I am using Spring framework with Security in my web application. I have a Guest user and its privileges in my db but I can't implement AnonymousAuthenticationFilter and AnonymousAuthenticationProvider to use that user. Here is my appSecurity configuration:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<bean id="loginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"
p:loginFormUrl="/login" p:useForward="false" p:forceHttps="false" />
<bean id="successHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"
p:defaultTargetUrl="/" />
<bean id="failureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
p:defaultFailureUrl="/login?error=true" p:useForward="false" />
<bean id="accessDeniedHandler"
class="com.asosyalbebe.springtest.gui.user.security.CustomAccessDeniedHandler">
<property name="accessDeniedUrl" value="/accessDenied" />
</bean>
<bean id="userDetailsService"
class="com.asosyalbebe.springtest.gui.user.service.UserServiceImpl" />
<bean id="tokenBasedRememberMeServices"
class="com.asosyalbebe.springtest.gui.user.security.CustomRememberMeServices">
<property name="alwaysRemember" value="true" />
<property name="key" value="abcdef123456" />
<property name="parameter" value="remember" />
<property name="cookieName" value="_ab_memo" />
<property name="userDetailsService" ref="userDetailsService" />
</bean>
<bean id="authenticationProcessingFilter"
class="com.asosyalbebe.springtest.gui.user.security.AuthenticationProcessingFilter">
<property name="filterProcessesUrl" value="/j_spring_security_check" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="postOnly" value="true" />
<property name="authenticationSuccessHandler" ref="successHandler" />
<property name="authenticationFailureHandler" ref="failureHandler" />
<property name="rememberMeServices" ref="tokenBasedRememberMeServices" />
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
ref="anonymousAuthProvider" />
<security:authentication-provider
ref="rememberMeAuthProvider" />
<security:authentication-provider
ref="customAuthenticationProvider" />
</security:authentication-manager>
<bean id="anonymousAuthProvider" class="com.asosyalbebe.springtest.gui.user.security.CustomAnonymousAuthProvider">
<property name="userDetailsService" ref="userDetailsService" />
<property name="key" value="foobar" />
</bean>
<bean name="rememberMeAuthProvider"
class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
<property name="key" value="xy1245aazpo98qwe" />
</bean>
<bean id="customAuthenticationProvider"
class="com.asosyalbebe.springtest.gui.user.security.UserAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService" />
</bean>
<bean id="securityContextPersistenceFilter"
class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
<property name='securityContextRepository'>
<bean
class='org.springframework.security.web.context.HttpSessionSecurityContextRepository'>
<property name='allowSessionCreation' value='false' />
</bean>
</property>
</bean>
<bean id="customLogoutSuccessHandler" class="com.asosyalbebe.springtest.gui.user.security.CustomLogoutSuccessHandler" />
<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg ref="customLogoutSuccessHandler" />
<constructor-arg>
<list>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
<ref bean="tokenBasedRememberMeServices"/>
</list>
</constructor-arg>
</bean>
<bean name="rememberMeAuthenticationFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="rememberMeServices" ref="tokenBasedRememberMeServices" />
</bean>
<bean id="anonymousProcessingFilter" class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter">
<property name="key" value="foobar" />
<property name="userAttribute" value="anonymousUser,PRIV_ANONYMOUS" />
</bean>
<bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter">
<property name="authenticationEntryPoint" ref="loginUrlAuthenticationEntryPoint" />
<property name="accessDeniedHandler" ref="accessDeniedHandler"/>
</bean>
<bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter">
<property name="rolePrefix" value="PRIV_"/>
</bean>
<bean id="accessDecisionManager" class="com.asosyalbebe.springtest.gui.user.security.CustomAccessDecisionManager">
<property name="allowIfAllAbstainDecisions" value="false" />
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
</list>
</property>
</bean>
<bean id="securityMetadataSource" class="com.asosyalbebe.springtest.gui.user.security.CustomFilterInvocationDefinitionSource"/>
<bean id="filterInvocationInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager" />
<property name="accessDecisionManager" ref="accessDecisionManager" />
<property name="securityMetadataSource" ref="securityMetadataSource" />
<property name="rejectPublicInvocations" value="false"/>
</bean>
<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map path-type="ant">
<security:filter-chain pattern="/**"
filters="securityContextPersistenceFilter,
logoutFilter,
authenticationProcessingFilter,
rememberMeAuthenticationFilter,
anonymousProcessingFilter,
exceptionTranslationFilter,
filterInvocationInterceptor" />
</security:filter-chain-map>
</bean>
</beans>
And here is my Custom Anonymous Authentication Provider:
package com.asosyalbebe.springtest.gui.user.security;
import org.springframework.security.authentication.AnonymousAuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import com.asosyalbebe.springtest.gui.user.model.GuiUser;
import com.asosyalbebe.springtest.gui.user.service.UserService;
#SuppressWarnings("deprecation")
public class CustomAnonymousAuthProvider extends AnonymousAuthenticationProvider {
private UserService userDetailsService;
#Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
GuiUser user = userDetailsService.getGuestUser();
UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(user, "pwd", user.getAuthorities());
result.setDetails(user);
return result;
}
#Override
public boolean supports(Class<?> class1) {
return true;
}
public void setUserDetailsService(UserService userDetailsService) {
this.userDetailsService = userDetailsService;
}
}
I think the authenticate method in CustomAnonymousAuthProvider is never executed. What else can I do?
From the AuthenticationManager's perspective, the AnonymousAuthenticationToken which is created by then filter is already authenticated (the isAuthenticated property is true), so it doesn't try to authenticate it. Hence your provider is not called.
The simplest option would be to customize the AnonymousAuthenticationFilter to use the authorities from your database directly.
Related
I has an application with Spring 2.5.6 running with JDK 1.6. I changed to version 4.3.6 to use JDK 1.8.
Already changed some methods and imports...
There is no more compilation erros.
But when I try to start the application with Jetty i got the following error:
[WARNING] Nested in org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Failed to import bean definitions from URL location [classpath:spring-security-config.xml]
Offending resource: class path resource [beanRefFacory.xml]; nested exception is org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 18 in XML document from class path resource [spring-security-config.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 18; columnNumber: 58; cvc-complex-type.2.4.c: O curinga correspondente é restrito, mas nenhuma declaração pode ser encontrada para o elemento 'security:http'.:
org.xml.sax.SAXParseException; lineNumber: 18; columnNumber: 58; cvc-complex-type.2.4.c: O curinga correspondente é restrito, mas nenhuma declaração pode ser encontrada para o elemento 'security:http'.
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:198)
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.java:134)
at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:437)
at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:368)
at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:325)
at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(XMLSchemaValidator.java:458)
at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.reportSchemaError(XMLSchemaValidator.java:3237)
at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.handleStartElement(XMLSchemaValidator.java:1917)
at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.startElement(XMLSchemaValidator.java:746)
at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:379)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2786)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:606)
at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:117)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:510)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:848)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:777)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:243)
at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:347)
at org.springframework.beans.factory.xml.DefaultDocumentLoader.loadDocument(DefaultDocumentLoader.java:76)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadDocument(XmlBeanDefinitionReader.java:429)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:391)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:336)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:304)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:181)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:217)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.importBeanDefinitionResource(DefaultBeanDefinitionDocumentReader.java:227)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseDefaultElement(DefaultBeanDefinitionDocumentReader.java:184)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:169)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.doRegisterBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:142)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:94)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:508)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:392)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:336)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:304)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:181)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:217)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:188)
at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:125)
at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:94)
at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:129)
at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:613)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:514)
at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:444)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:326)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:548)
at org.mortbay.jetty.servlet.Context.startContext(Context.java:136)
at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250)
at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:517)
at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:467)
at org.mortbay.jetty.plugin.Jetty6PluginWebAppContext.doStart(Jetty6PluginWebAppContext.java:115)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:152)
at org.mortbay.jetty.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:156)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:152)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:130)
at org.mortbay.jetty.Server.doStart(Server.java:224)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at org.mortbay.jetty.plugin.Jetty6PluginServer.start(Jetty6PluginServer.java:132)
at org.mortbay.jetty.plugin.AbstractJettyMojo.startJetty(AbstractJettyMojo.java:441)
at org.mortbay.jetty.plugin.AbstractJettyMojo.execute(AbstractJettyMojo.java:383)
at org.mortbay.jetty.plugin.AbstractJettyRunMojo.execute(AbstractJettyRunMojo.java:210)
at org.mortbay.jetty.plugin.Jetty6RunMojo.execute(Jetty6RunMojo.java:184)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:199)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
Someone can help me with that?
edit:
This is my spring-security-config.xml (not changed during migration):
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:lang="http://www.springframework.org/schema/lang" xmlns:p="http://www.springframework.org/schema/p"
xmlns:util="http://www.springframework.org/schema/util" xmlns:camel="http://activemq.apache.org/camel/schema/spring"
xmlns:jee="http://www.springframework.org/schema/jee" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
http://activemq.apache.org/camel/schema/spring http://activemq.apache.org/camel/schema/spring/camel-spring.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-2.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd">
<security:http entry-point-ref="myAuthenticationEntryPoint"
auto-config="false" session-fixation-protection="none">
<security:intercept-url pattern="/login.iface"
filters="none" />
<security:intercept-url pattern="/img/**"
filters="none" />
<security:intercept-url pattern="/css/**"
filters="none" />
<security:intercept-url pattern="/scripts/**"
filters="none" />
<security:intercept-url pattern="/app/**"
access="IS_AUTHENTICATED_FULLY" />
<!-- <security:form-login login-page="/login.iface" default-target-url="/app/index.iface"
authentication-failure-url="/login.iface?login_error=true" /> -->
<security:logout logout-success-url="/login.jspx" />
</security:http>
<!-- Utilize 192.168.236.111 quando for testar local <security:ldap-server
url="${SOME.PROPERTY}" id="LDAPServer" /> -->
<bean id="memcachedLogin"
class="br.com.tpd.cac.thinkcat.memcached.MemCachedResourcesImpl">
<constructor-arg value="${SOME.PROPERTY}" />
<property name="timetoSet" value="${SOME.PROPERTY}" />
<property name="sessionTimeout" value="${SOME.PROPERTY}" />
</bean>
<!-- ************************************************************* *** Customized
LDAP Security Authentication/Authorization *** ************************************************************* -->
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="${SOME.PROPERTY}" />
</bean>
<bean id="poolingContextSource"
class="org.springframework.ldap.pool.factory.PoolingContextSource"
destroy-method="close">
<property name="contextSource" ref="contextSource" />
<property name="dirContextValidator" ref="dirContextValidator" />
<property name="minIdle" value="${SOME.PROPERTY}" />
<property name="maxIdle" value="${SOME.PROPERTY}" />
<property name="maxActive" value="${SOME.PROPERTY}" />
<property name="maxTotal" value="${SOME.PROPERTY}" />
<property name="maxWait" value="${SOME.PROPERTY}" />
<property name="testOnBorrow" value="${SOME.PROPERTY}" />
<property name="testWhileIdle" value="${SOME.PROPERTY}" />
<property name="timeBetweenEvictionRunsMillis"
value="${SOME.PROPERTY}" />
<property name="minEvictableIdleTimeMillis"
value="${SOME.PROPERTY}" />
<property name="numTestsPerEvictionRun"
value="${SOME.PROPERTY}" />
</bean>
<bean id="dirContextValidator"
class="org.springframework.ldap.pool.validation.DefaultDirContextValidator" />
<bean id="ldapAuthProvider"
class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
<security:custom-authentication-provider />
<constructor-arg>
<bean
class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userDnPatterns">
<!-- <list><value>uid={0},ou=people,dc=portalsigres,dc=com</value></list> -->
<list>
<value>${SOME.PROPERTY}</value>
</list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean id="ThinkCATWebLdapUserDetails" class="br.com.tpd.cac.thinkcat.security.ldap.LdapUserDetails">
<constructor-arg ref="contextSource" />
<constructor-arg value="${SOME.PROPERTY}" />
</bean>
</constructor-arg>
</bean>
<!-- ************************************************************* *** Customized
LDAP Security Authentication/Authorization *** ************************************************************* -->
<!-- LDAP TEMPLATE -->
<bean id="LDAPTemplateContext" class="net.sf.ldaptemplate.support.LdapContextSource">
<property name="url" value="${SOME.PROPERTY}" />
<property name="base" value="${SOME.PROPERTY}" />
<property name="userName" value="${SOME.PROPERTY}" />
<property name="password" value="${SOME.PROPERTY}" />
<property name="dirObjectFactory"
value="org.springframework.ldap.core.support.DefaultDirObjectFactory" />
<!-- Dont use sun ldap pool. Use poolContextSource instead -->
<property name="pooled" value="false" />
</bean>
<bean id="ldapTemplate" class="net.sf.ldaptemplate.LdapTemplate">
<constructor-arg ref="LDAPTemplateContext" />
</bean>
<bean id="sessionRegistry"
class="org.springframework.security.concurrent.SessionRegistryImpl" />
<bean id="defaultConcurrentSessionController"
class="br.com.tpd.cac.thinkcat.security.acesso.DMConcurrentSessionController">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="exceptionIfMaximumExceeded" value="${SOME.PROPERTY}" />
<property name="cache" ref="memcachedLogin" />
</bean>
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref local="ldapAuthProvider" />
</list>
</property>
<property name="sessionController" ref="defaultConcurrentSessionController" />
</bean>
<bean id="sucessfulAuthenticationCallbackImpl"
class="br.com.tpd.cac.thinkcat.security.acesso.SuccessfulAuthenticationCallbackImpl">
<property name="sessionTimeout" value="${SOME.PROPERTY}" />
<property name="cache" ref="memcachedLogin" />
</bean>
<bean id="myAuthenticationEntryPoint"
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/login.iface" />
</bean>
<bean id="authenticationProcessingFilter"
class="br.com.tpd.cac.thinkcat.security.acesso.DMAuthenticationProcessingFilter">
<security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
<property name="defaultTargetUrl" value="/app/index.iface" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureUrl" value="/login.iface?login_error=true" />
<property name="allowSessionCreation" value="true" />
<property name="callback" ref="sucessfulAuthenticationCallbackImpl" />
<property name="rememberMeServices" ref="rememberMeServices" />
</bean>
<bean id="rememberMeAuthenticationManager"
class="br.com.tpd.cac.thinkcat.security.acesso.RememberMeAuthenticationManager">
<property name="providers">
<list>
<ref local="ldapAuthProvider" />
</list>
</property>
</bean>
<bean id="rememberMeProcessingFilter"
class="br.com.tpd.cac.thinkcat.security.acesso.RememberMeAuthFilter">
<security:custom-filter position="REMEMBER_ME_FILTER" />
<property name="authenticationManager" ref="rememberMeAuthenticationManager" />
<property name="rememberMeServices" ref="rememberMeServices" />
<property name="cache" ref="memcachedLogin" />
<property name="bloqueioMultiploAcesso" value="${SOME.PROPERTY}" />
</bean>
<bean id="pdrUserDetails"
class="br.com.tpd.cac.thinkcat.security.ldap.PDRUserDetailsService" />
<bean id="rememberMeServices"
class="br.com.tpd.cac.thinkcat.security.acesso.TokenBasedRememberMeServices">
<property name="userDetailsService" ref="pdrUserDetails" />
<property name="key" value="DM_REMEMBERME_KEY" />
<property name="sessionTimeout" value="${SOME.PROPERTY}" />
<property name="cache" ref="memcachedLogin" />
</bean>
<bean id="rememberMeAuthenticationProvider"
class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider">
<security:custom-authentication-provider />
<property name="key" value="whatever" />
</bean>
</beans>
Initial answer
Here is your http element:
<security:http entry-point-ref="myAuthenticationEntryPoint"
auto-config="false" session-fixation-protection="none">
In modern Spring Security versions (4.x) the session-fixation-attribute is not suppored by http anymore; instead, it is configured on session-management: https://docs.spring.io/spring-security/site/docs/4.2.x/reference/html/appendix-namespace.html#nsa-session-management-attributes
Here is how it can look:
<security:http entry-point-ref="myAuthenticationEntryPoint"
auto-config="false">
<security:session-management session-fixation-protection="none"/>
... the rest
This is just a partial answer. If you have other issues, please update the question.
Update
I've played with your XML a bit and now Spring Security is able to parse it. Here is what I got:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:lang="http://www.springframework.org/schema/lang" xmlns:p="http://www.springframework.org/schema/p"
xmlns:util="http://www.springframework.org/schema/util" xmlns:camel="http://activemq.apache.org/camel/schema/spring"
xmlns:jee="http://www.springframework.org/schema/jee" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
http://activemq.apache.org/camel/schema/spring http://activemq.apache.org/camel/schema/spring/camel-spring.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-2.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd">
<security:http pattern="/login.iface" security="none" />
<security:http pattern="/img/**" security="none" />
<security:http pattern="/css/**" security="none" />
<security:http pattern="/scripts/**" security="none" />
<security:http entry-point-ref="myAuthenticationEntryPoint"
auto-config="false">
<security:session-management session-fixation-protection="none"/>
<security:intercept-url pattern="/app/**"
access="IS_AUTHENTICATED_FULLY" />
<!-- <security:form-login login-page="/login.iface" default-target-url="/app/index.iface"
authentication-failure-url="/login.iface?login_error=true" /> -->
<security:logout logout-success-url="/login.jspx" />
<security:custom-filter ref="authenticationProcessingFilter" position="FORM_LOGIN_FILTER"/>
<security:custom-filter ref="rememberMeProcessingFilter" position="REMEMBER_ME_FILTER" />
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="ldapAuthProvider"/>
<security:authentication-provider ref="rememberMeAuthenticationProvider" />
</security:authentication-manager>
<!-- Utilize 192.168.236.111 quando for testar local <security:ldap-server
url="${SOME.PROPERTY}" id="LDAPServer" /> -->
<!--
<bean id="memcachedLogin"
class="br.com.tpd.cac.thinkcat.memcached.MemCachedResourcesImpl">
<constructor-arg value="${SOME.PROPERTY}" />
<property name="timetoSet" value="${SOME.PROPERTY}" />
<property name="sessionTimeout" value="${SOME.PROPERTY}" />
</bean>
-->
<!-- ************************************************************* *** Customized
LDAP Security Authentication/Authorization *** ************************************************************* -->
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="${SOME.PROPERTY}" />
</bean>
<bean id="poolingContextSource"
class="org.springframework.ldap.pool.factory.PoolingContextSource"
destroy-method="close">
<property name="contextSource" ref="contextSource" />
<property name="dirContextValidator" ref="dirContextValidator" />
<property name="minIdle" value="${SOME.PROPERTY}" />
<property name="maxIdle" value="${SOME.PROPERTY}" />
<property name="maxActive" value="${SOME.PROPERTY}" />
<property name="maxTotal" value="${SOME.PROPERTY}" />
<property name="maxWait" value="${SOME.PROPERTY}" />
<property name="testOnBorrow" value="${SOME.PROPERTY}" />
<property name="testWhileIdle" value="${SOME.PROPERTY}" />
<property name="timeBetweenEvictionRunsMillis"
value="${SOME.PROPERTY}" />
<property name="minEvictableIdleTimeMillis"
value="${SOME.PROPERTY}" />
<property name="numTestsPerEvictionRun"
value="${SOME.PROPERTY}" />
</bean>
<bean id="dirContextValidator"
class="org.springframework.ldap.pool.validation.DefaultDirContextValidator" />
<bean id="ldapAuthProvider"
class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
<constructor-arg>
<bean
class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userDnPatterns">
<!-- <list><value>uid={0},ou=people,dc=portalsigres,dc=com</value></list> -->
<list>
<value>${SOME.PROPERTY}</value>
</list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean id="ThinkCATWebLdapUserDetails" class="br.com.tpd.cac.thinkcat.security.ldap.LdapUserDetails">
<constructor-arg ref="contextSource" />
<constructor-arg value="${SOME.PROPERTY}" />
</bean>
</constructor-arg>
</bean>
<!-- ************************************************************* *** Customized
LDAP Security Authentication/Authorization *** ************************************************************* -->
<!-- LDAP TEMPLATE -->
<bean id="LDAPTemplateContext" class="net.sf.ldaptemplate.support.LdapContextSource">
<property name="url" value="${SOME.PROPERTY}" />
<property name="base" value="${SOME.PROPERTY}" />
<property name="userName" value="${SOME.PROPERTY}" />
<property name="password" value="${SOME.PROPERTY}" />
<property name="dirObjectFactory"
value="org.springframework.ldap.core.support.DefaultDirObjectFactory" />
<!-- Dont use sun ldap pool. Use poolContextSource instead -->
<property name="pooled" value="false" />
</bean>
<bean id="ldapTemplate" class="net.sf.ldaptemplate.LdapTemplate">
<constructor-arg ref="LDAPTemplateContext" />
</bean>
<bean id="sessionRegistry"
class="org.springframework.security.concurrent.SessionRegistryImpl" />
<bean id="defaultConcurrentSessionController"
class="br.com.tpd.cac.thinkcat.security.acesso.DMConcurrentSessionController">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="exceptionIfMaximumExceeded" value="${SOME.PROPERTY}" />
<property name="cache" ref="memcachedLogin" />
</bean>
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="ldapAuthProvider" />
</list>
</property>
<property name="sessionController" ref="defaultConcurrentSessionController" />
</bean>
<bean id="sucessfulAuthenticationCallbackImpl"
class="br.com.tpd.cac.thinkcat.security.acesso.SuccessfulAuthenticationCallbackImpl">
<property name="sessionTimeout" value="${SOME.PROPERTY}" />
<property name="cache" ref="memcachedLogin" />
</bean>
<bean id="myAuthenticationEntryPoint"
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/login.iface" />
</bean>
<bean id="authenticationProcessingFilter"
class="br.com.tpd.cac.thinkcat.security.acesso.DMAuthenticationProcessingFilter">
<property name="defaultTargetUrl" value="/app/index.iface" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureUrl" value="/login.iface?login_error=true" />
<property name="allowSessionCreation" value="true" />
<property name="callback" ref="sucessfulAuthenticationCallbackImpl" />
<property name="rememberMeServices" ref="rememberMeServices" />
</bean>
<bean id="rememberMeAuthenticationManager"
class="br.com.tpd.cac.thinkcat.security.acesso.RememberMeAuthenticationManager">
<property name="providers">
<list>
<ref bean="ldapAuthProvider" />
</list>
</property>
</bean>
<bean id="rememberMeProcessingFilter"
class="br.com.tpd.cac.thinkcat.security.acesso.RememberMeAuthFilter">
<property name="authenticationManager" ref="rememberMeAuthenticationManager" />
<property name="rememberMeServices" ref="rememberMeServices" />
<property name="cache" ref="memcachedLogin" />
<property name="bloqueioMultiploAcesso" value="${SOME.PROPERTY}" />
</bean>
<bean id="pdrUserDetails"
class="br.com.tpd.cac.thinkcat.security.ldap.PDRUserDetailsService" />
<bean id="rememberMeServices"
class="br.com.tpd.cac.thinkcat.security.acesso.TokenBasedRememberMeServices">
<property name="userDetailsService" ref="pdrUserDetails" />
<property name="key" value="DM_REMEMBERME_KEY" />
<property name="sessionTimeout" value="${SOME.PROPERTY}" />
<property name="cache" ref="memcachedLogin" />
</bean>
<bean id="rememberMeAuthenticationProvider"
class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
<property name="key" value="whatever" />
</bean>
</beans>
What I changed:
<ref>: replaced local with bean attribute
upgraded spring-security XSD version to 3.1 as recent Spring Security versions do not support version 2.x.
moved session-fixation-protection (as described above)
moved and renamed <custom-authentication-provider> elements
renamed AUTHENTICATION_PROCESSING_FILTER to FORM_LOGIN_FILTER
moved <custom-filter> elements
for each <intercept-url> with filters="none" removed it and added an <http> element with security="none" (this is the recommended way)
changed package name for RememberMeAuthenticationProvider
This is parsed successfully by Spring. The context startup fails because it cannot find some custom class (br.com.tpd.cac.thinkcat.security.acesso.TokenBasedRememberMeServices) which I don't have. It will likely need further work, but at least it does not fail with a mysterious error message anymore.
One more thing: I used Spring Security 3.1.4 to play with it, and not Spring 4.3.x as I just ran of time for today. So this is again a partial answer, I write it hoping that it will help you.
Okay so I have an Mobile to Spring Java API Rest stack. I have implemented the Oauth2 security as described in the spring guide https://projects.spring.io/spring-security-oauth/docs/oauth2.html. I use the standard oauth/token endpoint for the user to login with credentials. Since we are trying to consolidate calls the mobile is making to the API, we want to put an access_token object in the response of the registration/step2 endpoint (at this point the users credentials and password has been persisted to the DB). I am not sure what code I need to add to get an access_token this way?
I know I have to make some DefaultTokenRequest with some params to the TokenGranter. Here is some of my config:
<bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
<property name="authenticationManager" ref="clientAuthenticationManager" />
</bean>
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
<constructor-arg>
<list>
<bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
<bean class="org.springframework.security.access.vote.RoleVoter" />
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</list>
</constructor-arg>
</bean>
<!-- Default authentication manager -->
<!--<security:authentication-manager alias="authenticationManager">-->
<!--<security:authentication-provider user-service-ref='userService' />-->
<!--<security:authentication-provider ref="daoAuthenticationProvider" />-->
<!--</security:authentication-manager>-->
<!--New authentication manager -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="authenticationProvider"/>
<security:authentication-provider user-service-ref='userService' />
</security:authentication-manager>
<beans:bean id="authenticationProvider" class="com.special.authenticationProvider" >
<property name="userDetailsService" ref="userService" />
<property name="passwordEncoder" ref="passwordEncoder" />
<property name="saltSource" ref="saltSource" />
</beans:bean>
<bean id="clientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<constructor-arg ref="clientDetailsService" />
</bean>
<!-- Authentication manager for OAUTH token request endpoint -->
<security:authentication-manager id="clientAuthenticationManager">
<security:authentication-provider user-service-ref="clientDetailsUserService" />
</security:authentication-manager>
<!-- oauth token storage -->
<bean id="oauthDataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="${database.driverClassName}" />
<property name="url" value="${database.url}" />
<property name="username" value="${database.username}" />
<property name="password" value="${database.password}" />
</bean>
<bean id="tokenStore"
class="com.special.JdbcTokenStoreUserID">
</bean>
<bean id="tokenStoreCore"
class="org.springframework.security.oauth2.provider.token.JdbcTokenStore">
<constructor-arg ref="oauthDataSource" />
</bean>
<bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<property name="tokenStore" ref="tokenStore" />
<property name="supportRefreshToken" value="true" />
<property name="clientDetailsService" ref="clientDetailsService" />
<property name="tokenEnhancer" ref="customTokenEnhancer" />
</bean>
<bean id="userApprovalHandler" class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler">
<property name="tokenServices" ref="tokenServices" />
</bean>
<bean id="customTokenEnhancer" class="com.special.CustomTokenEnhancer"></bean>
I am using CAS authentication for my application. I store my user details in LDAP Active Directory. I use spring security and JSF in my web application. I find difficulty in getting the LDAP attributes like country, country code to the managed bean. I am able to retrieve the roles, username, password from SecurityContext but I am not able to get the country details of the logged in user from the ldap.
I beleive there must be a way after the CAS authentication, I can retrieve the ldap attributes to JSF managed bean through CAS. I tried the below link but i couldnt get the details to the managed bean.
My CAS does get roles from LDAP, but I don't want my web app to talk to LDAP.
Can spring security + CAS be configured to get the ldap attributes ?
can someone help me in getting the ldap attributes like country after the CAS authentication ?
Get LDAP user attributes from CAS
I have attached my CAS deployerConfigContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<bean id="authenticationManager" class="xxx.cas.authentication.XXXOTPPolicyBasedAuthenticationManager">
<constructor-arg index="0">
<list value-type="org.jasig.cas.authentication.AuthenticationHandler" >
<ref local="ldapAuthenticationHandler"/>
<ref local="radiusAuthenticationHandler"/>
</list>
</constructor-arg>
<property name="authenticationPolicy">
<bean class="xxx.cas.authentication.XXXAllAuthenticationPolicy" />
</property>
</bean>
<!-- Required for proxy ticket mechanism. -->
<bean id="proxyAuthenticationHandler"
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" p:requireSecure="false" />
<!--
| Change principalIdAttribute to use another directory attribute,
| e.g. userPrincipalName, for the NetID
-->
<bean id="ldapAuthenticationHandler"
class="org.jasig.cas.authentication.LdapAuthenticationHandler"
p:principalIdAttribute="sAMAccountName"
c:authenticator-ref="authenticator">
<property name="principalAttributeMap">
<map>
<!--
| This map provides a simple attribute resolution mechanism.
| Keys are LDAP attribute names, values are CAS attribute names.
| Use this facility instead of a PrincipalResolver if LDAP is
| the only attribute source
-->
<entry key="displayName" value="displayName" />
<entry key="facsimileTelephoneNumber" value="facsimileTelephoneNumber" />
<entry key="memberOf" value="memberOf" />
<entry key="co" value="co" />
<entry key="c" value="c" />
<entry key="mail" value="mail" />
<entry key="description" value="role" />
</map>
</property>
</bean>
<!-- Required for proxy ticket mechanism -->
<bean id="proxyPrincipalResolver"
class="org.jasig.cas.authentication.principal.BasicPrincipalResolver" />
<!-- Radius authentication -->
<bean id="radiusClientFactory"
class="org.jasig.cas.adaptors.radius.RadiusClientFactory"
p:inetAddress="${fourtress.server}"
p:sharedSecret="${fourtress.ss}" />
<bean id="radiusServer"
class="org.jasig.cas.adaptors.radius.JRadiusServerImpl"
c:protocol="PAP"
c:clientFactory-ref="radiusClientFactory" />
<bean id="radiusAuthenticationHandler"
class="xxx.cas.authentication.XXXRadiusAuthenticationHandler">
<property name="servers">
<list>
<ref local="radiusServer" />
</list>
</property>
</bean>
<bean id="attributeRepository"
class="org.jasig.cas.persondir.LdapPersonAttributeDao"
p:connectionFactory-ref="pooledLdapConnectionFactory"
p:baseDN="ou=users,ou=egate,dc=egate-t,dc=local" p:searchControls-ref="searchControls" p:searchFilter="sAMAccountName={0}">
<property name="requireAllQueryAttributes" value="true"/>
<property name="queryAttributeMapping">
<map>
<!-- Attribute mapping between principal (key) and LDAP (value) names used to perform the LDAP search -->
<entry key="username" value="sAMAccountName" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<!-- Mapping between LDAP entry attributes (key) and Principal's (value) -->
<entry key="memberOf" value="memberOf" />
<entry key="mail" value="mail" />
<entry key="cn" value="FullName" />
<entry key="sn" value="LastName" />
<entry key="displayName" value="displayName" />
<entry key="description" value="role" />
<entry key="facsimileTelephoneNumber" value="facsimileTelephoneNumber" />
<entry key="co" value="country" />
<entry key="c" value="countryCode" />
</map>
</property>
</bean>
<bean id="searchControls"
class="javax.naming.directory.SearchControls"
p:searchScope="2"
p:countLimit="0" p:timeLimit="0" />
<!--
Sample, in-memory data store for the ServiceRegistry. A real implementation
would probably want to replace this with the JPA-backed ServiceRegistry DAO
The name of this bean should remain "serviceRegistryDao".
+-->
<bean id="serviceRegistryDao" class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"
p:registeredServices-ref="registeredServicesList" />
<util:list id="registeredServicesList">
<bean class="org.jasig.cas.services.RegexRegisteredService">
<property name="id" value="1" />
<property name="name" value="cassimple" />
<property name="description" value="cassimple application 1" />
<property name="serviceId" value="^(http?|https?|imaps?)://localhost:7002/cassimple/.*" />
<property name="evaluationOrder" value="10000001" />
</bean>
<bean class="org.jasig.cas.services.RegexRegisteredService">
<property name="id" value="2" />
<property name="name" value="casldap" />
<property name="description" value="casldap application 2" />
<property name="serviceId" value="^(http?|https?|imaps?)://localhost:7002/casldap/.*" />
<property name="evaluationOrder" value="10000002" />
<property name="allowedAttributes">
<list>
<value>memberOf</value>
<value>LastName</value>
<value>FullName</value>
<value>displayName</value>
<value>role</value>
</list>
</property>
</bean>
<bean class="org.jasig.cas.services.RegexRegisteredService">
<property name="id" value="3" />
<property name="name" value="cascir" />
<property name="description" value="cas cir application 3" />
<property name="serviceId" value="^(http?|https?|imaps?)://localhost:7002/cascir/.*" />
<property name="evaluationOrder" value="10000003" />
<property name="allowedAttributes">
<list>
<value>role</value>
<value>FullName</value>
<value>displayName</value>
<value>LastName</value>
<value>memberOf</value>
</list>
</property>
</bean>
<bean class="org.jasig.cas.services.RegexRegisteredService">
<property name="id" value="4" />
<property name="name" value="egate" />
<property name="description" value="cas egate application 4" />
<property name="serviceId" value="^(http?|https?|imaps?)://localhost:7002/egate/.*" />
<property name="evaluationOrder" value="10000004" />
<property name="allowedAttributes">
<list>
<value>role</value>
<value>FullName</value>
<value>displayName</value>
<value>LastName</value>
<value>memberOf</value>
</list>
</property>
</bean>
<bean class="org.jasig.cas.services.RegexRegisteredService">
<property name="id" value="5" />
<property name="name" value="cir" />
<property name="description" value="cas cir application 5" />
<property name="serviceId" value="^(http?|https?|imaps?)://localhost:7002/cir/.*" />
<property name="evaluationOrder" value="10000005" />
<property name="allowedAttributes">
<list>
<value>role</value>
<value>FullName</value>
<value>displayName</value>
<value>LastName</value>
<value>memberOf</value>
<value>country</value>
<value>countryCode</value>
</list>
</property>
</bean>
</util:list>
<bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
<bean id="healthCheckMonitor" class="org.jasig.cas.monitor.HealthCheckMonitor" p:monitors-ref="monitorsList" />
<util:list id="monitorsList">
<bean class="org.jasig.cas.monitor.MemoryMonitor" p:freeMemoryWarnThreshold="10" />
<!--
NOTE
The following ticket registries support SessionMonitor:
* DefaultTicketRegistry
* JpaTicketRegistry
Remove this monitor if you use an unsupported registry.
-->
<bean class="org.jasig.cas.monitor.SessionMonitor"
p:ticketRegistry-ref="ticketRegistry"
p:serviceTicketCountWarnThreshold="5000"
p:sessionCountWarnThreshold="100000" />
</util:list>
<bean id="authenticator" class="org.ldaptive.auth.Authenticator"
c:resolver-ref="dnResolver"
c:handler-ref="authHandler"
p:entryResolver-ref="entryResolver" />
<!-- Active Directory UPN format. -->
<bean id="dnResolver"
class="org.ldaptive.auth.FormatDnResolver"
c:format="${ldap.authn.format}" />
<bean id="authHandler" class="org.ldaptive.auth.PooledBindAuthenticationHandler"
p:connectionFactory-ref="pooledLdapConnectionFactory" />
<bean id="pooledLdapConnectionFactory"
class="org.ldaptive.pool.PooledConnectionFactory"
p:connectionPool-ref="connectionPool" />
<bean id="connectionPool"
class="org.ldaptive.pool.BlockingConnectionPool"
init-method="initialize"
p:poolConfig-ref="ldapPoolConfig"
p:blockWaitTime="${ldap.pool.blockWaitTime}"
p:validator-ref="searchValidator"
p:pruneStrategy-ref="pruneStrategy"
p:connectionFactory-ref="connectionFactory" />
<bean id="ldapPoolConfig" class="org.ldaptive.pool.PoolConfig"
p:minPoolSize="${ldap.pool.minSize}"
p:maxPoolSize="${ldap.pool.maxSize}"
p:validateOnCheckOut="${ldap.pool.validateOnCheckout}"
p:validatePeriodically="${ldap.pool.validatePeriodically}"
p:validatePeriod="${ldap.pool.validatePeriod}" />
<bean id="connectionFactory" class="org.ldaptive.DefaultConnectionFactory"
p:connectionConfig-ref="connectionConfig" />
<bean id="connectionConfig" class="org.ldaptive.ConnectionConfig"
p:ldapUrl="${ldap.url}"
p:connectTimeout="${ldap.connectTimeout}"
p:useStartTLS="${ldap.useStartTLS}"
p:sslConfig-ref="sslConfig"/>
<bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
<property name="credentialConfig">
<bean class="org.ldaptive.ssl.X509CredentialConfig"
p:trustCertificates="classpath:${ldap.trustedCert}" />
</property>
</bean>
<bean id="pruneStrategy" class="org.ldaptive.pool.IdlePruneStrategy"
p:prunePeriod="${ldap.pool.prunePeriod}"
p:idleTime="${ldap.pool.idleTime}" />
<bean id="searchValidator" class="org.ldaptive.pool.SearchValidator" />
<bean id="entryResolver"
class="org.jasig.cas.authentication.support.UpnSearchEntryResolver"
p:baseDn="${ldap.baseDn}" />
</beans>
My spring security.xml
<beans:beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<debug />
<global-method-security secured-annotations="enabled" />
<http auto-config="false" use-expressions="true"
entry-point-ref="casAuthenticationEntryPoint">
<custom-filter position="CAS_FILTER" ref="casAuthenticationFilter" />
<intercept-url pattern="/faces/disclaimer**" access="permitAll" />
<intercept-url pattern="/faces/searchCreditInstitution**"
access="permitAll" />
<intercept-url pattern="/faces/searchParentInstitution**"
access="hasAnyRole('ROLE_CIR_EDITOR','ROLE_CIR_AUTHORISER')" />
<intercept-url pattern="/faces/createCreditInstitution**"
access="hasAuthority('ROLE_CIR_EDITOR')" />
<intercept-url pattern="/faces/authorisation**"
access="hasAuthority('ROLE_CIR_AUTHORISER')" />
<intercept-url pattern="/faces/rejected**" access="hasAuthority('ROLE_CIR_EDITOR')" />
<intercept-url pattern="/faces/pendingApproval**"
access="hasAuthority('ROLE_CIR_EDITOR')" />
<intercept-url pattern="/faces/auditLog**"
access="hasAuthority('ROLE_CIR_AUTHORISER')" />
<intercept-url pattern="/faces/enquiry**"
access="hasAnyRole('ROLE_CIR_EDITOR','ROLE_CIR_AUTHORISER','ROLE_CIR_XXXOPS')" />
<intercept-url pattern="/faces/changePassword**"
access="hasAnyRole('ROLE_CIR_EDITOR','ROLE_CIR_AUTHORISER','ROLE_CIR_XXXOPS')" />
<intercept-url pattern="/faces/dashboard**" access="ROLE_CIR_XXXOPS" />
<intercept-url pattern="/resources**" access="permitAll" />
<intercept-url pattern="/faces/javax.faces.resource**" access="permitAll" />
<logout logout-url="/logout" logout-success-url="https://localhost:7002/cas/logout" />
</http>
<beans:bean id="serviceProperties"
class="org.springframework.security.cas.ServiceProperties">
<beans:property name="service"
value="https://localhost:7002/cir/j_spring_cas_security_check" />
<beans:property name="sendRenew" value="false" />
</beans:bean>
<beans:bean id="casAuthenticationEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<beans:property name="loginUrl" value="https://localhost:7002/cas/login" />
<beans:property name="serviceProperties" ref="serviceProperties" />
</beans:bean>
<beans:bean id="casAuthenticationFilter"
class="org.springframework.security.cas.web.CasAuthenticationFilter">
<beans:property name="authenticationManager" ref="casAuthenticationManager" />
</beans:bean>
<authentication-manager alias="casAuthenticationManager">
<authentication-provider ref="casAuthenticationProvider" />
</authentication-manager>
<beans:bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<beans:property name="serviceProperties" ref="serviceProperties" />
<beans:property name="ticketValidator" ref="ticketValidator" />
<beans:property name="authenticationUserDetailsService"
ref="authenticationUserDetailsService" />
<beans:property name="key" value="cir" />
</beans:bean>
<beans:bean id="ticketValidator"
class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<beans:constructor-arg index="0"
value="https://localhost:7002/cas">
</beans:constructor-arg>
</beans:bean>
<beans:bean id="authenticationUserDetailsService"
class="XXX.cir.cas.authentication.XXXCasAuthenticationUserDetailsService" />
</beans:beans>
I am able to get the Ldap roles, username in JSF managed bean by this way but not country
SecurityContext ctx = SecurityContextHolder.getContext();
UserDetails userDetails = (UserDetails)ctx.getAuthentication().getPrincipal();
System.out.println("Role of the ldaper : " + ctx.getAuthentication().getAuthorities());
String userRole = ctx.getAuthentication().getAuthorities();
I haven't used Spring Security but one option could be AttributeRepository in order to get attributes directly from cas instead of retrieving from your application. You can add an attributeRepository to your deployerContext (bean authenticationManager, property credentialsToPrincipalResolvers:
<bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
p:attributeRepository-ref="attributeRepository"/>
And the following beans:
<bean id="attributeRepository" parent="baseAttributeRepository">
<property name="personAttributeDaos">
<list>
<ref local="ldapAttributesByUid" />
</list>
</property>
</bean>
<bean id="ldapAttributesByUid" parent="baseLdapAttributeRepository"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<property name="queryAttributeMapping">
<map>
<entry key="username" value="uid" />
</map>
</property>
</bean>
<bean id="baseLdapAttributeRepository" abstract="true"
p:contextSource-ref="contextSource"
p:baseDN="o=xxxxxx,dc=xxxxx"
p:requireAllQueryAttributes="true">
<property name="resultAttributeMapping">
<map>
<entry key="accountState" value="accountState" />
<entry key="authId">
<list>
<value>authId</value>
<value>Formatted Name</value>
</list>
</entry>
<entry key="groupMembership" value="groupMembership" />
<entry key="uid" value="uid" />
<entry key="sn" value="sn" />
<entry key="sn2" value="sn2" />
<entry key="givenName" value="givenName" />
</map>
</property>
</bean>
AFAIK, bear in mind that SAML must be used instead of CAS Protocol. More info at https://wiki.jasig.org/display/CASUM/Attributes
Hope this helps
hi actually springbatch jobrepository uses jdbctemplate for the CRUD operations of springbatch metadata
and my requirement is to replace jdbctemplate with jpa and do the crud operations...
the actual configuration of springbatch job repository is as follows...
can anyone kindly help regarding this issue...i searched alot but got nothing......
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3307/test" />
<property name="username" value="root" />
<property name="password" value="root" />
</bean>
<!-- create job-meta tables automatically -->
<jdbc:initialize-database data-source="jobRepository-dataSource">
<jdbc:script location="classpath:/org/springframework/batch/core/schema-drop-mysql.sql" />
<jdbc:script location="classpath:/org/springframework/batch/core/schema-mysql.sql" />
</jdbc:initialize-database>
<bean id="transactionManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager"
lazy-init="true">
<property name="dataSource" ref="jobRepository-dataSource" />
</bean>
<bean id="jobRepository-transactionManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager"
lazy-init="true">
<property name="dataSource" ref="jobRepository-dataSource" />
</bean>
<bean id="jobRepository" class="org.springframework.batch.core.repository.support.JobRepositoryFactoryBean" >
<property name="dataSource" ref="jobRepository-dataSource" />
<property name="transactionManager" ref="jobRepository-transactionManager" />
<property name="databaseType" value="mysql" />
<property name="isolationLevelForCreate" value="ISOLATION_DEFAULT" />
<property name="tablePrefix" value="batch_" />
</bean>
<bean id="jobLauncher"
class="org.springframework.batch.core.launch.support.SimpleJobLauncher">
<property name="jobRepository" ref="jobRepository" />
</bean>
<bean id="jobExplorer"
class="org.springframework.batch.core.explore.support.JobExplorerFactoryBean"
p:dataSource-ref="jobRepository-dataSource" p:tablePrefix="batch_" />
<bean id="jobRegistryBeanPostProcessor"
class="org.springframework.batch.core.configuration.support.JobRegistryBeanPostProcessor">
<property name="jobRegistry" ref="jobRegistry" />
</bean>
<bean id="jobRegistry" class="org.springframework.batch.core.configuration.support.MapJobRegistry" />
<bean id="jobOperator" class="org.springframework.batch.core.launch.support.SimpleJobOperator">
<property name="jobRepository" ref="jobRepository" />
<property name="jobLauncher" ref="jobLauncher" />
<property name="jobRegistry" ref="jobRegistry" />
<property name="jobExplorer" ref="jobExplorer" />
</bean>
I am trying to move a Spring Web Project using LDAP for Authentication and Authorities to Spring and CAS. My project was working great using LDAP but now I have to use CAS.. Once I changed the XML file everything stopped.
XML using LDAP:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xmlns:jee="http://www.springframework.org/schema/jee"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/jdbc
http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/jee
http://www.springframework.org/schema/jee/spring-jee-3.1.xsd
"
xmlns="http://www.springframework.org/schema/security">
<http auto-config="true" use-expressions="true">
<intercept-url access="hasRole('ROLE_MEMBER_INQUIRY')"
pattern="/requests/**" />
<form-login default-target-url="/requests/add.html" />
</http>
<authentication-manager>
<ldap-authentication-provider
user-search-base="ou=webusers" user-search-filter="(uid={0})">
<password-compare>
<password-encoder ref="passwordEncoder">
</password-encoder>
</password-compare>
</ldap-authentication-provider>
</authentication-manager>
<beans:bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder">
</beans:bean>
<beans:bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<beans:constructor-arg
value="ldaps://dvldap01.uftwf.dev:636/dc=uftwf,dc=dev" />
<beans:property name="userDn" value="cn=Manager,dc=uftwf,dc=dev" />
<beans:property name="password" value="uftwf" />
</beans:bean>
<beans:bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="contextSource" />
<beans:property name="userDnPatterns">
<beans:list>
<beans:value>
uid={0},ou=webusers
</beans:value>
</beans:list>
</beans:property>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource" />
<beans:constructor-arg value="ou=groups" />
<beans:property name="groupRoleAttribute" value="ou" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<ldap-server url="ldaps://dvldap01.uftwf.dev:636/dc=uftwf,dc=dev" />
<beans:bean id="propertyConfigurer"
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<beans:property name="location" value="classpath:jdbc.properties2" />
</beans:bean>
<beans:bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
> <beans:property name="driverClassName" value="${database.driver}" /> <beans:property
name="url" value="${database.url}" /> <beans:property name="username" value="${database.user}"
/> <beans:property name="password" value="${database.password}" /> <beans:property
name="initialSize" value="5" /> <beans:property name="maxActive" value="10"
/> </beans:bean>
<!--
<beans:bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"
> <beans:property name="driverClassName" value="${database.driver}" /> <beans:property
name="url" value="${database.url}" /> <beans:property name="username" value="${database.user}"
/> <beans:property name="password" value="${database.password}" /> <beans:property
name="initialSize" value="5" /> <beans:property name="maxActive" value="10"
/> </beans:bean>
<jee:jndi-lookup id="dataSourcejndi" jndi-name="dataSourcejndi"
lookup-on-startup="false" proxy-interface="javax.sql.DataSource"
cache="true" resource-ref="true" />
<beans:bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean"
lazy-init="true">
<beans:property name="dataSource" ref="dataSourcejndi" />
</beans:bean>
<beans:bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<beans:property name="jndiName" value="java:dataSourcejndi" />
</beans:bean>
<beans:bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<beans:property name="jndiName" value="java:comp/env/jdbc/mi"/>
</beans:bean>
<mvc:annotation-driven />
-->
<!-- <beans:bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<beans:property name="jndiName" value="java:dataSourcejndi" />
</beans:bean>
-->
</beans:beans>
XML using CAS:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url access="hasRole('ROLE_MEMBER_INQUIRY')"
pattern="/requests/**" />
<form-login default-target-url="/requests/add.html" />
</http>
<bean id="securityFilter" class="org.springframework.security.util.FilterChainProxy">
<sec:filter-chain-map path-type="ant">
<sec:filter-chain pattern="/images/**" filters="channelProcessingFilter"/>
<sec:filter-chain pattern="/css/**" filters="channelProcessingFilter"/>
<sec:filter-chain pattern="/js/**" filters="channelProcessingFilter"/>
<sec:filter-chain pattern="/403.jsp" filters="channelProcessingFilter"/>
<sec:filter-chain pattern="/404.jsp" filters="channelProcessingFilter"/>
<sec:filter-chain pattern="/error.jsp" filters="channelProcessingFilter"/>
<sec:filter-chain pattern="/**/cas/changePassword.htm*" filters="channelProcessingFilter"/>
<sec:filter-chain pattern="/**/cas/login.htm*" filters="channelProcessingFilter"/>
<sec:filter-chain pattern="/**/cas/passwordExpired.htm*" filters="channelProcessingFilter"/>
<sec:filter-chain pattern="/**/*.html*" filters="channelProcessingFilter"/>
<sec:filter-chain pattern="/**"
filters="channelProcessingFilter,httpSessionContextIntegrationFilter,logoutFilter,casSingleSignOutFilter,casProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor"/>
</sec:filter-chain-map>
</bean>
<!-- this is what hooks up the CAS entry point -->
<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref local="casProcessingFilterEntryPoint"/>
</property>
</bean>
<!-- where do I go when I need authentication from CAS-->
<bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint">
<property name="loginUrl" value="https://dvjvm11.uftwf.dev:8443/cas-server-webapp/login"/>
<property name="serviceProperties" ref="serviceProperties"/>
</bean>
<!-- defines which roles are allowed to access http resources -->
<bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
**=ROLE_ALLOWED_ROLES_HERE
</value>
</property>
</bean>
<!-- hooks up CAS ticket validator and user details loader -->
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="casAuthenticationProvider"/>
</list>
</property>
</bean>
<!-- supporting class for filterInvocationInterceptor -->
<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false"/>
<property name="decisionVoters">
<list>
<ref local="roleVoter"/>
</list>
</property>
</bean>
<bean id="roleVoter" class="org.springframework.security.vote.RoleVoter">
<property name="rolePrefix" value=""/>
</bean>
<!-- setup method level security using annotations -->
<sec:global-method-security jsr250-annotations="enabled" secured-annotations="enabled"/>
<alias name="authenticationManager" alias="_authenticationManager"/>
<bean id="passwordEncoder" class="org.springframework.security.providers.encoding.ShaPasswordEncoder"/>
<!-- which service (application) am I authenticating -->
<bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties">
<property name="service" value="https://dvjvm11.uftwf.dev:8443/cas-server-webapp/j_spring_cas_security_check"/>
<property name="sendRenew" value="false"/>
</bean>
<!-- handles a logout request from the CAS server -->
<bean id="casSingleSignOutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
<!-- performs CAS authentication -->
<bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureUrl" value="/403.jsp"/>
<property name="alwaysUseDefaultTargetUrl" value="false"/>
<property name="defaultTargetUrl" value="/"/>
</bean>
<!-- Does the CAS ticket validation and user details loading -->
<bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
<property name="userDetailsService" ref="pickYourUserDetailsServiceImplementation"/>
<property name="serviceProperties" ref="serviceProperties"/>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="https://dvjvm11.uftwf.dev:8443/cas-server-webapp/"/>
</bean>
</property>
<property name="key" value="my_password_for_this_auth_provider_only"/>
</bean>
<!-- Log failed authentication attempts to commons-logging -->
<bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener"/>
<bean id="httpSessionContextIntegrationFilter"
class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>
<bean id="securityContextHolderAwareRequestFilter"
class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"/>
<!-- ===================== SSL SWITCHING ==================== -->
<bean id="channelProcessingFilter" class="org.springframework.security.securechannel.ChannelProcessingFilter">
<property name="channelDecisionManager" ref="channelDecisionManager"/>
<property name="filterInvocationDefinitionSource">
<value>
PATTERN_TYPE_APACHE_ANT
**=REQUIRES_SECURE_CHANNEL
</value>
</property>
</bean>
<bean id="channelDecisionManager" class="org.springframework.security.securechannel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<bean class="org.springframework.security.securechannel.SecureChannelProcessor">
<property name="entryPoint" ref="channelEntryPoint"/>
</bean>
<bean class="org.springframework.security.securechannel.InsecureChannelProcessor">
<property name="entryPoint" ref="channelEntryPoint"/>
</bean>
</list>
</property>
</bean>
<bean id="channelEntryPoint" class="org.springframework.security.securechannel.RetryWithHttpsEntryPoint">
<property name="portMapper" ref="portMapper"/>
</bean>
<bean id="portMapper" class="org.springframework.security.util.PortMapperImpl">
<property name="portMappings">
<map>
<entry key="80" value="443"/>
<entry key="8080" value="8443"/>
<entry key="5580" value="5543"/>
</map>
</property>
</bean>
<!-- Invoked when the user clicks logout -->
<bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
<!-- URL redirected to after logout success -->
<constructor-arg value="https://dvjvm11.uftwf.dev:8443/cas-server-webapp/logout"/>
<constructor-arg>
<list>
<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler">
<property name="invalidateHttpSession" value="false"/>
</bean>
</list>
</constructor-arg>
</bean>
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource"> <property name="driverClassName" value="${database.driver}" /> <property
name="url" value="${database.url}" /> <property name="username" value="${database.user}"
/> <property name="password" value="${database.password}" /> <property
name="initialSize" value="5" /> <property name="maxActive" value="10"
/> </bean>
</beans>
can someone please tell me why everything stopped working
I'm not really sure why you use securityFilter and http tags. We use it like this
<http use-expressions="true"
request-matcher="ciRegex"
auto-config="false"
disable-url-rewriting="true"
access-denied-page="/denied.page"
entry-point-ref="casProcessingFilterEntryPoint">
[..]
<intercept-url
pattern="/.*"
access="isAuthenticated()" />
[..]
<custom-filter ref="casSingleSignOutFilter" before="CAS_FILTER" />
<custom-filter ref="casAuthenticationFilter" after="CAS_FILTER" />
<custom-filter ref="sessionRegistryFixFilter" after="SESSION_MANAGEMENT_FILTER" />
<logout invalidate-session="true"
logout-success-url="{cas.url}/logout?service=[..]" />
</http>
Andd this redirects your calls (if you request somethig that is actually behind an "isAuthenticated()" clause) to the CAS server.
And from that point on it works like described here