I noticed that when I use Spring Security as a front to CAS, I can do the following logouts:
1) https://mysvr:8443/myapp/j_spring_security_logout which logs me out of Spring Security for the app. 2) https://mysvr:8443/cas/logout?https://mysvr:8443/myapp which logs me out of CAS for the app. 3) https://mysvr:8443/cas/logout which logs me out of all apps in CAS (I think). Is there a good way to do both (1) and (2) in one call? ----------------------------------------------------------------------------------- Below is my current application's applicationContext-security.xml (it works, but it probably still contains some errors). <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:p="http://www.springframework.org/schema/p"; xmlns:tx="http://www.springframework.org/schema/tx"; xmlns:security="http://www.springframework.org/schema/security"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd";> <security:http entry-point-ref="casProcessingFilterEntryPoint"> <security:intercept-url pattern="/admin/**" access="ROLE_ADMIN" /> <security:intercept-url pattern="/app/**" access="ROLE_USER,ROLE_ADMIN" /> <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <security:anonymous/> <security:logout/> </security:http> <security:authentication-manager alias="casAuthenticationManager" /> <bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties" p:service="https://LCEIT1664:8443/sso/j_spring_cas_security_check"; p:sendRenew="false" /> <bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter" p:authenticationManager-ref="casAuthenticationManager" p:authenticationFailureUrl="/casfailed.jsp" p:alwaysUseDefaultTargetUrl="true" p:filterProcessesUrl="/j_spring_cas_security_check" p:defaultTargetUrl="/"> <security:custom-filter after="CAS_PROCESSING_FILTER" /> </bean> <bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint" p:loginUrl="https://LCEIT1664:8443/cas/login"; p:serviceProperties-ref="serviceProperties" /> <bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider" p:key="my_password_for_this_auth_provider_only" p:serviceProperties-ref="serviceProperties" p:userDetailsService-ref="customUserDetailsService"> <security:custom-authentication-provider /> <property name="ticketValidator"> <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <constructor-arg index="0" value="https://LCEIT1664:8443/cas"; /> </bean> </property> </bean> <bean id="customUserDetailsService" class="net.cndc.springsecurity.userdetails.CndcActiveDirectoryUserDetailsService" > </bean> </beans> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
