Announcement Announcement Module
Collapse
No announcement yet.
Contacts Sample for CAS in version 0.8.0? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Contacts Sample for CAS in version 0.8.0?

    Hey all,

    I've gotten the CAS version of contacts to work in the pervious versions, and I'm currently using it in all of my apps.

    However, with the changes in 0.8.0 I'm not clear on what is needed in the applicationContext, and what can be cleared out. Does anyone have the Contacts applicationContext.htm file for 0.8.0 using CAS?

    I'd really like to start using the ACL stuff, and the old CAS example isn't using any of it.

    Thanks,
    James

  • #2
    Well, if anyone is interested, here is my applicationContext-acegi-security.xml for version 0.8.0 Contacts using CAS...

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http&#58;//www.springframework.org/dtd/spring-beans.dtd">
    
    <!--
    	- Application context containing authentication, channel
    	- security and web URI beans.
    	-
    	- Only used by "filter" artifact.
    	-
    	- $Id&#58; applicationContext-acegi-security.xml,v 1.6 2005/03/01 02&#58;30&#58;37 benalex Exp $
    -->
    
    <beans>
    
    	<!-- ======================== FILTER CHAIN ======================= -->
    
    	<!--  if you wish to use channel security, add "channelProcessingFilter," in front
    		of "httpSessionContextIntegrationFilter" in the list below -->
    	<bean id="filterChainProxy"
    		class="net.sf.acegisecurity.util.FilterChainProxy">
    		<property name="filterInvocationDefinitionSource">
    			<value>
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				PATTERN_TYPE_APACHE_ANT
    				/**=httpSessionContextIntegrationFilter,casProcessingFilter,basicProcessingFilter,
                                   anonymousProcessingFilter,securityEnforcementFilter
    			</value>
    		</property>
    	</bean>
    
    	<!-- ====================CAS AUTHENTICATION ======================== -->
    
    	<bean id="serviceProperties"
    		class="net.sf.acegisecurity.ui.cas.ServiceProperties">
    		<property name="service">
    			<value>https&#58;//localhost&#58;8443/contacts/j_acegi_cas_security_check</value>
    		</property>
    		<property name="sendRenew">
    			<value>false</value>
    		</property>
    	</bean>
    	
    	<bean id="casAuthenticationProvider"
    		class="net.sf.acegisecurity.providers.cas.CasAuthenticationProvider">
    		<property name="casAuthoritiesPopulator">
    			<ref local="casAuthoritiesPopulator" />
    		</property>
    		<property name="casProxyDecider">
    			<ref local="casProxyDecider" />
    		</property>
    		<property name="ticketValidator">
    			<ref local="casProxyTicketValidator" />
    		</property>
    		<property name="statelessTicketCache">
    			<ref local="statelessTicketCache" />
    		</property>
    		<property name="key">
    			<value>my_password_for_this_auth_provider_only</value>
    		</property>
    	</bean>
    
    	<bean id="casProxyTicketValidator"
    		class="net.sf.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator">
    		<property name="casValidate">
    			<value>https&#58;//localhost&#58;8443/cas/proxyValidate</value>
    		</property>
    		<!--  <property name="proxyCallbackUrl">
    			<value>https&#58;//localhost&#58;8443/contacts-cas/casProxy/receptor</value>
    		</property> -->
    		<property name="serviceProperties">
    			<ref local="serviceProperties" />
    		</property>
    		<property name="trustStore"><value>&#91;enter your cacert location here&#93;</value></property>
    	</bean>
    
    	<bean id="cacheManager"
    		class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
    		<property name="configLocation">
    			<value>classpath&#58;/ehcache-failsafe.xml</value>
    		</property>
    	</bean>
    
    	<bean id="ticketCacheBackend"
    		class="org.springframework.cache.ehcache.EhCacheFactoryBean">
    		<property name="cacheManager">
    			<ref local="cacheManager" />
    		</property>
    		<property name="cacheName">
    			<value>ticketCache</value>
    		</property>
    	</bean>
    
    	<bean id="statelessTicketCache"
    		class="net.sf.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache">
    		<property name="cache">
    			<ref local="ticketCacheBackend" />
    		</property>
    	</bean>
    
    	<bean id="casAuthoritiesPopulator"
    		class="net.sf.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator">
    		<property name="authenticationDao">
    			<ref local="jdbcDaoImpl" />
    		</property>
    	</bean>
    
    	<bean id="casProxyDecider"
    		class="net.sf.acegisecurity.providers.cas.proxy.RejectProxyTickets" />
    
    	<!-- ================== ACEGI AUTHENTICATION ======================= -->
    
    	<bean id="authenticationManager"
    		class="net.sf.acegisecurity.providers.ProviderManager">
    		<property name="providers">
    			<list>
    				<ref local="casAuthenticationProvider" />
    			</list>
    		</property>
    	</bean>
    
    	<bean id="jdbcDaoImpl"
    		class="net.sf.acegisecurity.providers.dao.jdbc.JdbcDaoImpl">
    		<property name="dataSource">
    			<ref bean="dataSource" />
    		</property>
    	</bean>
    
    	
    	<!-- Automatically receives AuthenticationEvent messages from DaoAuthenticationProvider -->
    	<bean id="loggerListener"
    		class="net.sf.acegisecurity.providers.dao.event.LoggerListener" />
    
    	<bean id="basicProcessingFilter"
    		class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilter">
    		<property name="authenticationManager">
    			<ref local="authenticationManager" />
    		</property>
    		<property name="authenticationEntryPoint">
    			<ref local="basicProcessingFilterEntryPoint" />
    		</property>
    	</bean>
    
    	<bean id="basicProcessingFilterEntryPoint"
    		class="net.sf.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
    		<property name="realmName">
    			<value>Contacts Realm</value>
    		</property>
    	</bean>
    
    	<bean id="anonymousProcessingFilter"
    		class="net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
    		<property name="key">
    			<value>foobar</value>
    		</property>
    		<property name="userAttribute">
    			<value>anonymousUser,ROLE_ANONYMOUS</value>
    		</property>
    	</bean>
    
    	<bean id="anonymousAuthenticationProvider"
    		class="net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
    		<property name="key">
    			<value>foobar</value>
    		</property>
    	</bean>
    
    	<bean id="httpSessionContextIntegrationFilter"
    		class="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter">
    		<property name="context">
    			<value>net.sf.acegisecurity.context.security.SecureContextImpl</value>
    		</property>
    	</bean>
    
    	<bean id="rememberMeProcessingFilter"
    		class="net.sf.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
    		<property name="rememberMeServices">
    			<ref local="rememberMeServices" />
    		</property>
    	</bean>
    
    	<bean id="rememberMeServices"
    		class="net.sf.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
    		<property name="authenticationDao">
    			<ref local="jdbcDaoImpl" />
    		</property>
    		<property name="key">
    			<value>springRocks</value>
    		</property>
    	</bean>
    
    	<bean id="rememberMeAuthenticationProvider"
    		class="net.sf.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
    		<property name="key">
    			<value>springRocks</value>
    		</property>
    	</bean>
    
    	<!-- ===================== HTTP CHANNEL REQUIREMENTS ==================== -->
    
    	<!-- You will need to uncomment the "Acegi Channel Processing Filter"
    		<filter-mapping> in web.xml for the following beans to be used -->
    
    	<bean id="channelProcessingFilter"
    		class="net.sf.acegisecurity.securechannel.ChannelProcessingFilter">
    		<property name="channelDecisionManager">
    			<ref local="channelDecisionManager" />
    		</property>
    		<property name="filterInvocationDefinitionSource">
    			<value>
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				\A/secure/.*\Z=REQUIRES_SECURE_CHANNEL
    				\A/acegilogin.jsp.*\Z=REQUIRES_SECURE_CHANNEL
    				\A/j_acegi_security_check.*\Z=REQUIRES_SECURE_CHANNEL
    				\A.*\Z=REQUIRES_INSECURE_CHANNEL
    			</value>
    		</property>
    	</bean>
    
    	<bean id="channelDecisionManager"
    		class="net.sf.acegisecurity.securechannel.ChannelDecisionManagerImpl">
    		<property name="channelProcessors">
    			<list>
    				<ref local="secureChannelProcessor" />
    				<ref local="insecureChannelProcessor" />
    			</list>
    		</property>
    	</bean>
    
    	<bean id="secureChannelProcessor"
    		class="net.sf.acegisecurity.securechannel.SecureChannelProcessor" />
    	<bean id="insecureChannelProcessor"
    		class="net.sf.acegisecurity.securechannel.InsecureChannelProcessor" />
    
    	<!-- ===================CAS HTTP REQUEST SECURITY ==================== -->
    
    	<bean id="casProcessingFilter"
    		class="net.sf.acegisecurity.ui.cas.CasProcessingFilter">
    		<property name="authenticationManager">
    			<ref local="authenticationManager" />
    		</property>
    		<property name="authenticationFailureUrl">
    			<value>/casfailed.jsp</value>
    		</property>
    		<property name="defaultTargetUrl">
    			<value>/</value>
    		</property>
    		<property name="filterProcessesUrl">
    			<value>/j_acegi_cas_security_check</value>
    		</property>
    	</bean>
    
    	<bean id="securityEnforcementFilter"
    		class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
    		<property name="filterSecurityInterceptor">
    			<ref local="filterInvocationInterceptor" />
    		</property>
    		<property name="authenticationEntryPoint">
    			<ref local="casProcessingFilterEntryPoint" />
    		</property>
    	</bean>
    
    	<bean id="casProcessingFilterEntryPoint"
    		class="net.sf.acegisecurity.ui.cas.CasProcessingFilterEntryPoint">
    		<property name="loginUrl">
    			<value>https&#58;//localhost&#58;8443/cas/login</value>
    		</property>
    		<property name="serviceProperties">
    			<ref local="serviceProperties" />
    		</property>
    	</bean>
    
    
    	<!-- ================ ACEGI HTTP REQUEST SECURITY ==================== -->
    
    	<bean id="httpRequestAccessDecisionManager"
    		class="net.sf.acegisecurity.vote.AffirmativeBased">
    		<property name="allowIfAllAbstainDecisions">
    			<value>false</value>
    		</property>
    		<property name="decisionVoters">
    			<list>
    				<ref bean="roleVoter" />
    			</list>
    		</property>
    	</bean>
    
    	<!-- Note the order that entries are placed against the objectDefinitionSource is critical.
    		The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
    		Accordingly, you should place MOST SPECIFIC &#40;ie a/b/c/d.*&#41; expressions first, with LEAST SPECIFIC &#40;ie a/.*&#41; expressions last -->
    	<bean id="filterInvocationInterceptor"
    		class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
    		<property name="authenticationManager">
    			<ref bean="authenticationManager" />
    		</property>
    		<property name="accessDecisionManager">
    			<ref local="httpRequestAccessDecisionManager" />
    		</property>
    		<property name="objectDefinitionSource">
    			<value>
    				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    				PATTERN_TYPE_APACHE_ANT
    				/index.jsp=ROLE_ANONYMOUS,ROLE_USER
    				/hello.htm=ROLE_ANONYMOUS,ROLE_USER
    				/logoff.jsp=ROLE_ANONYMOUS,ROLE_USER
    				/acegilogin.jsp*=ROLE_ANONYMOUS,ROLE_USER /**=ROLE_USER
    			</value>
    		</property>
    	</bean>
    
    </beans>
    I hope it helps someone.

    Take care,
    James

    Comment

    Working...
    X