On Tue, Feb 17, 2009 at 12:16 PM, Bruno Melloni <[email protected] > wrote:
> I noticed that when I use Spring Security as a front to CAS, I can do the > following logouts: > > > > 1) https://mysvr:8443/myapp/j_spring_security_logout which logs me > out of Spring Security for the app. > > 2) https://mysvr:8443/cas/logout?https://mysvr:8443/myapp which logs > me out of CAS for the app. > > 3) https://mysvr:8443/cas/logout which logs me out of all apps in > CAS (I think). > #2 and #3 do the same thing. They end your CAS session and they'll call back to any services that they can (though there are no guarantees). > > > Is there a good way to do both (1) and (2) in one call? > > > > > ----------------------------------------------------------------------------------- > > > > Below is my current application's applicationContext-security.xml (it > works, but it probably still contains some errors). > > > > <beans > > xmlns=*"http://www.springframework.org/schema/beans"* > > xmlns:xsi=*"http://www.w3.org/2001/XMLSchema-instance"* > > xmlns:p=*"http://www.springframework.org/schema/p"* > > xmlns:tx=*"http://www.springframework.org/schema/tx"* > > xmlns:security=*"http://www.springframework.org/schema/security"* > > xsi:schemaLocation=*"http://www.springframework.org/schema/beans * > > * > http://www.springframework.org/schema/beans/spring-beans-2.0.xsd* > > * http://www.springframework.org/schema/tx * > > * > http://www.springframework.org/schema/tx/spring-tx-2.0.xsd* > > * http://www.springframework.org/schema/security * > > * > http://www.springframework.org/schema/security/spring-security-2.0.4.xsd"* > > > > > > <security:http entry-point-ref=*"casProcessingFilterEntryPoint"*> > > <security:intercept-url pattern=*"/admin/**"* access=*"ROLE_ADMIN" > * /> > > <security:intercept-url pattern=*"/app/**"* access=* > "ROLE_USER,ROLE_ADMIN"* /> > > <security:intercept-url pattern=*"/**"* access=* > "IS_AUTHENTICATED_ANONYMOUSLY"* /> > > <security:anonymous/> > > <security:logout/> > > </security:http> > > > > <security:authentication-manager alias=*"casAuthenticationManager"* > /> > > > > <bean id=*"serviceProperties"* class=* > "org.springframework.security.ui.cas.ServiceProperties"* > > p:service=*" > https://LCEIT1664:8443/sso/j_spring_cas_security_check"* > > p:sendRenew=*"false"* /> > > > > <bean id=*"casProcessingFilter"* class=* > "org.springframework.security.ui.cas.CasProcessingFilter"* > > p:authenticationManager-ref=*"casAuthenticationManager"* > > p:authenticationFailureUrl=*"/casfailed.jsp"* > > p:alwaysUseDefaultTargetUrl=*"true"* > > p:filterProcessesUrl=*"/j_spring_cas_security_check"* > > p:defaultTargetUrl=*"/"*> > > <security:custom-filter after=*"CAS_PROCESSING_FILTER"* /> > > </bean> > > > > <bean id=*"casProcessingFilterEntryPoint"* class=* > "org.springframework.security.ui.cas.CasProcessingFilterEntryPoint"* > > p:loginUrl=*"https://LCEIT1664:8443/cas/login"* > > p:serviceProperties-ref=*"serviceProperties"* /> > > > > > > <bean id=*"casAuthenticationProvider"* class=* > "org.springframework.security.providers.cas.CasAuthenticationProvider"* > > p:key=*"my_password_for_this_auth_provider_only"* > > p:serviceProperties-ref=*"serviceProperties"* > > p:userDetailsService-ref=*"customUserDetailsService"*> > > <security:custom-authentication-provider /> > > <property name=*"ticketValidator"*> > > <bean class=* > "org.jasig.cas.client.validation.Cas20ServiceTicketValidator"*> > > <constructor-arg index=*"0"* value=*" > https://LCEIT1664:8443/cas"* /> > > </bean> > > </property> > > </bean> > > > > <bean id=*"customUserDetailsService"* > > class=* > "net.cndc.springsecurity.userdetails.CndcActiveDirectoryUserDetailsService" > * > > > > > </bean> > > </beans> > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
