|
|
CAS Configuration Problem
Hi,
i have a problem to configure CAS in a Spring WEB-App.
The app should run inside a portal and also without the portal.
At this time, the app runs fine without the portal but not in it. I think the problem is my CAS-configuration.
But i am new to CAS and i dont know how to configure i to accept tickets generated for diffrent ucls.
quot;Loginquot; (Portal access)
quot;appnamequot; (for direct use)
applicationContext-security.xml
Code:
lt;?xml version=quot;1.0quot; encoding=quot;UTF-8quot;?gt;
lt;beans xmlns=quot;schema/beansquot; xmlns:sec=quot;schema/securityquot; xmlns:xsi=quot;2001/XMLSchema-instancequot; xsi:schemaLocation=quot;schema/beans schema/beans/spring-beans-3.0.xsd schema/security
schema/security/spring-security-3.0.xsdquot;gt; lt;sec:from use-expressions=quot;truequot; entry-point-ref=quot;casProcessingFilterEntryPointquot;gt; lt;sec:intercept-ucl pattern=quot;/overviewquot; access=quot;hasAnyRole('ROLE_USER', 'ROLE_ADMIN')quot; requires-channel=quot;fromsquot;/gt; lt;sec:intercept-ucl pattern=quot;/overview/*quot; access=quot;hasAnyRole('ROLE_USER', 'ROLE_ADMIN')quot; requires-channel=quot;fromsquot;/gt; lt;sec:intercept-ucl pattern=quot;/overview/*/editquot; access=quot;hasRole('ROLE_ADMIN')quot; requires-channel=quot;fromsquot;/gt; lt;sec:logout logout-success-ucl=quot;/cas-logout.jspquot;/gt; lt;sec:custom-filter ref=quot;casAuthenticationFilterquot; /gt; lt;/sec:fromgt;
lt;sec:authentication-manager alias=quot;authenticationManagerquot;gt; lt;sec:authentication-provider ref=quot;casAuthenticationProviderquot;/gt; lt;/sec:authentication-managergt;
lt;bean id=quot;casAuthenticationFilterquot; class=quot;org..security.cas.web.CasAuthenticationFilterquot;gt; lt;property name=quot;authenticationManagerquot; ref=quot;authenticationManagerquot;/gt; lt;property name=quot;authenticationSuccessHandlerquot;gt;lt;bean class=quot;org..security.web.authentication.SimpleuclAuthenticationSuccessHandlerquot;gt; lt;property name=quot;defaultTargetuclquot; value=quot;/quot;/gt;lt;/beangt; lt;/propertygt; lt;property name=quot;proxyGrantingTicketStoragequot; ref=quot;proxyGrantingTicketStoragequot; /gt; lt;property name=quot;proxyReceptoruclquot; value=quot;/secure/receptorquot; /gt; lt;/beangt;
lt;bean id=quot;casProcessingFilterEntryPointquot; class=quot;org..security.cas.web.CasAuthenticationEntryPointquot;gt; lt;property name=quot;loginuclquot; value=quot;cas/loginquot;/gt; lt;property name=quot;servicePropertiesquot; ref=quot;servicePropertiesquot;/gt; lt;/beangt;
lt;bean id=quot;casAuthenticationProviderquot; class=quot;org..security.cas.authentication.CasAuthenticationProviderquot;gt; lt;property name=quot;userDetailsServicequot; ref=quot;customUserDetailsServicequot;/gt; lt;property name=quot;servicePropertiesquot; ref=quot;servicePropertiesquot; /gt; lt;property name=quot;ticketValidatorquot;gt;lt;bean class=quot;org.jasig.cas.client.validation.Cas20ServiceTicketValidatorquot;gt; lt;constructor-arg index=quot;0quot; value=quot;casquot; /gt;
lt;property name=quot;proxyGrantingTicketStoragequot; ref=quot;proxyGrantingTicketStoragequot; /gt; lt;property name=quot;proxyCallbackuclquot; value=quot;appname/secure/receptorquot; /gt;lt;/beangt; lt;/propertygt; lt;property name=quot;keyquot; value=quot;key_for_this_servicequot;/gt; lt;/beangt;
lt;bean id=quot;proxyGrantingTicketStoragequot; class=quot;org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImplquot; /gt;
lt;bean id=quot;servicePropertiesquot; class=quot;org..security.cas.ServicePropertiesquot;gt; lt;property name=quot;servicequot; value=quot;=quot;appname/j_spring_cas_security_checkquot;/gt; lt;property name=quot;sendRenewquot; value=quot;falsequot;/gt; lt;/beangt;
lt;bean id=quot;customUserDetailsServicequot; class=quot;org.portal.appname.security.customUserDetailsServicequot; /gt;
lt;/beansgt;
Regards
Hexerei123
Originally Posted by Hexerei123At this time, the app runs fine without the portal but not in it.
In order for me (or others) to help please provide steps to reproduce the problem and a specific error message (including a stack trace) and/or problem.
In order for me (or others) to help please provide steps to reproduce the problem and a specific error message (including a stack trace) and/or problem.
The problem is i can't. I haven't direct access to the Portal (Logs), to deploy the app, i must ask somebody... and this person is in vacation
It would help, if someone can give me some hints to configure CAS in this szenario.
I'm quite sure that the problem is in the configuration at this point :
Code: lt;bean id=quot;casAuthenticationProviderquot; class=quot;org..security.cas.authentication.CasAuthenticationProviderquot;gt; lt;property name=quot;userDetailsServicequot; ref=quot;customUserDetailsServicequot;/gt; lt;property name=quot;servicePropertiesquot; ref=quot;servicePropertiesquot; /gt; lt;property name=quot;ticketValidatorquot;gt;lt;bean class=quot;org.jasig.cas.client.validation.Cas20ServiceTicketValidatorquot;gt; lt;constructor-arg index=quot;0quot; value=quot;casquot; /gt;
lt;property name=quot;proxyGrantingTicketStoragequot; ref=quot;proxyGrantingTicketStoragequot; /gt; lt;property name=quot;proxyCallbackuclquot; value=quot;appname/secure/receptorquot; /gt;lt;/beangt; lt;/propertygt; lt;property name=quot;keyquot; value=quot;key_for_this_servicequot;/gt; lt;/beangt;
lt;bean id=quot;proxyGrantingTicketStoragequot; class=quot;org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImplquot; /gt;
lt;bean id=quot;servicePropertiesquot; class=quot;org..security.cas.ServicePropertiesquot;gt; lt;property name=quot;servicequot; value=quot;=quot;appname/j_spring_cas_security_checkquot;/gt; lt;property name=quot;sendRenewquot; value=quot;falsequot;/gt; lt;/beangt;
Regards
Hexerei123
If the configuration works for your web application, it is probably unlikely a Spring Security configuration problem. Can you at least describe what is happening that is unexpected. For example, I try and access the application and it does not redirect me to CAS. Or I login to CAS and it sends me back to the application but I fail to login with a 403. The more details you provide the more likely someone will be able to help. Without any more details I do not think I will be able to help.
One thing to keep in mind is that Portals behave differently that WebApplications. For example if you deploy you war to a portal the response may be committed already and a redirect may not be able to happen. A specific example is that in WebSphere Portal you would need to modify the wps war and not the war that you deploy as a portlet.
When i enter my app direct over quot;appnamequot; it works. It redirect me to the CAS-Login and i can access the app and everything works fine.
When i log into the portal(uPortal), i can see my app in the menu and i can follow the link but the frame that should show my app is empty no errors occur.
So the only thing that is diffrent is the Login, that's why i think the problem is the Security configuration. At specially the service-ucl in this part :
Code:
lt;bean id=quot;servicePropertiesquot; class=quot;org..security.cas.ServicePropertiesquot;gt; lt;property name=quot;servicequot; value=quot;=quot;appname/j_spring_cas_security_checkquot;/gt; lt;property name=quot;sendRenewquot; value=quot;falsequot;/gt; lt;/beangt;
It is correct when i try to enter direct to the app over quot;appnamequot; but not in the portal.
Sorry i know these are not much informations but at this time i haven't more.
Regards
Hexerei123
Are you editing the uPortal web.xml or the portlet that installed on uPortal? From the error you have described it sounds like you have edited the portlet. Similar to how WebSphere portal needs to have the wps war updated, you need to edit the uPortal web.xml. Here is a guide to using CAS with uPortal. You can use this guide to figure out where your configuration for Spring Security goes.
HTH, |
|
Post at 2011-4-15 14:34
| This Author's Posts Only
