Sorry, was looking in the wrong place. It did get posted. I saw one reply suggesting putting the properties in JNDI, although that wouldn't work for us. I know another alternative would be to load the info from a properties file, but relative URLs would be cleaner and involve less work.
I guess the question remains. b. From: Bruno Melloni Sent: Tuesday, November 24, 2009 8:16 AM To: Bruno Melloni; [email protected] Subject: RE: Relative CAS URLs when using Spring Security configuration Resending. Email must have failed (don't see it nor any replies in archives or digests). From: Bruno Melloni Sent: Friday, November 20, 2009 9:39 AM To: '[email protected]' Subject: Relative CAS URLs when using Spring Security configuration Question for someone with experience using CAS with Spring Security. Ignore otherwise. ==================================================================== We usually deploy CAS and our CAS-enabled apps on the same server. Our CAS-enabled apps are usually configured using the Spring Security approach (sample applicationContext-security.xml listed at bottom). So far, we've used the full http://myHost.myDomain/xxx URLs for references to CAS and for the callbacks. Is there a way to use relative URLs so that we don't have to reconfigure as we move from DEV to TEST to PROD? Is it as simple as leaving the https://myHost.myDomain:myPort out and starting the URL with '/'? Wouldn't that make it default to http instead of https? Sample xml (urls that we would like to be relative are in red): <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" <...snip...> > <security:http entry-point-ref="casProcessingFilterEntryPoint"> <!-- security:intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" / --> <security:intercept-url pattern="/accessDenied.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <security:intercept-url pattern="/css/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <security:intercept-url pattern="/images/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <security:intercept-url pattern="/**" access="ROLE_MYAPP_ACCESS" /> <security:anonymous/> <security:logout logout-success-url="https://myHost.myDomain:myPort/cas/logout"/> </security:http> <security:authentication-manager alias="casAuthenticationManager" /> <bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties" p:service="https:// myHost.myDomain:myPort/MyApp/j_spring_cas_security_check" p:sendRenew="false" /> <bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter" p:authenticationManager-ref="casAuthenticationManager" p:authenticationFailureUrl="/accessDenied.jsp" p:alwaysUseDefaultTargetUrl="false" p:filterProcessesUrl="/j_spring_cas_security_check" p:defaultTargetUrl="/" > <security:custom-filter after="CAS_PROCESSING_FILTER" /> </bean> <bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint" p:loginUrl="https://myHost.myDomain:myPort/cas/login" p:serviceProperties-ref="serviceProperties" /> <bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider" p:key="my_password_for_this_auth_provider_only" p:serviceProperties-ref="serviceProperties" p:userDetailsService-ref="userDetailsService"> <security:custom-authentication-provider /> <property name="ticketValidator"> <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <constructor-arg index="0" value="https://myHost.myDomain:myPort/cas" /> </bean> </property> </bean> <bean id="userDetailsService" class="our.custom.UserDetailService" > <...snip...> </bean> </beans> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
