They need to be configured via some method.  You can't assume that they
reside on the same server.  You also can't trust the hostname set via the
initial Http Request to construct the proper URL (because the Host header is
set by the client).

You have three choices really:

1. JNDI
2. External Properties file
3. JVM System Properties (these can be read into a Spring configuration)

Cheers,
Scott


On Tue, Nov 24, 2009 at 9:22 AM, Bruno Melloni
<[email protected]>wrote:

>  Sorry, was looking in the wrong place.  It did get posted.
>
>
>
> I saw one reply suggesting putting the properties in JNDI, although that
> wouldn’t work for us.  I know another alternative would be to load the info
> from a properties file, but relative URLs would be cleaner and involve less
> work.
>
>
>
> I guess the question remains.
>
>
>
> b.
>
>
>
> *From:* Bruno Melloni
> *Sent:* Tuesday, November 24, 2009 8:16 AM
> *To:* Bruno Melloni; [email protected]
> *Subject:* RE: Relative CAS URLs when using Spring Security configuration
>
>
>
> Resending.  Email must have failed (don’t see it nor any replies in
> archives or digests).
>
>
>
> *From:* Bruno Melloni
> *Sent:* Friday, November 20, 2009 9:39 AM
> *To:* '[email protected]'
> *Subject:* Relative CAS URLs when using Spring Security configuration
>
>
>
> Question for someone with experience using CAS with Spring Security.
> Ignore otherwise.
>
> ====================================================================
>
>
>
> We usually deploy CAS and our CAS-enabled apps on the same server.  Our
> CAS-enabled apps are usually configured using the Spring Security approach
> (sample applicationContext-security.xml listed at bottom).
>
>
>
> So far, we’ve used the full http://myHost.myDomain/xxx URLs for references
> to CAS and for the callbacks.  Is there a way to use relative URLs so that
> we don’t have to reconfigure as we move from DEV to TEST to PROD?
>
>
>
> Is it as simple as leaving the https://myHost.myDomain:myPort out and
> starting the URL with ‘/’?  Wouldn’t that make it default to http instead of
> https?
>
>
>
> Sample xml (urls that we would like to be relative are in red):
>
>
>
> <?xml version=*"1.0"* encoding=*"UTF-8"*?>
>
> <beans
>
>     xmlns=*"http://www.springframework.org/schema/beans"*
>
>       <…snip…>
>
>     >
>
>       <security:http entry-point-ref=*"casProcessingFilterEntryPoint"*>
>
>         <!-- security:intercept-*url* pattern="/index.*jsp*"
> access="IS_AUTHENTICATED_ANONYMOUSLY" / -->
>
>         <security:intercept-url pattern=*"/accessDenied.jsp"* access=*
> "IS_AUTHENTICATED_ANONYMOUSLY"* />
>
>         <security:intercept-url pattern=*"/css/**"*           access=*
> "IS_AUTHENTICATED_ANONYMOUSLY"* />
>
>         <security:intercept-url pattern=*"/images/**"*        access=*
> "IS_AUTHENTICATED_ANONYMOUSLY"* />
>
>         <security:intercept-url pattern=*"/**"*               access=*
> "ROLE_MYAPP_ACCESS"* />
>
>         <security:anonymous/>
>
>         <security:logout logout-success-url=*"
> https://myHost.myDomain:myPort/cas/logout"*/>
>
>       </security:http>
>
>
>
>       <security:authentication-manager alias=*"casAuthenticationManager"*
> />
>
>
>
>       <bean id=*"serviceProperties"* class=*
> "org.springframework.security.ui.cas.ServiceProperties"*
>
>             
> p:service=*"https://myHost.myDomain:myPort/MyApp/j_spring_cas_security_check
> "*
>
>             p:sendRenew=*"false"* />
>
>
>
>       <bean id=*"casProcessingFilter"* class=*
> "org.springframework.security.ui.cas.CasProcessingFilter"*
>
>             p:authenticationManager-ref=*"casAuthenticationManager"*
>
>             p:authenticationFailureUrl=*"/accessDenied.jsp"*
>
>             p:alwaysUseDefaultTargetUrl=*"false"*
>
>             p:filterProcessesUrl=*"/j_spring_cas_security_check"*
>
>             p:defaultTargetUrl=*"/"* >
>
>             <security:custom-filter after=*"CAS_PROCESSING_FILTER"* />
>
>       </bean>
>
>
>
>       <bean id=*"casProcessingFilterEntryPoint"* class=*
> "org.springframework.security.ui.cas.CasProcessingFilterEntryPoint"*
>
>             p:loginUrl=*"https://myHost.myDomain:myPort/cas/login"*
>
>             p:serviceProperties-ref=*"serviceProperties"* />
>
>
>
>       <bean id=*"casAuthenticationProvider"* class=*
> "org.springframework.security.providers.cas.CasAuthenticationProvider"*
>
>             p:key=*"my_password_for_this_auth_provider_only"*
>
>             p:serviceProperties-ref=*"serviceProperties"*
>
>             p:userDetailsService-ref=*"userDetailsService"*>
>
>             <security:custom-authentication-provider />
>
>             <property name=*"ticketValidator"*>
>
>                   <bean class=*
> "org.jasig.cas.client.validation.Cas20ServiceTicketValidator"*>
>
>                         <constructor-arg index=*"0"* value=*"
> https://myHost.myDomain:myPort/cas"* />
>
>                   </bean>
>
>             </property>
>
>       </bean>
>
>
>
>     <bean id=*"userDetailsService"* class=*"our.custom.UserDetailService"*
> >
>
>       <…snip…>
>
>     </bean>
>
> </beans>
>
> --
> You are currently subscribed to [email protected] as: 
> [email protected]
>
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to