CAS proxy -spring security issue
I have got 2 web applications secured by the spring security .
Both of them are casified .
When I try to access the secured resource under Webapp1,it is redirecting me correctly to Cas login page and finally to the secured resource.
My problem starts now.
From the secured resource under Webapp1 ,I have to access a secured resource under Webapp2.For this I have set up the the proxycallback url.
i think I have done this set up correctly as I can see PGT tickets being loggedin the logs.
But still I get the login page as response from the request to secured resource under Webapp2
My security.xml is as below:
My calling code is as below:Code:<security:http entry-point-ref="casProcessingFilterEntryPoint"> <security:intercept-url pattern="/**" access="ROLE_USER" /> <security:intercept-url pattern="/am/rest/accessDenied" filters="none" /> <security:logout logout-url="/logout" logout-success-url="https://w02222/logoutSuccess" /> </security:http> <bean id="pgtStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl"/> <security:authentication-manager alias="casAuthenticationManager" /> <bean id="casSingleSignOutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"> <security:custom-filter before="CAS_PROCESSING_FILTER" /> </bean> <bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties" p:service="https://w02222/webapp1/j_spring_cas_security_check" p:sendRenew="false" /> <bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter" p:authenticationManager-ref="casAuthenticationManager" p:authenticationFailureUrl="/authorizationFailure.jsp" p:alwaysUseDefaultTargetUrl="false" p:filterProcessesUrl="/j_spring_cas_security_check" p:defaultTargetUrl="/"> <property name="proxyGrantingTicketStorage" ref="pgtStorage"/> <property name="proxyReceptorUrl" value="/j_spring_cas_security_proxyreceptor"/> <security:custom-filter after="CAS_PROCESSING_FILTER" /> </bean> <bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint" p:loginUrl="https://w02222/cas/login" p:serviceProperties-ref="serviceProperties" /> <bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider" p:key="my_password_for_this_auth_provider_only" p:serviceProperties-ref="serviceProperties" p:userDetailsService-ref="userDetailsService"> <security:custom-authentication-provider /> <property name="ticketValidator"> <bean class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator"> <constructor-arg index="0" value="https://w02222/cas" /> <property name="proxyCallbackUrl" value="https://w02222/webapp1/j_spring_cas_security_proxyreceptor" /> <property name="proxyGrantingTicketStorage" ref="pgtStorage" /> </bean> </property> </bean>
Proxyresponse I am getting in the above page is the html code for the login page.Code:String ticket = ((CasAuthenticationToken)SecurityContextHolder.getContext().getAuthentication()).getAssertion(). getPrincipal().getProxyTicketFor("https://w02222/webapp2/am/rest/users/"); String targetUrl="https://w02222/webapp2/am/rest/users/"; final String serviceUrl = targetUrl+"?ticket="+URLEncoder.encode(ticket, "UTF-8"); String proxyResponse = CommonUtils.getResponseFromServer(serviceUrl, "UTF-8");
Related Log piece is asbelow if it is of any help:
Can anyone please let me if I have missed any configuration here or done anything wrong here.Code:2012-07-23 13:59:50,680 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] Attempting to retrieve ticket [TGT-35-f2CgnH04IMTmIPeg69dDkL0WzGw5B9iuwSzGOn1PpPGC0ehUdR-cas] 2012-07-23 13:59:50,680 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] Ticket [TGT-35-f2CgnH04IMTmIPeg69dDkL0WzGw5B9iuwSzGOn1PpPGC0ehUdR-cas] found in registry. 2012-07-23 13:59:50,680 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] Added ticket [ST-63-QwUvMscLdBF2eIukGRtb-cas] to registry. 2012-07-23 13:59:50,680 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] Granted service ticket [ST-63-QwUvMscLdBF2eIukGRtb-cas] for service [https://w02222/webapp2/am/rest/users/] for user [https://w02222/webapp1/j_spring_cas_security_proxyreceptor] 2012-07-23 13:59:50,729 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] Action 'InitialFlowSetupAction' beginning execution 2012-07-23 13:59:55,012 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] Extractor generated service for: https://w02222/webapp2/j_spring_cas_security_check 2012-07-23 13:59:55,012 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] Placing service in FlowScope: https://w02222/webapp2/j_spring_cas_security_check 2012-07-23 13:59:55,795 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] Action 'InitialFlowSetupAction' completed execution; result is 'success' 2012-07-23 13:59:55,796 DEBUG [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] Action 'X509CertificateCredentialsNonInteractiveAction' beginning execution 2012-07-23 14:18:29,820 DEBUG [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] Certificates not found in request. 2012-07-23 14:18:29,820 DEBUG [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] ==================== IN DO EXECUTE ================== 2012-07-23 14:18:29,821 INFO [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] === NO Credentials present AbstractNonInteractiveCredentialsAction 2012-07-23 14:18:29,821 DEBUG [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] Action 'X509CertificateCredentialsNonInteractiveAction' completed execution; result is 'error' 2012-07-23 14:18:29,821 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] Action 'AuthenticationViaFormAction' beginning execution 2012-07-23 14:18:29,823 INFO [org.jasig.cas.web.flow.AuthenticationViaFormAction] SET LANGUAGES ----- 2012-07-23 14:18:29,823 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] Executing setupForm 2012-07-23 14:18:29,824 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] Creating new form object with name 'credentials' 2012-07-23 14:18:29,824 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] 2012-07-23 14:18:29,824 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials' 2012-07-23 14:18:29,824 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] Creating new form errors for object with name 'credentials' 2012-07-23 14:18:29,825 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] No property editor registrar set, no custom editors to register 2012-07-23 14:18:29,825 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] Putting form errors instance in scope Flash 2012-07-23 14:18:29,825 DEBUG [
Reply With Quote