dispatcher>-->
    <!--	</filter-mapping>-->
        
    	
    <!-- UrlRewriteFilter -->
        <filter>
            <filter-name>UrlRewriteFilter</filter-name>
            <filter-class>
                org.tuckey.web.filters.urlrewrite.UrlRewriteFilter
            </filter-class>
             <!-- Provide all extentions in lowercase -->
            <init-param>
               <param-name>logLevel</param-name>
               <param-value>ERROR</param-value>
    	    </init-param>
           <init-param>
            	<param-name>statusEnabled</param-name>
                <param-value>true</param-value>
           </init-param>
    	      
        </filter>
        
    	 <!-- UrlRewriteFilter Mapping -->
        <filter-mapping>
               <filter-name>UrlRewriteFilter</filter-name>
               <url-pattern>/*</url-pattern>
               <dispatcher>REQUEST</dispatcher>
    			<dispatcher>FORWARD</dispatcher>
    			
        </filter-mapping>


    Home page should be displayed to the user with loggedin status.
    So how to achieve this?

    In both application individually login and logout working fine.

    Any help will be greatly appreciated.

    Thanks and Regards,
    Rohit Kotecha
Working...
X