Colin,
When you say '/login/cas', are you talking about the CAS server login page?
Try '/cas/login'.
Ray
On Mon, 2020-01-20 at 12:29 -0500, Colin Ryan wrote:
Folks
Sorry to go so far backwards. But in moving forward with some odd requirements
I've had to go back to first principle code and am having problems with the
basics.
My understanding is that Spring defaults to "/login/cas" now as being the URL
for the CasFilter, as such the application doesn't actually have to have a
Handler for "/login/cas" as it's simply getting picked up by the filter.
Assuming this is correct, for some reason my straw-man code appears to not be
creating/inserting the CasAuthenticationFilter into the Filter Chain.
My code is all stock sample code.
* Service Bean
* Entry Point Bean returning a CasAuthenticationEntryPoint that has the Service
Bean assigned.
* The following is the security config.
@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private AuthenticationProvider authenticationProvider;
private CasAuthenticationEntryPoint authenticationEntryPoint;
private SingleSignOutFilter singleSignOutFilter;
private LogoutFilter logoutFilter;
private ServiceProperties serviceProperties;
@Autowired
public SecurityConfig(CasAuthenticationProvider casAuthenticationProvider,
CasAuthenticationEntryPoint eP,
LogoutFilter lF
, SingleSignOutFilter ssF,ServiceProperties sP
) {
this.authenticationProvider = casAuthenticationProvider;
this.authenticationEntryPoint = eP;
this.logoutFilter = lF;
this.singleSignOutFilter = ssF;
this.serviceProperties = sP;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.regexMatchers("/secured.*", "/login")
.authenticated()
.and()
.authorizeRequests()
.regexMatchers("/")
.permitAll()
.and()
.httpBasic()
.authenticationEntryPoint(authenticationEntryPoint)
.and()
.logout().logoutSuccessUrl("/logout")
.and()
.addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class)
.addFilterBefore(logoutFilter, LogoutFilter.class)
;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws
Exception {
auth.authenticationProvider(authenticationProvider);
}
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return new ProviderManager(Arrays.asList(authenticationProvider));
}
@Bean
public CasAuthenticationFilter casAuthenticationFilter(ServiceProperties
sP) throws Exception {
CasAuthenticationFilter filter = new CasAuthenticationFilter();
filter.setServiceProperties(sP);
filter.setAuthenticationManager(authenticationManager());
filter.setFilterProcessesUrl("/login/cas");
return filter;
}
}
The application will intercept anything that is accessed behind the
authenticated() filter.
However any calls to "/login/cas" give a 404 error. It appears that the filter
isn't "there" and my application in turn is complaining that I simply don't
have a handler for the "/login/cas" path. My SingleSignOutFilter works via
"/logout/cas"
Obviously the issue is that when the callbacks from CAS come they fail as the
application isn't providing the typical interfaces on the "/login/cas" path.
Any idea's. I've debugged and stepped through the application as it's building
the security configuration and as far as I can tell the CasAuthenticationFilter
is never getting put into the filter chain.
I haven't attached all the other code bits, but as I said they are "stock". In
debugging all the values in the stack make sense etc etc.
Colin
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]<mailto:[email protected]>
I respectfully acknowledge that my place of work is located within the
ancestral, traditional and unceded territory of the Songhees, Esquimalt and
WSÁNEĆ Nations.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b017be33043f8982f6703206c789fb3b68777e8e.camel%40uvic.ca.
