Does the CAS filter apply to your /home page or not?
If the CAS filter is not applying to your /home page, then you will not be
able to tell whether the user is already logged in to CAS via another app. To
achieve this, you will need to apply the CAS filter to "/home". If you don't
want to force a login, but just check whether the user is already logged in,
then set the "gateway" property to "true".
<bean
name="authenticationFilter"
class="org.jasig.cas.client.authentication.AuthenticationFilter"
p:casServerLoginUrl="https://localhost:8443/cas/login";
p:renew="false"
p:gateway="false"
p:service="https://my.local.service.com/cas-client"; />
David Ohsie
Software Architect
EMC Corporation
From: Rohit Kotecha [mailto:[email protected]]
Sent: Friday, April 26, 2013 10:46 AM
To: [email protected]
Subject: [cas-user] Spring Security 3.0 + CAS 3.3.5- Apply CAS filter for home
page
Hi All,
I am integration CAS(SSO) with Spring security web application.
I am facing one issue in it.
when user hit our web application we are displaying home page to the user.this
home page url is /home.
on home page there is login link and other feature which can be access by
guest user.(without logged-in).
when user is already logged-in into some other application say App1 which also
use CAS.
and in other tab in same browser if user hit our web application say App2 we
are displaying same home page to
other which can be access by guest user but with logged-in status and welcome
message for user.
in our application non-secure resource's pattern will be *.html and secure
resource's pattern is *.do.
my spring security configurtaion is as below.
<security:http entry-point-ref="casEntryPoint" auto-config="true">
<security:intercept-url pattern="/home"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/login.html"
access="ROLE_USER" />
<security:intercept-url pattern="/*.html"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/*.do"
access="ROLE_USER" />
<security:intercept-url pattern="/*.view"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/*.jsp"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:custom-filter position="CAS_FILTER"
ref="casFilter" />
<security:custom-filter
before="LOGOUT_FILTER" ref="requestSingleLogoutFilter"/>
<security:custom-filter before="CAS_FILTER"
ref="casSingleSignOutFilter" />
<security:logout
logout-success-url="${cas.server.url}/logout?service=${application.service.url}/home"
invalidate-session="false"/>
</security:http>
If user is already logged-in in application App1 and visit application App2 in
other tab, controll will go to
/home url and as there is no role require for it, controll is not going to CAS
filter and home page is display to
the user with not sign in status and that is not desire.
Also we have implmemented url rewriting using tuckey filter.
Configuration of filter in web.xml.
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<!-- <filter-mapping>-->
<!-- <filter-name>springSecurityFilterChain</filter-name>-->
<!--
<url-pattern>/j_spring_security_check</url-pattern>-->
<!-- <dispatcher>FORWARD</dispatcher>-->
<!-- </filter-mapping>-->
<!-- UrlRewriteFilter -->
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>
org.tuckey.web.filters.urlrewrite.UrlRewriteFilter
</filter-class>
<!-- Provide all extentions in lowercase -->
<init-param>
<param-name>logLevel</param-name>
<param-value>ERROR</param-value>
</init-param>
<init-param>
<param-name>statusEnabled</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<!-- UrlRewriteFilter Mapping -->
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
Home page should be displayed to the user with loggedin status.
So how to achieve this?
In both application individually login and logout working fine.
Any help will be greatly appreciated.
Thanks and Regards,
Rohit Kotecha
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
-**************Nihilent***************
" *** All information contained in this communication is confidential,
proprietary, privileged
and is intended for the addressees only. If youhave received this E-mail in
error please notify
mail administrator by telephone on +91-20-39846100 or E-mail the sender by
replying to
this message, and then delete this E-mail and other copies of it from your
computer system.
Any unauthorized dissemination,publication, transfer or use of the contents of
this communication,
with or without modifications is punishable under the relevant law.
Nihilent has scanned this mail with current virus checking technologies.
However, Nihilent makes no
representations or warranties to the effect that this communication is
virus-free.
Nihilent reserves the right to monitor all E-mail communications through its
Corporate Network. *** "
*************************************************************************-
smime.p7s
Description: S/MIME cryptographic signature
