(1) You might want to double-check your HTTPS setup. For app-to-app HTTPS
calls it is key that your server trust its own self-signed certificates.
Otherwise you'll be able to get to apps via HTTPS but app-to-app calls will
fail.
(2) I see quite a few differences between your config and mine. I don't know
enough to tell you what is wrong, and mine might have non-fatal errors, but
since it works... here it is. I hope it helps.
Once you are successful, if you are comfortable enough with the answer (I am
not quite happy with mine - I hate the absolute URLs that I use because they
require changing when I deploy to other boxes), you might consider adding it to
the Wiki.
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Spring Security configuration
- (SSO via CAS and LDAP to Active Directory)
-->
<beans
xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:p="http://www.springframework.org/schema/p";
xmlns:tx="http://www.springframework.org/schema/tx";
xmlns:security="http://www.springframework.org/schema/security";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.4.xsd";>
<security:http entry-point-ref="casProcessingFilterEntryPoint">
<security:intercept-url pattern="/index.jsp"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/loginfailed.jsp"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/css/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/images/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/**" access="ROLE_MYROLE" />
<security:anonymous/>
<!-- security:logout logout-success-url="/loggedout.jsp"/ -->
<security:logout
logout-success-url="https://myHostname:8443/cas/logout"/>
</security:http>
<security:authentication-manager alias="casAuthenticationManager" />
<bean id="serviceProperties"
class="org.springframework.security.ui.cas.ServiceProperties"
p:service="https://myHostname:8443/MatchedInvoices/j_spring_cas_security_check";
p:sendRenew="false" />
<bean id="casProcessingFilter"
class="org.springframework.security.ui.cas.CasProcessingFilter"
p:authenticationManager-ref="casAuthenticationManager"
p:authenticationFailureUrl="/loginfailed.jsp"
p:alwaysUseDefaultTargetUrl="false"
p:filterProcessesUrl="/j_spring_cas_security_check"
p:defaultTargetUrl="/" >
<security:custom-filter after="CAS_PROCESSING_FILTER" />
</bean>
<bean id="casProcessingFilterEntryPoint"
class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint"
p:loginUrl="https://myHostname:8443/cas/login";
p:serviceProperties-ref="serviceProperties" />
<bean id="casAuthenticationProvider"
class="org.springframework.security.providers.cas.CasAuthenticationProvider"
p:key="my_password_for_this_auth_provider_only"
p:serviceProperties-ref="serviceProperties"
p:userDetailsService-ref="userDetailsService">
<security:custom-authentication-provider />
<property name="ticketValidator">
<bean
class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0"
value="https://myHostname:8443/cas"; />
</bean>
</property>
</bean>
<bean id="userDetailsService"
class="myPackage.MyMultiAuthorizationUserDetailService" >
<property name="roleServices">
<list>
<bean id="ldapRoleService"
class="myPackage.MyLdapRoleService" />
<ref bean="beanRoleService" />
</list>
</property>
</bean>
<bean id="beanRoleService"
class="myPackage.MyBeanRoleService">
<property name="users">
<list>
<bean class="myPackage.MyUserRoleNames"
p:username="username1" p:roleString="ROLE_ONE, ROLE_THREE" />
<bean class=" myPackage.MyUserRoleNames "
p:username="username2" p:roleString="ROLE_ONE, ROLE_TWO " />
</list>
</property>
</bean>
</beans>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
