cas, spring security, proxy authentication

[bolin]

Hello,

I am trying to set up a CAS client with spring security.

I can get the secured resource after login on cas, but I can't get a PT using the code below.

Code:

((CasAuthenticationToken) SecurityContextHolder.getContext().getAuthentication())
    .getAssertion().getPrincipal().getProxyTicketFor(targetService);

the return value is always null.

I use "http://localhost:8080/anotherTest/j_spring_cas_security_check" as the targetService, am I wrong?

or something else I missed in my config, any help will be appreciated.

Here are my config files:

web.xml:

Code:

<?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
        xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
        id="WebApp_ID" version="2.5"> 
        <display-name>test</display-name> 

        <context-param> 
                <param-name>contextConfigLocation</param-name> 
                <param-value> 
                        /WEB-INF/securityContext.xml 
                </param-value> 
        </context-param> 

         <filter> 
         <filter-name>springSecurityFilterChain</filter-name> 
         <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
         </filter> 

         <filter-mapping> 
         <filter-name>springSecurityFilterChain</filter-name> 
         <url-pattern>/*</url-pattern> 
         </filter-mapping> 

        <listener> 
                <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
        </listener> 

        <servlet> 
                <servlet-name>test</servlet-name> 
                <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
                <load-on-startup>2</load-on-startup> 
        </servlet> 

        <servlet-mapping> 
                <servlet-name>test</servlet-name> 
                <url-pattern>/*</url-pattern> 
        </servlet-mapping> 
</web-app>

securityContext.xml:

Code:

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        xmlns:p="http://www.springframework.org/schema/p" 
        xmlns:sec="http://www.springframework.org/schema/security" 
        xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd
                http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd"> 

        <sec:http entry-point-ref="casProcessingFilterEntryPoint"> 
    <sec:intercept-url pattern="/**" access="ROLE_USER" /> 
        <sec:custom-filter ref="casProcessingFilter" after="CAS_FILTER" /> 
    </sec:http> 
        
        <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties" 
                p:service="http://localhost:8080/test/j_spring_cas_security_check" 
                p:sendRenew="false" /> 
                
        <bean id="casProcessingFilterEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint" 
                p:loginUrl="http://localhost:8080/cas/login" 
                p:serviceProperties-ref="serviceProperties" /> 
      
        <bean id="casProcessingFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter" 
                p:authenticationManager-ref="casAuthenticationManager" 
                p:filterProcessesUrl="/j_spring_cas_security_check"> 
                <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" /> 
                <property name="proxyReceptorUrl" value="/secure/receptor" /> 
        </bean> 
                
        <sec:authentication-manager alias="casAuthenticationManager"> 
        <sec:authentication-provider ref="casAuthenticationProvider"  /> 
    </sec:authentication-manager> 

        <bean id="casAuthenticationProvider" 
                class="org.springframework.security.cas.authentication.CasAuthenticationProvider" 
                p:key="my_password_for_this_auth_provider_only" 
                p:serviceProperties-ref="serviceProperties" p:userDetailsService-ref="userDetailsService"> 
                <property name="ticketValidator"> 
                        <bean class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator"> 
                                <constructor-arg index="0" value="http://localhost:8080/cas" /> 
                                <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" /> 
                                <property name="proxyCallbackUrl" 
                                        value="http://localhost:8080/test/secure/receptor" /> 
                                <property name="proxyRetriever"> 
                                        <bean class="org.jasig.cas.client.proxy.Cas20ProxyRetriever"> 
                                                <constructor-arg index="0" value="http://localhost:8080/cas"></constructor-arg> 
                                        </bean> 
                                </property> 
                                <property name="acceptAnyProxy" value="true"></property> 
                        </bean> 
                </property> 
        </bean> 
        
        <bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" /> 
        
        <bean id="userDetailsService" 
                class="org.springframework.security.core.userdetails.memory.InMemoryDaoImpl"> 
                <property name="userProperties"> 
                        <props> 
                                <prop key="test">test, ROLE_USER, enabled</prop> 
                        </props> 
                </property> 
        </bean> 
</beans>