Announcement Announcement Module
Collapse
No announcement yet.
Spring Security With CAS Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security With CAS

    Hello Freinds,

    I have problem when trying to integrate my 2 spring security application with CAS.

    security xml for 1st application is below :
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!--
      - Application context containing authentication, channel
      - security and web URI beans.
      -
      - Only used by "filter" artifact.
      -
      -->
    
    <b:beans xmlns="http://www.springframework.org/schema/security"
        xmlns:b="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                            http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
    
        <global-method-security pre-post-annotations="enabled">
            <expression-handler ref="expressionHandler"/>
        </global-method-security>
    
        <http realm="Contacts App" entry-point-ref="casAuthEntryPoint">
            <intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
            <intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
            <intercept-url pattern="/hello.htm" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
            <intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
            <intercept-url pattern="/switchuser.jsp" access="ROLE_SUPERVISOR"/>
            <intercept-url pattern="/j_spring_security_switch_user" access="ROLE_SUPERVISOR"/>
            <intercept-url pattern="/**" access="ROLE_USER"/>
    
            <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1"/>
            <http-basic/>
            <logout logout-success-url="/index.jsp"/>
            <remember-me />
            <custom-filter ref="switchUserProcessingFilter" position="SWITCH_USER_FILTER"/>
             <custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></custom-filter>
        </http>
        <b:bean id="casAuthEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
            <b:property name="loginUrl" value="http://localhost:8080/cas-server-webapp-3.4.3.1"/>
            <b:property name="serviceProperties" ref="serviceProperties"/>
        </b:bean>
        <b:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
            <b:property name="service" value="http://localhost:8080/SpringSecurityContact304/j_spring_cas_security_check"/>
        <b:property name="sendRenew" value="false"></b:property>
        </b:bean>
        <b:bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
            <b:property name="authenticationManager" ref="authenticationManager"/>
        </b:bean>
        <authentication-manager alias="authenticationManager">
            <authentication-provider ref="casAuthenticationProvider">
           <!--   <password-encoder hash="md5"/>
               <jdbc-user-service data-source-ref="dataSource"/>  -->
            </authentication-provider>
        </authentication-manager>
       <b:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
             <b:property name="ticketValidator" ref="casTicketValidator" /> 
            <b:property name="serviceProperties" ref="serviceProperties" />
            <b:property name="key" value="cas" /> 
            <b:property name="userDetailsService" ref="userService" /> 
      </b:bean>
      <jdbc-user-service data-source-ref="dataSource" id="userService"/>
    
      <b:bean id="casTicketValidator" class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
         <b:constructor-arg value="http://localhost:8080/cas-server-webapp-3.4.3.1/" /> 
      </b:bean>
    
        <!-- Automatically receives AuthenticationEvent messages -->
        <b:bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener"/>
    
        <!-- Filter used to switch the user context. Note: the switch and exit url must be secured
            based on the role granted the ability to 'switch' to another user -->
        <!-- In this example 'rod' has ROLE_SUPERVISOR that can switch to regular ROLE_USER(s) -->
        <b:bean id="switchUserProcessingFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter" autowire="byType">
           <b:property name="targetUrl" value="/secure/index.htm"/>
        </b:bean>
    
        <b:bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
            <b:property name="permissionEvaluator" ref="permissionEvaluator"/>
        </b:bean>
    
        <b:bean id="permissionEvaluator" class="org.springframework.security.acls.AclPermissionEvaluator">
            <b:constructor-arg ref="aclService"/>
        </b:bean>
    </b:beans>
    and for 2nd application :
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xmlns:beans="http://www.springframework.org/schema/beans"
    	xsi:schemaLocation="
    		http://www.springframework.org/schema/beans 
    		http://www.springframework.org/schema/beans/spring-beans.xsd
    		http://www.springframework.org/schema/security 
    		http://www.springframework.org/schema/security/spring-security-3.0.xsd
    	">
    	<!-- Ch 3 Start -->
    	<http auto-config="true" use-expressions="true" entry-point-ref="casAuthEntryPoint">
    		<intercept-url pattern="/login.do" access="permitAll"/>
    		<intercept-url pattern="/*" access="hasRole('ROLE_USER')"/>
    		<form-login login-page="/login.do"/>
    		<custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></custom-filter>
    	</http>
    	<beans:bean id="casAuthEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
            <beans:property name="loginUrl" value="http://localhost:8080/cas-server-webapp-3.4.3.1"/>
            <beans:property name="serviceProperties" ref="serviceProperties"/>
        </beans:bean>
        <beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
            <beans:property name="service" value="http://localhost:8080/JBCP3/j_spring_cas_security_check"/>
        <beans:property name="sendRenew" value="false"></beans:property>
        </beans:bean>
        <beans:bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
            <beans:property name="authenticationManager" ref="authenticationManager"/>
        </beans:bean>
        <authentication-manager alias="authenticationManager">
            <authentication-provider ref="casAuthenticationProvider">
           <!--   <password-encoder hash="md5"/>
               <jdbc-user-service data-source-ref="dataSource"/>  -->
            </authentication-provider>
        </authentication-manager>
        <beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
             <beans:property name="ticketValidator" ref="casTicketValidator" /> 
            <beans:property name="serviceProperties" ref="serviceProperties" />
            <beans:property name="key" value="cas" /> 
            <beans:property name="userDetailsService" ref="userService" /> 
      </beans:bean>
      <beans:bean id="casTicketValidator" class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
         <beans:constructor-arg value="http://localhost:8080/cas-server-webapp-3.4.3.1/" /> 
      </beans:bean>
    	
    	
    			<user-service id="userService">
    				<user authorities="ROLE_USER,ROLE_SUPERVISOR" name="rod" password="rod"/>
    			</user-service>
    		
    </beans:beans>
    Now when i am trying to login to 1st application it redirect me to cas login page and works fine but when i need to access to 2nd application it still redirect me to CAS login page which is not correct rather it have to redirect me to 2nd application's resources (i.e users dash board/secured resources).

    May be I forget something in configuration.[]
    Anybody know about these type of issues..help me out.

    thanks

  • #2
    Hello friends,

    After going through the application logs i found that my both application only checks for authentication entry point and redirect to CAS login page means that my CAS_FILTER is no coming in picture during process of URL authentication.

    I don't know what's the reason behind this.

    If anybody knows about it plz reply.

    thank you

    Comment


    • #3
      I'm not sure I understand your scenario. Can you try posting the results of the URLs requested and explain what you are doing throughout. Using a plugin like Firefox's Tamper Data will ensure that you do not miss URLs that are automatically being redirected to.

      Comment


      • #4
        Dear rwinch,

        Thank you for giving time to read my issue.After giving giving time to stud CAS in depth i found that to use only "http://" service urls for authenticate through CAS we need to write in our CAS server app:
        Code:
         cookieSecure="false"
        in
        Code:
         ticketGrantingTicketCookieGenerator.xml
        as default it is true.

        After putting this my all application are running.

        thank u again []

        Comment

        Working...
        X