Hello Freinds,
I have problem when trying to integrate my 2 spring security application with CAS.
security xml for 1st application is below :
Code:
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Application context containing authentication, channel
- security and web URI beans.
-
- Only used by "filter" artifact.
-
-->
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<global-method-security pre-post-annotations="enabled">
<expression-handler ref="expressionHandler"/>
</global-method-security>
<http realm="Contacts App" entry-point-ref="casAuthEntryPoint">
<intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/hello.htm" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/switchuser.jsp" access="ROLE_SUPERVISOR"/>
<intercept-url pattern="/j_spring_security_switch_user" access="ROLE_SUPERVISOR"/>
<intercept-url pattern="/**" access="ROLE_USER"/>
<form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1"/>
<http-basic/>
<logout logout-success-url="/index.jsp"/>
<remember-me />
<custom-filter ref="switchUserProcessingFilter" position="SWITCH_USER_FILTER"/>
<custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></custom-filter>
</http>
<b:bean id="casAuthEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<b:property name="loginUrl" value="http://localhost:8080/cas-server-webapp-3.4.3.1"/>
<b:property name="serviceProperties" ref="serviceProperties"/>
</b:bean>
<b:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<b:property name="service" value="http://localhost:8080/SpringSecurityContact304/j_spring_cas_security_check"/>
<b:property name="sendRenew" value="false"></b:property>
</b:bean>
<b:bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<b:property name="authenticationManager" ref="authenticationManager"/>
</b:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="casAuthenticationProvider">
<!-- <password-encoder hash="md5"/>
<jdbc-user-service data-source-ref="dataSource"/> -->
</authentication-provider>
</authentication-manager>
<b:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<b:property name="ticketValidator" ref="casTicketValidator" />
<b:property name="serviceProperties" ref="serviceProperties" />
<b:property name="key" value="cas" />
<b:property name="userDetailsService" ref="userService" />
</b:bean>
<jdbc-user-service data-source-ref="dataSource" id="userService"/>
<b:bean id="casTicketValidator" class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<b:constructor-arg value="http://localhost:8080/cas-server-webapp-3.4.3.1/" />
</b:bean>
<!-- Automatically receives AuthenticationEvent messages -->
<b:bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener"/>
<!-- Filter used to switch the user context. Note: the switch and exit url must be secured
based on the role granted the ability to 'switch' to another user -->
<!-- In this example 'rod' has ROLE_SUPERVISOR that can switch to regular ROLE_USER(s) -->
<b:bean id="switchUserProcessingFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter" autowire="byType">
<b:property name="targetUrl" value="/secure/index.htm"/>
</b:bean>
<b:bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
<b:property name="permissionEvaluator" ref="permissionEvaluator"/>
</b:bean>
<b:bean id="permissionEvaluator" class="org.springframework.security.acls.AclPermissionEvaluator">
<b:constructor-arg ref="aclService"/>
</b:bean>
</b:beans>
and for 2nd application :
Code:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd
">
<!-- Ch 3 Start -->
<http auto-config="true" use-expressions="true" entry-point-ref="casAuthEntryPoint">
<intercept-url pattern="/login.do" access="permitAll"/>
<intercept-url pattern="/*" access="hasRole('ROLE_USER')"/>
<form-login login-page="/login.do"/>
<custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></custom-filter>
</http>
<beans:bean id="casAuthEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<beans:property name="loginUrl" value="http://localhost:8080/cas-server-webapp-3.4.3.1"/>
<beans:property name="serviceProperties" ref="serviceProperties"/>
</beans:bean>
<beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<beans:property name="service" value="http://localhost:8080/JBCP3/j_spring_cas_security_check"/>
<beans:property name="sendRenew" value="false"></beans:property>
</beans:bean>
<beans:bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
</beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="casAuthenticationProvider">
<!-- <password-encoder hash="md5"/>
<jdbc-user-service data-source-ref="dataSource"/> -->
</authentication-provider>
</authentication-manager>
<beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<beans:property name="ticketValidator" ref="casTicketValidator" />
<beans:property name="serviceProperties" ref="serviceProperties" />
<beans:property name="key" value="cas" />
<beans:property name="userDetailsService" ref="userService" />
</beans:bean>
<beans:bean id="casTicketValidator" class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<beans:constructor-arg value="http://localhost:8080/cas-server-webapp-3.4.3.1/" />
</beans:bean>
<user-service id="userService">
<user authorities="ROLE_USER,ROLE_SUPERVISOR" name="rod" password="rod"/>
</user-service>
</beans:beans>
Now when i am trying to login to 1st application it redirect me to cas login page and works fine but when i need to access to 2nd application it still redirect me to CAS login page which is not correct rather it have to redirect me to 2nd application's resources (i.e users dash board/secured resources).
May be I forget something in configuration.[
]
Anybody know about these type of issues..help me out.
thanks
Spring Security With CAS
Reply With Quote
