How to handle Authorization when Authentication is performed by CAS?

[thogau]

Hi,

I am trying to have spring security 3.0.5 to handle authorization in a set of web applications in a SSO.
Authentication is performed by CAS 3.4.8 using a JDBC AuthenticationHandler.

I see in the latest release that there is a spring-security-cas-client-3.0.5.RELEASE.jar that seems to build the userdetails directly from cas response and that is exactly what I would like to do.

Are there any samples applications or any tutorial using this jar? Can anybody point me to a good resource to figure out how to implement Authorization when authentication is done with CAS?

Thanks

[Rob Winch]

You should be able to use specify the CasAuthenticationProvider's authenticationUserDetailsService as a GrantedAuthorityFromAssertionAttributesUserDetails Service to resolve this. There is not an exact sample of this, but you should be able to figure it out using the CAS sample's in the CAS portion of the reference. You could also see the CAS Sample application for a full working example that would only need the CasAuthenticationProvider's authenticationUserDetailsService set.