Hi
I think I'm nearly there! But....
My App is using Spring Security to authenticate to CAS. I access a secure page,
and it correctly sends me to CAS. I log in to CAS, and it seems to be
redirecting back to the right URL, but then it sends me back to CAS again with
the following URL:
https://mycomputer/cas/login;jsessionid=762CDC73672F70FFB30C000FB59FAED8?service=https%3A%2F%2Fmycomputer%3A443%2FSample4%2Fj_spring_cas_security_check
(this gives a DNS error)
If I change the loginUrl property of casProcessingFilterEntryPoint so that
there's a '?' at the end, the request param string is correctly broken up, and
I get sent to the 'Login Successful' cas JSP.
QUESTION 1) Is this a bug? I saw a bug about redirecting, but it was fixed a
while ago, so presumably is in my very recently downloaded version of CAS
server.
But I should be back at my webapp at this point. For some reason, it's sent me
back to CAS.
QUESTION 2) Is my config causing a redirection problem? The certificate is
setup for 'mycomputer', and my proxy is being bypassed for that computer name
(just in case). It's also in my hosts file (127.0.0.1 localhost mycomputer)
Here's my applicationContext.xml
<sec:http entry-point-ref="casProcessingFilterEntryPoint">
<sec:intercept-url pattern="/secure/**" access="ROLE_USER"/>
<sec:logout />
</sec:http>
<sec:authentication-manager alias="authenticationManager"/>
<bean id="casProcessingFilter"
class="org.springframework.security.ui.cas.CasProcessingFilter">
<sec:custom-filter after="CAS_PROCESSING_FILTER"/>
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureUrl" value="/casfailed.jsp"/>
<property name="defaultTargetUrl" value="/"/>
</bean>
<bean id="casProcessingFilterEntryPoint"
class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint">
<property name="loginUrl" value="https://mycomputer:443/cas/login?"/>
<property name="serviceProperties" ref="serviceProperties"/>
</bean>
<bean id="casAuthenticationProvider"
class="org.springframework.security.providers.cas.CasAuthenticationProvider">
<sec:custom-authentication-provider />
<property name="userDetailsService" ref="userService"/>
<property name="serviceProperties" ref="serviceProperties" />
<property name="ticketValidator">
<bean
class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="https://mycomputer:443/cas"; />
</bean>
</property>
<property name="key" value="an_id_for_this_auth_provider_only"/>
</bean>
<bean id="serviceProperties"
class="org.springframework.security.ui.cas.ServiceProperties">
<property name="service"
value="https://mycomputer:443/Sample4/j_spring_cas_security_check"/>
<property name="sendRenew" value="false"/>
</bean>
<sec:user-service id="userService">
<sec:user name="richard.gundersen" password="password"
authorities="ROLE_SUPERVISOR,ROLE_USER" />
<sec:user name="dianne" password="dianne" authorities="ROLE_USER" />
<sec:user name="scott" password="scott" authorities="ROLE_USER" />
</sec:user-service>
Here's my log output
2008-05-02 11:56:25,179 DEBUG
org.springframework.security.ui.ExceptionTranslationFilter.sendStartAuthentication:200
- Authentication entry point being called; SavedRequest added to Session:
SavedRequest[http://mycomputer/Sample4/secure/secure.jsp]
2008-05-02 11:56:25,179 DEBUG
org.springframework.security.ui.session.HttpSessionEventPublisher.sessionCreated:67
- Publishing event: [EMAIL PROTECTED]
2008-05-02 11:56:25,179 DEBUG
org.springframework.web.context.support.XmlWebApplicationContext.publishEvent:273
- Publishing event in context [EMAIL PROTECTED]: [EMAIL PROTECTED]
2008-05-02 11:56:25,179 DEBUG
org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp:249
- SecurityContextHolder now cleared, as request processing completed
2008-05-02 11:56:25,179 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] -
<Granted service ticket [ST-2-w7oHeda1o2rhz4J1ueU1-cas] for service
[https://mycomputer/Sample4/j_spring_cas_security_check] for user
[richard.gundersen]>
2008-05-02 11:56:25,195 DEBUG
org.springframework.security.util.FilterChainProxy.getFilters:194 - Converted
URL to lowercase, from:
'/j_spring_cas_security_check?ticket=st-2-w7oheda1o2rhz4j1ueu1-cas'; to:
'/j_spring_cas_security_check?ticket=st-2-w7oheda1o2rhz4j1ueu1-cas'
2008-05-02 11:56:25,195 DEBUG
org.springframework.security.util.FilterChainProxy.getFilters:201 - Candidate
is: '/j_spring_cas_security_check?ticket=st-2-w7oheda1o2rhz4j1ueu1-cas';
pattern is /**; matched=true
2008-05-02 11:56:25,195 DEBUG
org.springframework.security.util.FilterChainProxy.doFilter:366 -
/j_spring_cas_security_check?ticket=ST-2-w7oHeda1o2rhz4J1ueU1-cas at position 1
of 7 in additional filter chain; firing Filter: 'class
org.springframework.security.context.HttpSessionContextIntegrationFilter[
order=200; ]'
2008-05-02 11:56:25,195 DEBUG
org.springframework.security.context.HttpSessionContextIntegrationFilter.readSecurityContextFromSession:280
- HttpSession returned null object for SPRING_SECURITY_CONTEXT
2008-05-02 11:56:25,195 DEBUG
org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp:203
- New SecurityContext instance will be associated with SecurityContextHolder
2008-05-02 11:56:25,195 DEBUG
org.springframework.security.util.FilterChainProxy.doFilter:366 -
/j_spring_cas_security_check?ticket=ST-2-w7oHeda1o2rhz4J1ueU1-cas at position 2
of 7 in additional filter chain; firing Filter: 'class
org.springframework.security.ui.SessionFixationProtectionFilter[ order=300; ]'
2008-05-02 11:56:25,195 DEBUG
org.springframework.security.util.FilterChainProxy.doFilter:366 -
/j_spring_cas_security_check?ticket=ST-2-w7oHeda1o2rhz4J1ueU1-cas at position 3
of 7 in additional filter chain; firing Filter: 'class
org.springframework.security.ui.logout.LogoutFilter[ order=400; ]'
2008-05-02 11:56:25,195 DEBUG
org.springframework.security.util.FilterChainProxy.doFilter:366 -
/j_spring_cas_security_check?ticket=ST-2-w7oHeda1o2rhz4J1ueU1-cas at position 4
of 7 in additional filter chain; firing Filter: '[EMAIL PROTECTED]'
2008-05-02 11:56:25,195 DEBUG
org.springframework.security.ui.cas.CasProcessingFilter.doFilterHttp:242 -
Request is to process authentication
2008-05-02 11:56:25,195 DEBUG
org.springframework.security.providers.ProviderManager.doAuthentication:190 -
Authentication attempt using
org.springframework.security.providers.cas.CasAuthenticationProvider
May 2, 2008 11:56:25 AM org.apache.tomcat.util.http.Parameters processParameters
WARNING: Parameters: Invalid chunk ignored.
2008-05-02 11:56:25,210 DEBUG
org.springframework.web.context.support.XmlWebApplicationContext.publishEvent:273
- Publishing event in context [EMAIL PROTECTED]: [EMAIL PROTECTED]: Principal:
[EMAIL PROTECTED]: Username: richard.gundersen; Password: [PROTECTED]; Enabled:
true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked:
true; Granted Authorities: ROLE_SUPERVISOR, ROLE_USER; Password: [PROTECTED];
Authenticated: true; Details: [EMAIL PROTECTED]: RemoteIpAddress: 127.0.0.1;
SessionId: 7105BAEC5E94DEC1E6F89B15735C8D6D; Granted Authorities:
ROLE_SUPERVISOR, ROLE_USER Assertion: [EMAIL PROTECTED] Credentials
(Service/Proxy Ticket): ST-2-w7oHeda1o2rhz4J1ueU1-cas]
2008-05-02 11:56:25,210 DEBUG
org.springframework.security.ui.cas.CasProcessingFilter.successfulAuthentication:348
- Authentication success: [EMAIL PROTECTED]: Principal: [EMAIL PROTECTED]:
Username: richard.gundersen; Password: [PROTECTED]; Enabled: true;
AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true;
Granted Authorities: ROLE_SUPERVISOR, ROLE_USER; Password: [PROTECTED];
Authenticated: true; Details: [EMAIL PROTECTED]: RemoteIpAddress: 127.0.0.1;
SessionId: 7105BAEC5E94DEC1E6F89B15735C8D6D; Granted Authorities:
ROLE_SUPERVISOR, ROLE_USER Assertion: [EMAIL PROTECTED] Credentials
(Service/Proxy Ticket): ST-2-w7oHeda1o2rhz4J1ueU1-cas
2008-05-02 11:56:25,210 DEBUG
org.springframework.security.ui.cas.CasProcessingFilter.successfulAuthentication:354
- Updated SecurityContextHolder to contain the following Authentication:
'[EMAIL PROTECTED]: Principal: [EMAIL PROTECTED]: Username: richard.gundersen;
Password: [PROTECTED]; Enabled: true; AccountNonExpired: true;
credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities:
ROLE_SUPERVISOR, ROLE_USER; Password: [PROTECTED]; Authenticated: true;
Details: [EMAIL PROTECTED]: RemoteIpAddress: 127.0.0.1; SessionId:
7105BAEC5E94DEC1E6F89B15735C8D6D; Granted Authorities: ROLE_SUPERVISOR,
ROLE_USER Assertion: [EMAIL PROTECTED] Credentials (Service/Proxy Ticket):
ST-2-w7oHeda1o2rhz4J1ueU1-cas'
2008-05-02 11:56:25,210 DEBUG
org.springframework.security.ui.cas.CasProcessingFilter.successfulAuthentication:364
- Redirecting to target URL from HTTP Session (or default):
http://mycomputer/Sample4/secure/secure.jsp
2008-05-02 11:56:25,210 DEBUG
org.springframework.web.context.support.XmlWebApplicationContext.publishEvent:273
- Publishing event in context [EMAIL PROTECTED]: [EMAIL PROTECTED]: Principal:
[EMAIL PROTECTED]: Username: richard.gundersen; Password: [PROTECTED]; Enabled:
true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked:
true; Granted Authorities: ROLE_SUPERVISOR, ROLE_USER; Password: [PROTECTED];
Authenticated: true; Details: [EMAIL PROTECTED]: RemoteIpAddress: 127.0.0.1;
SessionId: 7105BAEC5E94DEC1E6F89B15735C8D6D; Granted Authorities:
ROLE_SUPERVISOR, ROLE_USER Assertion: [EMAIL PROTECTED] Credentials
(Service/Proxy Ticket): ST-2-w7oHeda1o2rhz4J1ueU1-cas]
2008-05-02 11:56:25,210 DEBUG
org.springframework.security.util.SessionUtils.startNewSessionIfRequired:39 -
Invalidating session with Id '7105BAEC5E94DEC1E6F89B15735C8D6D' and migrating
attributes.
2008-05-02 11:56:25,210 DEBUG
org.springframework.security.ui.session.HttpSessionEventPublisher.sessionDestroyed:83
- Publishing event: [EMAIL PROTECTED]
2008-05-02 11:56:25,226 DEBUG
org.springframework.web.context.support.XmlWebApplicationContext.publishEvent:273
- Publishing event in context [EMAIL PROTECTED]: [EMAIL PROTECTED]
2008-05-02 11:56:25,226 DEBUG
org.springframework.security.ui.session.HttpSessionEventPublisher.sessionCreated:67
- Publishing event: [EMAIL PROTECTED]
2008-05-02 11:56:25,226 DEBUG
org.springframework.web.context.support.XmlWebApplicationContext.publishEvent:273
- Publishing event in context [EMAIL PROTECTED]: [EMAIL PROTECTED]
2008-05-02 11:56:25,226 DEBUG
org.springframework.security.util.SessionUtils.startNewSessionIfRequired:59 -
Started new session: BCEAEC7E62C9CDD284219602DFC02C0A
2008-05-02 11:56:25,226 DEBUG
org.springframework.security.context.HttpSessionContextIntegrationFilter.storeSecurityContextInSession:382
- SecurityContext stored to HttpSession: '[EMAIL PROTECTED]: Authentication:
[EMAIL PROTECTED]: Principal: [EMAIL PROTECTED]: Username: richard.gundersen;
Password: [PROTECTED]; Enabled: true; AccountNonExpired: true;
credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities:
ROLE_SUPERVISOR, ROLE_USER; Password: [PROTECTED]; Authenticated: true;
Details: [EMAIL PROTECTED]: RemoteIpAddress: 127.0.0.1; SessionId:
7105BAEC5E94DEC1E6F89B15735C8D6D; Granted Authorities: ROLE_SUPERVISOR,
ROLE_USER Assertion: [EMAIL PROTECTED] Credentials (Service/Proxy Ticket):
ST-2-w7oHeda1o2rhz4J1ueU1-cas'
2008-05-02 11:56:25,226 DEBUG
org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp:249
- SecurityContextHolder now cleared, as request processing completed
Please help
Richard
_________________________________________________________________
Discover and Win with Live Search
http://clk.atdmt.com/UKM/go/msnnkmgl0010000007ukm/direct/01/_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
