Hi people! I use CAS 3.2 with Java and PHP for SSO with LDAP with sucess. I use with autentication LDAP, but I need connection with ACEGI.
I used example as http://www.acegisecurity.org/guide/springsecurity.html#cas-server-3 with reference, but not funcion. In annex I put files deployerConfigContext.xml and securityContext.xml. I need help. Thanks. deployerConfigContext.xml: <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:p="http://www.springframework.org/schema/p"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd";> <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl"> <property name="credentialsToPrincipalResolvers"> <list> <bean class=" org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" /> <bean class=" org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" /> </list> </property> <property name="authenticationHandlers"> <list> <bean class=" org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler " p:httpClient-ref="httpClient" /> <!-- LDAP --> <!--bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler" > <property name="filter" value="uid=%u,informação do LDAP" /> <property name="contextSource" ref="contextSource" /> </bean--> <!-- FIM LDAP --> <!-- Conexao Acegi --> <bean class="org.acegisecurity.adapters.cas3.CasAuthenticationHandler"> <property name="authenticationManager" ref="casAuthenticationManager" /> </bean> <!-- Fim Conexao Acegi --> </list> </property> </bean> <!-- LDAP --> <!--bean id="contextSource" class=" org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource"> <property name="urls"> <list> <value>ldap://"servidorLDAP"/</value> </list> </property> </bean--> <!-- Fim LDAP --> <!-- Provedor CAS --> <bean id="casAuthenticationProvider" class=" org.acegisecurity.providers.cas.CasAuthenticationProvider" > </bean > <bean id="casAuthenticationManager" class=" org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref bean="casAuthenticationProvider"/> </list> </property> </bean> <!-- Fim Provedor CAS --> <!-- bean id="attributeRepository" class=" org.jasig.services.persondir.support.StubPersonAttributeDao"> <property name="backingMap"> <map> <entry key="uid" value="uid" /> <entry key="eduPersonAffiliation" value="eduPersonAffiliation" /> <entry key="groupMembership" value="groupMembership" /> </map> </property> </bean --> <!-- bean id="serviceRegistryDao" class=" org.jasig.cas.services.DefaultServicesManagerImpl" / --> </beans> securityContext.xml: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" " http://www.springframework.org/dtd/spring-beans.dtd";> <beans> <!-- ======================== FILTER CHAIN ======================= --> <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy "> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=channelProcessingFilter,httpSessionContextIntegrationFilter,logoutFilter,casProcessingFilter,basicProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor </value> </property> </bean> <!-- ======================== AUTHENTICATION ======================= --> <bean id="authenticationManager" class=" org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref local="casAuthenticationProvider"/> </list> </property> </bean> <bean id="httpSessionContextIntegrationFilter" class=" org.acegisecurity.context.HttpSessionContextIntegrationFilter"/> <bean id="casAuthenticationProvider" class=" org.acegisecurity.providers.cas.CasAuthenticationProvider"> <property name="casAuthoritiesPopulator"><ref local="casAuthoritiesPopulator"/></property> <property name="casProxyDecider"><ref local="casProxyDecider"/></property> <property name="ticketValidator"><ref local="casProxyTicketValidator"/></property> <property name="statelessTicketCache"><ref local="statelessTicketCache"/></property> <property name="key"><value>admin</value></property> </bean> <bean id="casProxyTicketValidator" class=" org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator"> <!-- &property name="casValidate" value=" https://localhost:8443/cas/proxyValidate"/<https://localhost:8443/cas/proxyValidate%22/>--> <!-- &property name="proxyCallbackUrl" value=" https://localhost:8443/contacts-cas/casProxy/receptor"/<https://localhost:8443/contacts-cas/casProxy/receptor%22/> --> <property name="serviceProperties"><ref local="serviceProperties"/></property> <!-- <property name="trustStore"><value>/some/path/to/your/lib/security/cacerts</value></property> --> </bean> <bean id="cacheManager" class=" org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/> <bean id="ticketCacheBackend" class=" org.springframework.cache.ehcache.EhCacheFactoryBean"> <property name="cacheManager"><ref local="cacheManager"/></property> <property name="cacheName" value="ticketCache"/> </bean> <bean id="statelessTicketCache" class=" org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache"> <property name="cache"><ref local="ticketCacheBackend"/></property> </bean> <bean id="casAuthoritiesPopulator" class=" org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator"> <property name="userDetailsService"><ref local="LdapUserDetailsImpl"/></property > </bean> <bean id="LdapUserDetailsImpl" class=" org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl" /> <bean id="casProxyDecider" class=" org.acegisecurity.providers.cas.proxy.RejectProxyTickets"/> <bean id="serviceProperties" class=" org.acegisecurity.ui.cas.ServiceProperties"> <property name="service" value="https://genio.pbh:8443/"/<https://genio.pbh:8443/%22/> > <property name="sendRenew" value="false"/> </bean> <!-- note logout has little impact, due to CAS reauthentication functionality (it will cause a refresh of the authentication though) --> <bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter"> <constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout --> <constructor-arg> <list> <bean class=" org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/> </list> </constructor-arg> </bean> <!-- ===================== HTTP CHANNEL REQUIREMENTS ==================== --> <!-- Enabled by default for CAS, as a CAS deployment uses HTTPS --> <bean id="channelProcessingFilter" class=" org.acegisecurity.securechannel.ChannelProcessingFilter"> <property name="channelDecisionManager"><ref local="channelDecisionManager"/></property> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON \A/secure/.*\Z=REQUIRES_SECURE_CHANNEL \A/j_acegi_cas_security_check.*\Z=REQUIRES_SECURE_CHANNEL \A.*\Z=REQUIRES_INSECURE_CHANNEL </value> </property> </bean> <bean id="channelDecisionManager" class=" org.acegisecurity.securechannel.ChannelDecisionManagerImpl"> <property name="channelProcessors"> <list> <ref local="secureChannelProcessor"/> <ref local="insecureChannelProcessor"/> </list> </property> </bean> <bean id="secureChannelProcessor" class=" org.acegisecurity.securechannel.SecureChannelProcessor"/> <bean id="insecureChannelProcessor" class=" org.acegisecurity.securechannel.InsecureChannelProcessor"/> <!-- ===================== HTTP REQUEST SECURITY ==================== --> <bean id="exceptionTranslationFilter" class=" org.acegisecurity.ui.ExceptionTranslationFilter"> <property name="authenticationEntryPoint"><ref local="casProcessingFilterEntryPoint"/></property> </bean> <bean id="casProcessingFilter" class=" org.acegisecurity.ui.cas.CasProcessingFilter"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="authenticationFailureUrl"><value>/casfailed.jsp</value></property> <property name="defaultTargetUrl"><value>/</value></property> <property name="filterProcessesUrl"><value>/j_acegi_cas_security_check</value></property> </bean> <bean id="casProcessingFilterEntryPoint" class=" org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint"> <property name="loginUrl"><value>https://genio.pbh:8443/cas/login </value></property> <property name="serviceProperties"><ref local="serviceProperties"/></property> </bean> <bean id="httpRequestAccessDecisionManager" class=" org.acegisecurity.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions"><value>false</value></property> <property name="decisionVoters"> <list> <ref bean="roleVoter"/> </list> </property> </bean> <!-- Note the order that entries are placed against the objectDefinitionSource is critical. The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL. Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last --> <bean id="filterInvocationInterceptor" class=" org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON \A/secure/super.*\Z=ROLE_WE_DONT_HAVE \A/secure/.*\Z=ROLE_SUPERVISOR,ROLE_TELLER </value> </property> </bean> <beans> []s Wilson Milagres -- []s Wilson Milagres bhdancadesalao.blogspot.com
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
