Hi, Indeed: taking a look at the source code ( http://grepcode.com/file/repo1.maven.org/maven2/org.springframework.security/spring-security-web/3.0.0.RELEASE/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java#244) show us that it matches if the url ends with the *filterProcessesUrl* defined if the context path is empty. Might be your case... Best regards, Jérôme
2014-03-27 14:51 GMT+01:00 Idan Fridman <[email protected]>: > Thanks. So how come /admin/login also gives the same error > result?(thought only /login is protected > > Thanks, > > > ----- Reply message ----- > From: "Jérôme LELEU" <[email protected]> > To: "[email protected]" <[email protected]> > Subject: [cas-user] Having weird behavior when connecting to /login (or > /admin/login) > Date: Thu, Mar 27, 2014 2:54 PM > > Hi, > > The *filterProcessesUrl* is dedicated to receive service tickets during > the CAS login process. Generally, the url is kept with the default value: > /j_spring_cas_security_check. > So the error you get is completely normal if you don't provide any service > ticket. You should not call this url, but any protected url of your > application to trigger a CAS round-trip. > Best regards, > Jérôme > > > > 2014-03-27 9:07 GMT+01:00 ray <[email protected]>: > >> Hi, >> In my cas service client (Spring client) I have this configuration: >> >> <http pattern="/resources/**" security="none"/> >> >> <http use-expressions="true" entry-point-ref="casEntryPoint"> >> <intercept-url pattern="/sync/**" access="permitAll"/> >> <intercept-url pattern="/**" access="isAuthenticated()"/> >> <access-denied-handler error-page="/no-access"/> >> >> <custom-filter ref="casFilter" position="CAS_FILTER"/> >> <custom-filter ref="singleLogoutFilter" >> before="LOGOUT_FILTER"/> >> >> <logout logout-url="/logout" >> >> logout-success-url="${cas.server.host}/cas/logout?service=${cas.service.host}"/> >> </http> >> >> <authentication-manager alias="authenticationManager"> >> <authentication-provider ref="casAuthProvider"/> >> </authentication-manager> >> >> >> <!-- authenticates CAS tickets, must be in custom-filter of cis.xml --> >> <bean id="casFilter" >> >> class="org.springframework.security.cas.web.CasAuthenticationFilter"> >> <property name="authenticationManager" >> ref="authenticationManager"/> >> <property name="filterProcessesUrl" value="/login"/> >> </bean> >> >> <bean id="casAuthProvider" >> >> class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> >> <property name="ticketValidator" ref="ticketValidator"/> >> <property name="serviceProperties" ref="serviceProperties"/> >> <property name="key" value="Analytics"/> >> <property name="authenticationUserDetailsService" >> ref="myUserDetailsService"/> >> <!-- <property name="statelessTicketCache" >> ref="statelessTicketCache"/>--> >> >> </bean> >> >> >> >> Everything working as expected. the only this I dont get is when I am >> accessing localhost:8080/login instead of being redirect to CAS server I am >> getting: >> >> HTTP Status 401 - Authentication Failed: Failed to provide a CAS service >> ticket to validate >> >> >> (same goes for /admin/login) >> >> Is 'login' somehow protected by cas client? anyone could please explain >> me that? >> >> thanks, >> ray. >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > This e-mail and the information it contains may be privileged and/or > confidential. It is intended solely for the use of the named recipient(s). > If you are not the intended recipient you may not disclose, copy, > distribute or retain any part of this message or attachments. If you have > received this e-mail in error please notify the sender immediately [by > clicking 'Reply'] and delete this e-mail. > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
