Question for someone with experience using CAS with Spring Security.  Ignore 
otherwise.
====================================================================

We usually deploy CAS and our CAS-enabled apps on the same server.  Our 
CAS-enabled apps are usually configured using the Spring Security approach 
(sample applicationContext-security.xml listed at bottom).

So far, we've used the full http://myHost.myDomain/xxx URLs for references to 
CAS and for the callbacks.  Is there a way to use relative URLs so that we 
don't have to reconfigure as we move from DEV to TEST to PROD?

Is it as simple as leaving the https://myHost.myDomain:myPort out and starting 
the URL with '/'?  Wouldn't that make it default to http instead of https?

Sample xml (urls that we would like to be relative are in red):

<?xml version="1.0" encoding="UTF-8"?>
<beans
    xmlns="http://www.springframework.org/schema/beans";
      <...snip...>
    >
      <security:http entry-point-ref="casProcessingFilterEntryPoint">
        <!-- security:intercept-url pattern="/index.jsp"        
access="IS_AUTHENTICATED_ANONYMOUSLY" / -->
        <security:intercept-url pattern="/accessDenied.jsp" 
access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/css/**"           
access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/images/**"        
access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/**"               
access="ROLE_MYAPP_ACCESS" />
        <security:anonymous/>
        <security:logout 
logout-success-url="https://myHost.myDomain:myPort/cas/logout"/>
      </security:http>

      <security:authentication-manager alias="casAuthenticationManager" />

      <bean id="serviceProperties" 
class="org.springframework.security.ui.cas.ServiceProperties"
            p:service="https:// 
myHost.myDomain:myPort/MyApp/j_spring_cas_security_check"
            p:sendRenew="false" />

      <bean id="casProcessingFilter" 
class="org.springframework.security.ui.cas.CasProcessingFilter"
            p:authenticationManager-ref="casAuthenticationManager"
            p:authenticationFailureUrl="/accessDenied.jsp"
            p:alwaysUseDefaultTargetUrl="false"
            p:filterProcessesUrl="/j_spring_cas_security_check"
            p:defaultTargetUrl="/" >
            <security:custom-filter after="CAS_PROCESSING_FILTER" />
      </bean>

      <bean id="casProcessingFilterEntryPoint" 
class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint"
            p:loginUrl="https://myHost.myDomain:myPort/cas/login";
            p:serviceProperties-ref="serviceProperties" />

      <bean id="casAuthenticationProvider" 
class="org.springframework.security.providers.cas.CasAuthenticationProvider"
            p:key="my_password_for_this_auth_provider_only"
            p:serviceProperties-ref="serviceProperties"
            p:userDetailsService-ref="userDetailsService">
            <security:custom-authentication-provider />
            <property name="ticketValidator">
                  <bean 
class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
                        <constructor-arg index="0" 
value="https://myHost.myDomain:myPort/cas"; />
                  </bean>
            </property>
      </bean>

    <bean id="userDetailsService" class="our.custom.UserDetailService" >
      <...snip...>
    </bean>
</beans>

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to