Sorry that I am overloading you with messages but we are in the middle of POC. And the usage of this product depends on this demo.
The problem basically is that I am not getting redirected to the original secured url after Authentication is succeeded by CAS. So if I put this url: http://192.168.108.195:8080/admin/users.jsp I am redirected to CAS and then getting back to http://192.168.108.195:8080/?ticket=ST-101-xbchpsGcnvN6WuSBi5EE-cas01.example.org And not to http://192.168.108.195:8080/admin/users.jsp. That's my current configuration: <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns="http://java.sun.com/xml/ns/javaee"; xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"; xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"; id="WebApp_ID" version="2.5"> <display-name>rlesecuritywithtags</display-name> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <filter> <filter-name>ShiroFilter</filter-name> <filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class> <init-param> <param-name>config</param-name> <param-value> #See Shiro API http://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/servlet/IniShiroFilter.html #create an object of the RoleSecurityJdbcRealm #IniShiroFilter will inject that object into the SecurityManager [main] #realmA = name.brucephillips.somesecurity.dao.RoleSecurityJdbcRealm casFilter = org.apache.shiro.cas.CasFilter casFilter.failureUrl = /unauthorized.jsp casRealm = org.apache.shiro.cas.CasRealm casRealm.defaultRoles = ROLE_ADMIN casRealm.casServerUrlPrefix = http://192.168.2.101/cas casRealm.casService = http://192.168.108.195:8080/ casSubjectFactory = org.apache.shiro.cas.CasSubjectFactory securityManager.subjectFactory = $casSubjectFactory roles.loginUrl = http://192.168.2.101:8080/cas/login?service=http://192.168.108.195:8080/ roles.unauthorizedUrl = /unauthorized.jsp #this application will use all the default #filters (see link above) #for example the default login page is /login.jsp #users who try to access a page protected by Shiro #will be sent to /login.jsp #only let authenticated users #with the appropriate role #view the web pages in the secure #and admin areas [urls] /secure/** = roles[user] /admin/** = roles[admin] /** = anon / = casFilter </param-value> </init-param> </filter> <filter-mapping> <filter-name>ShiroFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <description>Finds all users in the data store</description> <display-name>GetAllUsers</display-name> <servlet-name>GetAllUsers</servlet-name> <servlet-class>name.brucephillips.somesecurity.servlet.GetAllUsers</servlet-class> </servlet> <servlet> <description> Log in user using username and password provided</description> <display-name> LoginUser</display-name> <servlet-name>LoginUser</servlet-name> <servlet-class> name.brucephillips.somesecurity.servlet.LoginUser</servlet-class> </servlet> <servlet> <description> Logs user out</description> <display-name> LogoutUser</display-name> <servlet-name>LogoutUser</servlet-name> <servlet-class> name.brucephillips.somesecurity.servlet.LogoutUser</servlet-class> </servlet> <servlet-mapping> <servlet-name>GetAllUsers</servlet-name> <url-pattern>/GetAllUsers</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>LoginUser</servlet-name> <url-pattern>/LoginUser</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>LogoutUser</servlet-name> <url-pattern>/LogoutUser</url-pattern> </servlet-mapping> <resource-ref> <description>My DataSource Reference</description> <res-ref-name>jdbc/security</res-ref-name> <res-type>javax.sql.DataSource</res-type> <res-auth>Container</res-auth> <res-sharing-scope>Shareable</res-sharing-scope> </resource-ref> </web-app> thanks you. -- View this message in context: http://shiro-user.582556.n2.nabble.com/Cant-Integrate-Shiro-with-CAS-tp7579234p7579244.html Sent from the Shiro User mailing list archive at Nabble.com.
