Hi,
I've just started working with Acegi and CAS and I'm finding it very easy and powerful. However, I've come upon something that's confusing me. I set up my application so that any URL ending with .app forces requires authentication. It properly redirects to CAS for authentication but when it goes to the j_acegi_cas_security_check page it gets redirected back to CAS. Does anyone know why this occurs? I'm assuming I have some stupid config error that I missed therefore I'm attaching my securityContext.xml.
Thanks in advance for your help! -Scott
-- Scott Battaglia Application Developer, New Technology Group Enterprise Systems and Services Rutgers University Computing Services Rutgers, the State University of New Jersey
email: [EMAIL PROTECTED] voice: 732.445.0097 fax: 732.445.5493
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd";> <beans> <!-- =========================================================== --> <!-- SINGLE SIGN ON USING ACEGI AND CAS --> <!-- =========================================================== --> <bean id="serviceProperties" class="net.sf.acegisecurity.ui.cas.ServiceProperties"> <property name="service"><value>https://acsdev12.rutgers.edu/hrinfo/j_acegi_cas_security_check</value></property> <property name="sendRenew"><value>false</value></property> </bean> <bean id="casProcessingFilter" class="net.sf.acegisecurity.ui.cas.CasProcessingFilter"> <property name="authenticationManager"><ref bean="authenticationManager" /></property> <property name="authenticationFailureUrl"><value>/casfailed.jsp</value></property> <property name="defaultTargetUrl"><value>/</value></property> <property name="filterProcessesUrl"><value>/j_acegi_cas_security_check</value></property> </bean> <bean id="casProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.cas.CasProcessingFilterEntryPoint"> <property name="loginUrl"><value>https://www.acst2.rutgers.edu:8889/cas/login</value></property> <property name="serviceProperties"><ref bean="serviceProperties" /></property> </bean> <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref bean="casAuthenticationProvider" /> </list> </property> </bean> <bean id="casAuthenticationProvider" class="net.sf.acegisecurity.providers.cas.CasAuthenticationProvider"> <property name="casAuthoritiesPopulator"><ref bean="casAuthoritiesPopulator" /></property> <property name="casProxyDecider"><ref bean="casProxyDecider" /></property> <property name="ticketValidator"><ref bean="casProxyTicketValidator" /></property> <property name="statelessTicketCache"><ref bean="statelessTicketCache" /></property> <property name="key"><value>my_password_for_this_auth_provider_only</value></property> </bean> <bean id="casProxyTicketValidator" class="net.sf.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator"> <property name="casValidate"><value>https://www.acst2.rutgers.edu:8889/cas/serviceValidate</value></property> <property name="serviceProperties"><ref bean="serviceProperties" /></property> </bean> <bean id="statelessTicketCache" class="net.sf.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache"> <property name="minutesToIdle"><value>20</value></property> </bean> <bean id="casAuthoritiesPopulator" class="net.sf.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator"> <property name="authenticationDao"><ref bean="authenticationDao" /></property> </bean> <bean id="casProxyDecider" class="net.sf.acegisecurity.providers.cas.proxy.RejectProxyTickets" /> <!-- <bean id="authenticationDao" class="edu.rutgers.acs.hrinfo.dao.support.InMemoryAuthenticationDao" />--> <bean id="authenticationDao" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl"> <property name="userMap"> <value> battags=PASSWORD_NOT_USED,ROLE_SUPER_USER beeky=PASSWORD_NOT_USED,ROLE_SUPER_USER </value> </property> </bean>
<bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
<property name="filterSecurityInterceptor"><ref bean="filterInvocationInterceptor"/></property>
<property name="authenticationEntryPoint"><ref bean="casProcessingFilterEntryPoint"/></property>
</bean>
<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref bean="httpRequestAccessDecisionManager"/></property>
<property name="runAsManager"><ref bean="runAsManager"/></property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/.*.app\Z=ROLE_SUPER_USER
</value>
</property>
</bean>
<bean id="runAsManager" class="net.sf.acegisecurity.runas.RunAsManagerImpl">
<property name="key"><value>my_run_as_password</value></property>
</bean>
<bean id="httpRequestAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter"/>
</list>
</property>
</bean>
<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter" />
<!-- ===================== HTTP CHANNEL REQUIREMENTS ==================== -->
<bean id="channelProcessingFilter" class="net.sf.acegisecurity.securechannel.ChannelProcessingFilter">
<property name="channelDecisionManager"><ref bean="channelDecisionManager"/></property>
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/.*\Z=REQUIRES_SECURE_CHANNEL
\A/j_acegi_cas_security_check.*\Z=REQUIRES_SECURE_CHANNEL
</value>
</property>
</bean>
<bean id="channelDecisionManager" class="net.sf.acegisecurity.securechannel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<ref bean="secureChannelProcessor"/>
<ref bean="insecureChannelProcessor"/>
</list>
</property>
</bean>
<bean id="secureChannelProcessor" class="net.sf.acegisecurity.securechannel.SecureChannelProcessor"/>
<bean id="insecureChannelProcessor" class="net.sf.acegisecurity.securechannel.InsecureChannelProcessor"/>
</beans>
