Spring Security uses a single entry point for responding to CAS tickets. However, its supposed to put the actual URL in a session object and redirect back to that URL *after* successfully validating the ticket. (unless they've changed the code).
On Fri, Apr 13, 2012 at 10:23 AM, Marvin S. Addison < [email protected]> wrote: > Thanks for your answer. Here is my configuration file : >> > > I reviewed your config and there's nothing obviously wrong. Time for code > review. The following two beans together define the redirect URL to CAS, > which includes the service URL (and any parameters that would be attached > to your service): > > > <bean id="**casProcessingFilterEntryPoint" class="org.springframework.** >> security.cas.web.**CasAuthenticationEntryPoint"> >> <property name="loginUrl" value="${casUrl}/login"/> >> <property name="serviceProperties" ref="serviceProperties"/> >> </bean> >> > > <bean id="serviceProperties" class="org.springframework.**security.cas.** >> ServiceProperties"> >> <property name="service" value="${applicationUrl}/j_** >> spring_cas_security_check"/> >> <property name="sendRenew" value="false"/> >> </bean> >> > > Code review reveals a surprise: > > CasAuthenticationEntryPoint.**java[1]: > > protected String createServiceUrl(final HttpServletRequest request, > final HttpServletResponse response) { > return CommonUtils.**constructServiceUrl(null, response, > this.serviceProperties.**getService(), null, > this.serviceProperties.**getArtifactParameter(), > this.**encodeServiceUrlWithSessionId)**; > } > > CommonUtils.java [2]: > > public static String constructServiceUrl(final HttpServletRequest > request, final HttpServletResponse response, final String service, final > String serverNames, final String artifactParameterName, final boolean > encode) { > if (CommonUtils.isNotBlank(**service)) { > return encode ? response.encodeURL(service) : service; > } > ... > > > Hopefully the issue is self evident, but I'll add a brief analysis in any > case. Since serviceProperties.getService() is not null, it uses that URL > directly instead of considering querystring parameters. Additionally, > createServiceUrl passes a null reference for the first argument to > constructServiceUrl, which further precludes consideration of querystring > parameters. > > Scott would have to weigh in here as to why that's the case, but > apparently it's not possible to preserve application parameters when using > the Spring Security CAS client. > > M > > [1] https://github.com/**SpringSource/spring-security/** > blob/3.0.x/cas/src/main/java/**org/springframework/security/**cas/web/** > CasAuthenticationEntryPoint.**java<https://github.com/SpringSource/spring-security/blob/3.0.x/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java> > > [2] https://github.com/Jasig/java-**cas-client/blob/master/cas-** > client-core/src/main/java/org/**jasig/cas/client/util/**CommonUtils.java<https://github.com/Jasig/java-cas-client/blob/master/cas-client-core/src/main/java/org/jasig/cas/client/util/CommonUtils.java> > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/**display/JSG/cas-user<http://www.ja-sig.org/wiki/display/JSG/cas-user> > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
