I would actually recommend you look into providing those properties via JNDI
or a Properties file, both of which can be externalized.

At Rutgers, we've actually defined those properties per environment/tier in
JNDI and then load them from JNDI (so in Tomcat, we have them in the
context.xml file) and then we use Spring's JNDI support to load them into
the application context and reference them.

Cheers,
Scott


On Fri, Nov 20, 2009 at 10:38 AM, Bruno Melloni <[email protected]
> wrote:

>  Question for someone with experience using CAS with Spring Security.
> Ignore otherwise.
>
> ====================================================================
>
>
>
> We usually deploy CAS and our CAS-enabled apps on the same server.  Our
> CAS-enabled apps are usually configured using the Spring Security approach
> (sample applicationContext-security.xml listed at bottom).
>
>
>
> So far, we’ve used the full http://myHost.myDomain/xxx URLs for references
> to CAS and for the callbacks.  Is there a way to use relative URLs so that
> we don’t have to reconfigure as we move from DEV to TEST to PROD?
>
>
>
> Is it as simple as leaving the https://myHost.myDomain:myPort out and
> starting the URL with ‘/’?  Wouldn’t that make it default to http instead of
> https?
>
>
>
> Sample xml (urls that we would like to be relative are in red):
>
>
>
> <?xml version=*"1.0"* encoding=*"UTF-8"*?>
>
> <beans
>
>     xmlns=*"http://www.springframework.org/schema/beans"*
>
>       <…snip…>
>
>     >
>
>       <security:http entry-point-ref=*"casProcessingFilterEntryPoint"*>
>
>         <!-- security:intercept-*url* pattern="/index.*jsp*"
> access="IS_AUTHENTICATED_ANONYMOUSLY" / -->
>
>         <security:intercept-url pattern=*"/accessDenied.jsp"* access=*
> "IS_AUTHENTICATED_ANONYMOUSLY"* />
>
>         <security:intercept-url pattern=*"/css/**"*           access=*
> "IS_AUTHENTICATED_ANONYMOUSLY"* />
>
>         <security:intercept-url pattern=*"/images/**"*        access=*
> "IS_AUTHENTICATED_ANONYMOUSLY"* />
>
>         <security:intercept-url pattern=*"/**"*               access=*
> "ROLE_MYAPP_ACCESS"* />
>
>         <security:anonymous/>
>
>         <security:logout logout-success-url=*"
> https://myHost.myDomain:myPort/cas/logout"*/>
>
>       </security:http>
>
>
>
>       <security:authentication-manager alias=*"casAuthenticationManager"*
> />
>
>
>
>       <bean id=*"serviceProperties"* class=*
> "org.springframework.security.ui.cas.ServiceProperties"*
>
>             
> p:service=*"https://myHost.myDomain:myPort/MyApp/j_spring_cas_security_check
> "*
>
>             p:sendRenew=*"false"* />
>
>
>
>       <bean id=*"casProcessingFilter"* class=*
> "org.springframework.security.ui.cas.CasProcessingFilter"*
>
>             p:authenticationManager-ref=*"casAuthenticationManager"*
>
>             p:authenticationFailureUrl=*"/accessDenied.jsp"*
>
>             p:alwaysUseDefaultTargetUrl=*"false"*
>
>             p:filterProcessesUrl=*"/j_spring_cas_security_check"*
>
>             p:defaultTargetUrl=*"/"* >
>
>             <security:custom-filter after=*"CAS_PROCESSING_FILTER"* />
>
>       </bean>
>
>
>
>       <bean id=*"casProcessingFilterEntryPoint"* class=*
> "org.springframework.security.ui.cas.CasProcessingFilterEntryPoint"*
>
>             p:loginUrl=*"https://myHost.myDomain:myPort/cas/login"*
>
>             p:serviceProperties-ref=*"serviceProperties"* />
>
>
>
>       <bean id=*"casAuthenticationProvider"* class=*
> "org.springframework.security.providers.cas.CasAuthenticationProvider"*
>
>             p:key=*"my_password_for_this_auth_provider_only"*
>
>             p:serviceProperties-ref=*"serviceProperties"*
>
>             p:userDetailsService-ref=*"userDetailsService"*>
>
>             <security:custom-authentication-provider />
>
>             <property name=*"ticketValidator"*>
>
>                   <bean class=*
> "org.jasig.cas.client.validation.Cas20ServiceTicketValidator"*>
>
>                         <constructor-arg index=*"0"* value=*"
> https://myHost.myDomain:myPort/cas"* />
>
>                   </bean>
>
>             </property>
>
>       </bean>
>
>
>
>     <bean id=*"userDetailsService"* class=*"our.custom.UserDetailService"*
> >
>
>       <…snip…>
>
>     </bean>
>
> </beans>
>
> --
> You are currently subscribed to [email protected] as: 
> [email protected]
>
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to