Hi Scott, Thanks for your reply.
I will be looking forward to gateway support in the future releases. Is there an alternate approach that you would recommend to accomplish this with my existing set-up ( I understand it may not be the most elegant). Prasanna On Tue, Apr 20, 2010 at 7:07 AM, Scott Battaglia <[email protected]>wrote: > CAS + Spring Security support doesn't support gateway at the moment. Its > on my list of things to do but doesn't necessarily mesh well with the way > Spring Security works. > > Redirecting to j_spring_cas_security_check isn't going to get you anywhere > I don't think. I'm not sure if you can combine it with the anonymous > support. > > Cheers, > Scott > > > On Mon, Apr 19, 2010 at 3:58 PM, prasanna h <[email protected]> wrote: > >> Hi All, >> >> I put in the following logic to add a gateway parameter to the cas login >> request(in case of access to a non-secure page). >> >> final String urlEncodedService = >> CommonUtils.constructServiceUrl(httpRequest, >> httpResponse, >> getServiceProperties().getService(), >> null, >> "ticket", >> true >> ); >> >> String redirectUrl = >> CommonUtils.constructRedirectUrl(casAuthenticationEntryPoint.getLoginUrl(), >> "service", >> urlEncodedService, >> getServiceProperties().isSendRenew(), >> true); >> >> httpResponse.sendRedirect(redirectUrl); >> >> If I'm already logged into CAS via client A, I'm able to login >> automatically into client B and the gateway works as expected. >> When I'm not logged into CAS, I would expect to be routed to my page >> without the CAS login page presented(as gateway is 'true'). But I get the >> following error >> >> *Authentication Failed: Failed to provide a CAS service ticket to >> validate* >> * >> * >> This is my service URL >> http://localhost:9080/iped/j_spring_cas_security_check >> >> Am I missing something here? >> * >> * >> Thanks, >> Prasanna >> * >> * >> * >> * >> On Sun, Apr 18, 2010 at 5:57 AM, prasanna <[email protected]> wrote: >> >>> Hi, >>> I've integrated Spring Security 3 with CAS. I'm stuck as I attempt to use >>> CAS as a gateway. >>> >>> My app has a few protected and unprotected pages with each page having a >>> login/logout link. I access a secure page after authenticating with CAS. >>> Accessing any page during that session would still display the logout >>> link(indicating that the user has authenticated with CAS). >>> >>> Currently, when I try to access a non-secure page(when I'm still logged >>> into CAS from another casified app or have a remember me cookie set by my >>> cas server), I would expect myself to be logged in automatically. But the >>> non-secure page still displays a login link(clicking which talks to CAS and >>> logs me in automatically as I previously authenticated successfully and the >>> browser has not been closed). >>> >>> I do not want to redirect the user to CAS login page if he tries to >>> access a non-secure resource, I just need to validate behind the scene to >>> check if he still logged into CAS and if not redirect him to the non-secure >>> page as a guest user. >>> >>> Please let me know what I need to add to my security context to achieve >>> this. >>> >>> Prasanna >>> >>> ps:I've attached my web.xml and security xml. >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
