Folks
Sorry to go so far backwards. But in moving forward with some odd
requirements I've had to go back to first principle code and am having
problems with the basics.
My understanding is that Spring defaults to "/login/cas" now as being
the URL for the CasFilter, as such the application doesn't actually have
to have a Handler for "/login/cas" as it's simply getting picked up by
the filter. Assuming this is correct, for some reason my straw-man code
appears to not be creating/inserting the CasAuthenticationFilter into
the Filter Chain.
My code is all stock sample code.
* Service Bean
* Entry Point Bean returning a CasAuthenticationEntryPoint that has the
Service Bean assigned.
* The following is the security config.
@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private AuthenticationProvider authenticationProvider;
private CasAuthenticationEntryPoint authenticationEntryPoint;
private SingleSignOutFilter singleSignOutFilter;
private LogoutFilter logoutFilter;
private ServiceProperties serviceProperties;
@Autowired
public SecurityConfig(CasAuthenticationProvider
casAuthenticationProvider, CasAuthenticationEntryPoint eP,
LogoutFilter lF
, SingleSignOutFilter ssF,ServiceProperties sP
) {
this.authenticationProvider = casAuthenticationProvider;
this.authenticationEntryPoint = eP;
this.logoutFilter = lF;
this.singleSignOutFilter = ssF;
this.serviceProperties = sP;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.regexMatchers("/secured.*", "/login")
.authenticated()
.and()
.authorizeRequests()
.regexMatchers("/")
.permitAll()
.and()
.httpBasic()
.authenticationEntryPoint(authenticationEntryPoint)
.and()
.logout().logoutSuccessUrl("/logout")
.and()
.addFilterBefore(singleSignOutFilter,
CasAuthenticationFilter.class)
.addFilterBefore(logoutFilter, LogoutFilter.class)
;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws
Exception {
auth.authenticationProvider(authenticationProvider);
}
@Override
protected AuthenticationManager authenticationManager() throws
Exception {
return new ProviderManager(Arrays.asList(authenticationProvider));
}
@Bean
public CasAuthenticationFilter
casAuthenticationFilter(ServiceProperties sP) throws Exception {
CasAuthenticationFilter filter = new CasAuthenticationFilter();
filter.setServiceProperties(sP);
filter.setAuthenticationManager(authenticationManager());
filter.setFilterProcessesUrl("/login/cas");
return filter;
}
}
The application will intercept anything that is accessed behind the
authenticated() filter.
However any calls to "/login/cas" give a 404 error. It appears that the
filter isn't "there" and my application in turn is complaining that I
simply don't have a handler for the "/login/cas" path. My
SingleSignOutFilter works via "/logout/cas"
Obviously the issue is that when the callbacks from CAS come they fail
as the application isn't providing the typical interfaces on the
"/login/cas" path.
Any idea's. I've debugged and stepped through the application as it's
building the security configuration and as far as I can tell the
CasAuthenticationFilter is never getting put into the filter chain.
I haven't attached all the other code bits, but as I said they are
"stock". In debugging all the values in the stack make sense etc etc.
Colin
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6cd6422b-e0d7-c42c-3d54-ab115fc6ecd1%40caveo.ca.