Results 1 to 3 of 3

Thread: Spring project using CAS for Authentication and LDAP for Authorities

  1. Jun 25th, 2012, 01:09 PM #1
    JohnTheDroider
    JohnTheDroider is offline Senior Member
    Join Date
    Mar 2011
    Posts
    166

    Default Spring project using CAS for Authentication and LDAP for Authorities

    Can I have a Spring 3 project that would use CAS for Authentication and LDAP for Authorities? My Spring project used to use LDAP for Authentication and Authorities but we are moving to CAS for Authentication and SSO but I dont see anyway to use LDAP for Authorities. Below is my XML file can someone help me out here.

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
	xmlns="http://www.springframework.org/schema/security" xmlns:p="http://www.springframework.org/schema/p"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
	xmlns:util="http://www.springframework.org/schema/util"
	xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">

	<http entry-point-ref="casEntryPoint" use-expressions="true">
		<intercept-url pattern="/" access="permitAll" />

		<intercept-url pattern="/index.jsp" access="permitAll" />
		<intercept-url pattern="/cas-logout.jsp" access="permitAll" />
		<intercept-url pattern="/casfailed.jsp" access="permitAll" />

		<intercept-url pattern="/secure/**" access="hasRole('ROLE_USER')" />
		<intercept-url pattern="/requests/**" access="hasRole('ROLE_MEMBER_INQUIRY')" />

		<custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />
		<custom-filter ref="singleLogoutFilter" before="CAS_FILTER" />
		<custom-filter ref="casFilter" position="CAS_FILTER" />


		<logout logout-success-url="/cas-logout.jsp" />
	</http>

	<authentication-manager alias="authManager">
		<authentication-provider ref="casAuthProvider" />
	</authentication-manager>

	 <user-service id="userService">
		<user name="rod" password="rod" authorities="ROLE_SUPERVISOR,ROLE_USER" />
		<user name="cpilling04@aol.com.dev" password="testing"
			authorities="ROLE_MEMBER_INQUIRY" />
	</user-service>
 
	<!-- This filter handles a Single Logout Request from the CAS Server -->
	<b:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" />
	<!-- This filter redirects to the CAS Server to signal Single Logout should 
		be performed -->
	<b:bean id="requestSingleLogoutFilter"
		class="org.springframework.security.web.authentication.logout.LogoutFilter"
		p:filterProcessesUrl="/j_spring_cas_security_logout">
		<b:constructor-arg
			value="https://${cas.server.host}/cas-server-webapp/logout" />
		<b:constructor-arg>
			<b:bean
				class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
		</b:constructor-arg>
	</b:bean>

	<b:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"
		p:service="https://${cas.service.host}/MemberInquiry/j_spring_cas_security_check"
		p:authenticateAllArtifacts="true" />

	<b:bean id="casEntryPoint"
		class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"
		p:serviceProperties-ref="serviceProperties"
		p:loginUrl="https://${cas.server.host}/cas-server-webapp/login" />

	<b:bean id="casFilter"
		class="org.springframework.security.cas.web.CasAuthenticationFilter"
		p:authenticationManager-ref="authManager" p:serviceProperties-ref="serviceProperties"
		p:proxyGrantingTicketStorage-ref="pgtStorage"
		p:proxyReceptorUrl="/j_spring_cas_security_proxyreceptor">
		<b:property name="authenticationDetailsSource">
			<b:bean
				class="org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource" />
		</b:property>

		<b:property name="authenticationFailureHandler">
			<b:bean
				class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
				p:defaultFailureUrl="/casfailed.jsp" />
		</b:property>


		<b:property name="authenticationSuccessHandler">
			<b:bean
				class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"
				p:defaultTargetUrl="/requests/add.html" />
		</b:property>
	</b:bean>
	<!-- NOTE: In a real application you should not use an in memory implementation. 
		You will also want to ensure to clean up expired tickets by calling ProxyGrantingTicketStorage.cleanup() -->
	<b:bean id="pgtStorage"
		class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />
	<b:bean id="casAuthProvider"
		class="org.springframework.security.cas.authentication.CasAuthenticationProvider"
		p:serviceProperties-ref="serviceProperties" p:key="casAuthProviderKey">
		<b:property name="authenticationUserDetailsService">
			<b:bean
				class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
				<b:constructor-arg ref="userService" />
			</b:bean>
		</b:property>
		<b:property name="ticketValidator">
			<b:bean class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator"
				p:acceptAnyProxy="true"
				p:proxyCallbackUrl="https://${cas.service.host}/MemberInquiry/j_spring_cas_security_proxyreceptor"
				p:proxyGrantingTicketStorage-ref="pgtStorage">
				<b:constructor-arg value="https://${cas.server.host}/cas-server-webapp" />
			</b:bean>
		</b:property>
		<b:property name="statelessTicketCache">
			<b:bean
				class="org.springframework.security.cas.authentication.EhCacheBasedTicketCache">
				<b:property name="cache">
					<b:bean class="net.sf.ehcache.Cache" init-method="initialise"
						destroy-method="dispose">
						<b:constructor-arg value="casTickets" />
						<b:constructor-arg value="50" />
						<b:constructor-arg value="true" />
						<b:constructor-arg value="false" />
						<b:constructor-arg value="3600" />
						<b:constructor-arg value="900" />
					</b:bean>
				</b:property>
			</b:bean>
		</b:property>
	</b:bean>

	<!-- Configuration for the environment can be overriden by system properties -->
	<context:property-placeholder
		system-properties-mode="OVERRIDE" properties-ref="environment" />

	<util:properties id="environment">
		<b:prop key="cas.service.host">wcmisdlin07.uftmasterad.org:8443</b:prop>
		<b:prop key="cas.server.host">wcmisdlin07.uftmasterad.org:8443</b:prop>
	</util:properties>
	
	
	


</b:beans>
  2. Jun 25th, 2012, 09:17 PM #2
    Rob Winch
    Rob Winch is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Posts
    1,826

    Default

    Please do not submit the same question multiple times.
    Rob Winch - @rob_winch
    Spring Security Lead
    Pivotal
  3. Jun 27th, 2012, 09:15 AM #3
    Rob Winch
    Rob Winch is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Posts
    1,826

    Default

    Closing to move discussion to single thread http://forum.springsource.org/showth...-and-CAS-login
    Rob Winch - @rob_winch
    Spring Security Lead
    Pivotal
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules