Hi, I'm trying to integrate CAS with my application already using Acegi, after much research and many problems i arrived at a point that I don't know what to do. Once I enter in the application login screen > https://localhost:8181/WEBAPP/index.jsf
I'm redirected to the login screen of CAS > https://localhost:8443/cas/login?service=https%3A%2F%2Flocalhost%3A8181%2FWEBAPP%2Fj_acegi_cas_security_check I fill the username and password and after that an infinite loop of redirects seems to occur... even if the service ticket is already validated: cas.log: 2014-03-19 15:46:18,245 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-28-vcMdm7UgfpbS9KQQOz3e-cas01.ex ample.org] for service [https://localhost:8181/WEBAPP/j_acegi_cas_security_check] for user [R106234]> 2014-03-19 15:46:18,247 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: R106234 WHAT: ST-28-vcMdm7UgfpbS9KQQOz3e-cas01.example.org for https://localhost:8181/WEBAPP/j_acegi_cas_security_check ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Wed Mar 19 15:46:18 BRT 2014 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2014-03-19 15:46:18,290 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <org.jasig.cas.authentication.handler.support.HttpBa sedServiceCredentialsAuthenticationHandler successfully authenticated [callbackUrl: https://localhost:8181/WEBAPP/casProxy/receptor]> 2014-03-19 15:46:18,296 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <Resolved principal https://localhost:8181/WEBAPP /casProxy/receptor> 2014-03-19 15:46:18,297 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <org.jasig.cas.authentication.handler.support.HttpBa sedServiceCredentialsAuthenticationHandler@1876a6d authenticated https://localhost:8181/WEBAPP/casProxy/receptor with credential [callbac kUrl: https://localhost:8181/WEBAPP/casProxy/receptor].> 2014-03-19 15:46:18,298 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: [callbackUrl: https://localhost:8181/WEBAPP/casProxy/receptor] WHAT: supplied credentials: [callbackUrl: https://localhost:8181/WEBAPP/casProxy/receptor] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Wed Mar 19 15:46:18 BRT 2014 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2014-03-19 15:46:18,300 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: R106234 WHAT: TGT-32-fFTSeWUrJRATqC2oa9OFNsOmEjHbQkX4BbGVYzTVpkjzKlNaUB-cas01.example.org ACTION: PROXY_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Wed Mar 19 15:46:18 BRT 2014 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2014-03-19 15:46:18,303 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-28-vcMdm7UgfpbS9KQQOz3e-cas01.example.org ACTION: SERVICE_TICKET_VALIDATED APPLICATION: CAS WHEN: Wed Mar 19 15:46:18 BRT 2014 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= applicationContext-acegi-security.xml: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"> <beans> <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy"> <property name="filterInvocationDefinitionSource"> <value></value> </property> </bean> <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/> <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter"> <constructor-arg value="/login.jsp"/> <constructor-arg> <list> <ref bean="rememberMeServices"/> <bean class="br.com.morg.app.acegi.AppLogoutHandler"/> <bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/> </list> </constructor-arg> <property name="filterProcessesUrl"> <value>/j_acegi_logout.jsf</value> </property> </bean> <bean id="authenticationProcessingFilter" class="br.com.morg.app.acegi.AppAuthenticationProcessingFilter"> <property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationFailureUrl" value="/login.jsp?login_error=1"/> <property name="defaultTargetUrl" value="/index.jsf"/> <property name="filterProcessesUrl" value="/j_acegi_security_check.jsf"/> <property name="rememberMeServices" ref="rememberMeServices"/> </bean> <bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/> <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> <property name="authenticationEntryPoint"> <ref local="casProcessingFilterEntryPoint" /> </property> <property name="accessDeniedHandler"> <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl"> <property name="errorPage" value="/accessDenied.jsp"/> </bean> </property> </bean> <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager"/> <property name="accessDecisionManager"> <bean class="org.acegisecurity.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions" value="false"/> <property name="decisionVoters"> <list> <bean class="org.acegisecurity.vote.RoleVoter"/> <bean class="org.acegisecurity.vote.AuthenticatedVoter"/> </list> </property> </bean> </property> <property name="objectDefinitionSource"> <value> </value> </property> </bean> <bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices"> <property name="userDetailsService" ref="userDetailsService"/> <property name="key" value="app"/> <property name="tokenValiditySeconds" value="86400"/> </bean> <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref bean="casAuthenticationProvider" /> </list> </property> </bean> <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider"> <property name="userDetailsService" ref="userDetailsService"/> <property name="passwordEncoder" ref="passwordEncoder"/> </bean> <bean id="casAuthenticationProvider" class="org.acegisecurity.providers.cas.CasAuthenticationProvider"> <property name="casAuthoritiesPopulator"> <ref bean="casAuthoritiesPopulator" /> </property> <property name="casProxyDecider"> <ref bean="casProxyDecider" /> </property> <property name="ticketValidator"> <ref bean="casProxyTicketValidator" /> </property> <property name="statelessTicketCache"> <ref bean="statelessTicketCache" /> </property> <property name="key"> <value>app</value> </property> </bean> <bean id="casProxyTicketValidator" class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator"> <property name="casValidate"> <value>https://localhost:8443/cas/proxyValidate</value> </property> <property name="proxyCallbackUrl"> <value>https://localhost:8181/WEBAPP/casProxy/receptor</value> </property> <property name="serviceProperties"> <ref bean="serviceProperties" /> </property> </bean> <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"> </bean> <bean id="ticketCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean"> <property name="cacheManager"> <ref local="cacheManager" /> </property> <property name="cacheName"> <value>ticketCache</value> </property> </bean> <bean id="statelessTicketCache" class="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache"> <property name="cache"> <ref local="ticketCacheBackend" /> </property> </bean> <bean id="casAuthoritiesPopulator" class="org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator"> <property name="userDetailsService"> <ref bean="userDetailsService" /> </property> </bean> <bean id="casProxyDecider" class="org.acegisecurity.providers.cas.proxy.RejectProxyTickets" /> <bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.ShaPasswordEncoder"> <constructor-arg value="256"/> </bean> <bean id="userDetailsService" class="br.com.morg.app.acegi.EjbDaoImpl" /> <bean id="loggerListener" class="br.com.morg.app.acegi.AppLoggerListener" /> <bean id="serviceProperties" class="org.acegisecurity.ui.cas.ServiceProperties"> <property name="service"> <value>https://localhost:8181/WEBAPP/j_acegi_cas_security_check</value> </property> <property name="sendRenew"> <value>false</value> </property> </bean> <bean id="casProcessingFilter" class="org.acegisecurity.ui.cas.CasProcessingFilter"> <property name="authenticationManager"> <ref bean="authenticationManager" /> </property> <property name="authenticationFailureUrl"> <value>/login.jsp?login_error=1</value> </property> <property name="defaultTargetUrl"> <value>/</value> </property> <property name="filterProcessesUrl"> <value>/j_acegi_cas_security_check</value> </property> </bean> <bean id="casProcessingFilterEntryPoint" class="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint"> <property name="loginUrl"> <value>https://localhost:8443/cas/login</value> </property> <property name="serviceProperties"> <ref bean="serviceProperties" /> </property> </bean> </beans> web.xml <?xml version="1.0"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd";> <description>WEBAPP</description> <display-name>WEBAPP</display-name> <context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/applicationContext-acegi-security.xml</param-value> </context-param> <context-param> <param-name>javax.faces.DEFAULT_SUFFIX</param-name> <param-value>.xhtml</param-value> </context-param> <context-param> <param-name>facelets.REFRESH_PERIOD</param-name> <param-value>3</param-value> </context-param> <context-param> <param-name>com.sun.faces.numberOfViewsInSession</param-name> <param-value>5</param-value> </context-param> <context-param> <param-name>com.sun.faces.numberOfLogicalViews</param-name> <param-value>5</param-value> </context-param> <context-param> <param-name>javax.faces.STATE_SAVING_METHOD</param-name> <param-value>server</param-value> </context-param> <context-param> <param-name>facelets.LIBRARIES</param-name> <param-value> /WEB-INF/taglibs/acegijsf.taglib.xml; /WEB-INF/taglibs/customfunctions.taglib.xml </param-value> </context-param> <context-param> <param-name>facelets.SKIP_COMMENTS</param-name> <param-value>true</param-value> </context-param> <context-param> <param-name>org.richfaces.SKIN</param-name> <param-value>morg</param-value> </context-param> <context-param> <param-name>org.ajax4jsf.VIEW_HANDLERS</param-name> <param-value>com.sun.facelets.FaceletViewHandler</param-value> </context-param> <context-param> <description>Se esta propriedade estiver configurada como true, o número utilizado para gerar novos IDs de clientes é armazenado na visualização para que seja salvo entre os pedidos. </description> <param-name>com.ibm.ws.jsf.storeDynamicClientIds</param-name> <param-value>false</param-value> </context-param> <context-param> <param-name>facelets.DEVELOPMENT</param-name> <param-value>false</param-value> </context-param> <context-param> <param-name>com.sun.faces.validateXml</param-name> <param-value>false</param-value> </context-param> <context-param> <param-name>com.sun.faces.verifyObjects</param-name> <param-value>false</param-value> </context-param> <context-param> <param-name>com.sun.faces.enableRestoreView11Compatibility</param-name> <param-value>false</param-value> </context-param> <context-param> <param-name>edu.yale.its.tp.cas.proxyUrl</param-name> <param-value>https://localhost:8443/cas/proxyValidate</param-value> </context-param> <filter> <filter-name>Hibernate Filter</filter-name> <filter-class>br.com.morg.app.filter.HibernateFilter</filter-class> </filter> <filter> <filter-name>Acegi Filter Chain Proxy</filter-name> <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class> <init-param> <param-name>targetClass</param-name> <param-value>org.acegisecurity.util.FilterChainProxy</param-value> </init-param> </filter> <filter> <display-name>RichFaces Filter</display-name> <filter-name>richfaces</filter-name> <filter-class>org.ajax4jsf.Filter</filter-class> <init-param> <param-name>createTempFiles</param-name> <param-value>false</param-value> </init-param> </filter> <filter-mapping> <filter-name>Hibernate Filter</filter-name> <servlet-name>Faces Servlet</servlet-name> </filter-mapping> <filter-mapping> <filter-name>Acegi Filter Chain Proxy</filter-name> <url-pattern>/index.jsf</url-pattern> <url-pattern>/alteraSenha.jsf</url-pattern> <url-pattern>/j_acegi_security_check.jsf</url-pattern> <url-pattern>/j_acegi_logout.jsf</url-pattern> <url-pattern>/pages/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>richfaces</filter-name> <servlet-name>Faces Servlet</servlet-name> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> </filter-mapping> <filter> <filter-name>Acegi Filter Chain Proxy</filter-name> <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class> <init-param> <param-name>targetClass</param-name> <param-value>org.acegisecurity.ui.cas.CasProcessingFilter</param-value> </init-param> </filter> <filter-mapping> <filter-name>Acegi CAS Processing Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <servlet-name>casproxy</servlet-name> <servlet-class>edu.yale.its.tp.cas.proxy.ProxyTicketReceptor</servlet-class> <init-param> <param-name>edu.yale.its.tp.cas.proxyUrl</param-name> <param-value>https://localhost:8443/cas/proxyValidate</param-value> </init-param> </servlet> <servlet-mapping> <servlet-name>casproxy</servlet-name> <url-pattern>/casProxy/*</url-pattern> </servlet-mapping> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <listener> <listener-class>br.com.morg.app.listener.TimezoneAxisFixListener</listener-class> </listener> <servlet> <servlet-name>Faces Servlet</servlet-name> <servlet-class>javax.faces.webapp.FacesServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet> <servlet-name>bshservlet</servlet-name> <servlet-class>bsh.servlet.BshServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>Faces Servlet</servlet-name> <url-pattern>*.jsf</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>bshservlet</servlet-name> <url-pattern>/eval</url-pattern> </servlet-mapping> <session-config> <session-timeout>30</session-timeout> </session-config> <welcome-file-list> <welcome-file>index.html</welcome-file> </welcome-file-list> <error-page> <exception-type>java.lang.Exception</exception-type> <location>/errorPage/errorPage.jsp</location> </error-page> <login-config> <auth-method>BASIC</auth-method> </login-config> </web-app> I'm using acegi-jsf-1.1.3.jar, acegi-security-1.0.5.jar, casclient-2.1.1.jar running the application and CAS on Embedded Jetty 6.1.26. Can anyone help me? Thanks =) -- View this message in context: http://jasig.275507.n4.nabble.com/Acegi-and-Cas-integration-tp4662313.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
