Got it to work.
Seems like the following elements also need to be present in the web.xml
file:
<filter>
<filter-name>clearPassFilterChainProxy</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter
-class>
</filter>
<filter-mapping>
<filter-name>clearPassFilterChainProxy</filter-name>
<url-pattern>/clearPass</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/clearPass</url-pattern>
</servlet-mapping>
I can submit a pull, unless there are concerns on not having the above in
the web.xml file?
-Misagh
> -----Original Message-----
> From: Misagh Moayyed [mailto:[email protected]]
> Sent: Friday, June 22, 2012 1:23 PM
> To: [email protected]
> Subject: RE: [cas-user] Turning on clearPass for CAS 3.5?
>
> Turning on DEBUG for org.springframework.security shows the following:
>
> 2012-06-22 13:16:55,981 INFO
> [org.springframework.security.web.DefaultSecurityFilterChain] -
> Creating filter chain: Ant [pattern='/clearpass'],
> [org.jasig.cas.client.authentication.AuthenticationFilter@8befd8,
> org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilt
> er@
> 12f5143,
> org.jasig.cas.client.util.HttpServletRequestWrapperFilter@1802d4b]
>
> ...which seems correct. Inside the web.xml file, I then declared the
> following:
>
> <filter>
> <filter-name>clearPassFilterChainProxy</filter-name>
>
> <filter-
> class>org.springframework.web.filter.DelegatingFilterProxy</filter
> -class>
> </filter>
> <filter-mapping>
> <filter-name>clearPassFilterChainProxy</filter-name>
> <url-pattern>/clearPass</url-pattern>
> </filter-mapping>
>
> ...which causes the initial browsing to '/clearPass' to redirect me to
> "/login?service=.../clearPass". Once I login, I see the following log
> entries:
>
> [org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFil
> ter
> ] - Successfully authenticated user: admin
> [org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFil
> ter
> ] - Redirecting after successful ticket validation.
> [org.jasig.cas.client.util.CommonUtils] - serviceUrl generated:
> https://.../cas/clearPass
> [org.springframework.security.web.util.AntPathRequestMatcher] -
> Checking match of request : '/clearpass'; against '/clearpass'
> [org.springframework.security.web.FilterChainProxy] - /clearPass at
> position 1 of 3 in additional filter chain; firing Filter:
> 'AuthenticationFilter'
> [org.springframework.security.web.FilterChainProxy] - /clearPass at
> position 2 of 3 in additional filter chain; firing Filter:
> 'Cas20ProxyReceivingTicketValidationFilter'
> [org.springframework.security.web.FilterChainProxy] - /clearPass at
> position 3 of 3 in additional filter chain; firing Filter:
> 'HttpServletRequestWrapperFilter'
> [org.springframework.security.web.FilterChainProxy] - /clearPass
> reached end of additional filter chain; proceeding with original chain
>
> This is the point where I'd expect the /clearPass controller to kick
> in, but seems like it never does.
>
> -Misagh
>
>
> > -----Original Message-----
> > From: Marvin S. Addison [mailto:[email protected]]
> > Sent: Friday, June 22, 2012 1:03 PM
> > To: [email protected]
> > Subject: Re: [cas-user] Turning on clearPass for CAS 3.5?
> >
> > > Have I missed a step somewhere? Seems like the clearPass spring
> > > security filters never kick in.
> >
> > Not that I can see. Turn up org.springframework.security to DEBUG
> and
> > see if the Spring Security plumbing is working as expected. Post the
> > relevant logs if nothing jumps out at you; hopefully more eyeballs
> > will provide some insight.
> >
> > M
> >
> > --
> > You are currently subscribed to [email protected] as:
> > [email protected] To unsubscribe, change settings or access
> > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> You are currently subscribed to [email protected] as:
> [email protected] To unsubscribe, change settings or access archives,
> see http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
