Cemal,
I tried this approach to this but I keep getting a too many re-directs
error. I'm new'ish to Spring Security so maybe I'm missing something.
But basically I see the "DynamicRedirectCasAuthenticationEntryPoint"
being processed in every request the first time through it I'm intercepting
https://host/login?parameter=one
Then in my overridden entrypoint I'm changing the serviceURL to be
https://host/desktop?parameter=one which in turn redirects me to CAS
where I authenticate against a service that matches
/desktop?parameter=one, per your code hint.
But as far as I can tell it then redirects me back to
https://host/desktop?parameter=one&ticket=xxxxx but seems to treat this
like a new request and sends me back to CAS - CAS does not in turn
prompt be to authenticate again - but returns to the application again
but with
https://host/desktop?parameter=one&ticket=yyyyy
then on and on each time getting a new ticket parameter.
It's almost like it's treating the new ticket string as not matching the
original dynamically modified service string but upon taking me to CAS
it SSO's me but with a different ticket and around and around we go.
I was under the impression that the serviceURL definition in the Service
definition of the authenticationEntryPoint was to match a service policy
in CAS, and then CAS would SSO it to other URL's that are behind the
.authenticated() filters of Spring SecurityConfig...but it's seems to
want to go validate very string permutation.
Thoughts, what blindingly obvious thing am I missing :-).
Here is the SecurityFilter as an aside:
/protected void configure(HttpSecurity http) throws Exception {//
// http//
// .authorizeRequests()//
//.regexMatchers("/desktop/.*","/desktop?.*","/login.*")//
// .authenticated()//
// .and()//
// .authorizeRequests()//
// .regexMatchers("/")//
// .permitAll()//
// .and()//
// .httpBasic()//
//.authenticationEntryPoint(dynamicAuthenticationEntryPoint)//
// .and()//
// .logout().logoutSuccessUrl("/logout")//
// .and()//
// .addFilterBefore(singleSignOutFilter,
CasAuthenticationFilter.class)//
// .addFilterBefore(logoutFilter, LogoutFilter.class);//
////
//
// }/
Thank's in Advance.
Colin
On 2019-12-19 2:35 a.m., Cemal Önder wrote:
Yes I had that problem too when I want to create generic library that
serves as helper to make my microservices CASify. Here is a solution:
Spring Security CAS calls createServcieUrl of
CasAuthenticationEntryPoint before every request. This is the place
where serviceProperites are used for redirection. You can overwrite
ServiceProperties with your dynamically created url here. But keep in
mind that neither I like this solution but no choice because of
ServiceProperties requires URL on startup which you mentioned.
public class DynamicRedirectCasAuthenticationEntryPointextends
CasAuthenticationEntryPoint
{
// ...
@Override protected String createServiceUrl(final HttpServletRequest
request,final HttpServletResponse response )
{
// here set your new serviceProperties based on the request etc. with
your business logic
this.setServiceProperties( serviceProperties );
return super.createServiceUrl( request, response );
}
// ...
}
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to cas-user+unsubscr...@apereo.org
<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f574fc4c-55ca-4c34-bb1f-d751a8f34553%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/f574fc4c-55ca-4c34-bb1f-d751a8f34553%40apereo.org?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5530ca9e-0bf2-1643-8e0b-9f56c497efd2%40caveo.ca.