I was able to figure out my problem. I was missing an
AutoIntegrationFilter bean. It now works.
Thanks!
Scott Battaglia
Application Developer, New Technology Group
Enterprise Systems and Services
Rutgers University Computing Services
Rutgers, the State University of New Jersey
email: [EMAIL PROTECTED]
voice: 732.445.0097
fax: 732.445.5493
Scott Battaglia wrote:
Hi,
I've just started working with Acegi and CAS and I'm finding it very
easy and powerful. However, I've come upon something that's confusing
me. I set up my application so that any URL ending with .app forces
requires authentication. It properly redirects to CAS for
authentication but when it goes to the j_acegi_cas_security_check page
it gets redirected back to CAS. Does anyone know why this occurs?
I'm assuming I have some stupid config error that I missed therefore
I'm attaching my securityContext.xml.
Thanks in advance for your help!
-Scott
------------------------------------------------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd";>
<beans>
<!-- =========================================================== -->
<!-- SINGLE SIGN ON USING ACEGI AND CAS -->
<!-- =========================================================== -->
<bean id="serviceProperties"
class="net.sf.acegisecurity.ui.cas.ServiceProperties">
<property
name="service"><value>https://acsdev12.rutgers.edu/hrinfo/j_acegi_cas_security_check</value></property>
<property name="sendRenew"><value>false</value></property>
</bean>
<bean id="casProcessingFilter"
class="net.sf.acegisecurity.ui.cas.CasProcessingFilter">
<property name="authenticationManager"><ref bean="authenticationManager"
/></property>
<property
name="authenticationFailureUrl"><value>/casfailed.jsp</value></property>
<property name="defaultTargetUrl"><value>/</value></property>
<property
name="filterProcessesUrl"><value>/j_acegi_cas_security_check</value></property>
</bean>
<bean id="casProcessingFilterEntryPoint"
class="net.sf.acegisecurity.ui.cas.CasProcessingFilterEntryPoint">
<property
name="loginUrl"><value>https://www.acst2.rutgers.edu:8889/cas/login</value></property>
<property name="serviceProperties"><ref bean="serviceProperties"
/></property>
</bean>
<bean id="authenticationManager"
class="net.sf.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="casAuthenticationProvider" />
</list>
</property>
</bean>
<bean id="casAuthenticationProvider"
class="net.sf.acegisecurity.providers.cas.CasAuthenticationProvider">
<property name="casAuthoritiesPopulator"><ref bean="casAuthoritiesPopulator"
/></property>
<property name="casProxyDecider"><ref bean="casProxyDecider"
/></property>
<property name="ticketValidator"><ref bean="casProxyTicketValidator"
/></property>
<property name="statelessTicketCache"><ref bean="statelessTicketCache"
/></property>
<property
name="key"><value>my_password_for_this_auth_provider_only</value></property>
</bean>
<bean id="casProxyTicketValidator"
class="net.sf.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator">
<property
name="casValidate"><value>https://www.acst2.rutgers.edu:8889/cas/serviceValidate</value></property>
<property name="serviceProperties"><ref bean="serviceProperties"
/></property>
</bean>
<bean id="statelessTicketCache"
class="net.sf.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache">
<property name="minutesToIdle"><value>20</value></property>
</bean>
<bean id="casAuthoritiesPopulator"
class="net.sf.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator">
<property name="authenticationDao"><ref bean="authenticationDao"
/></property>
</bean>
<bean id="casProxyDecider"
class="net.sf.acegisecurity.providers.cas.proxy.RejectProxyTickets" />
<!-- <bean id="authenticationDao"
class="edu.rutgers.acs.hrinfo.dao.support.InMemoryAuthenticationDao" />-->
<bean id="authenticationDao"
class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
<property name="userMap">
<value>
battags=PASSWORD_NOT_USED,ROLE_SUPER_USER
beeky=PASSWORD_NOT_USED,ROLE_SUPER_USER
</value>
</property>
</bean>
<bean id="securityEnforcementFilter"
class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
<property name="filterSecurityInterceptor"><ref
bean="filterInvocationInterceptor"/></property>
<property name="authenticationEntryPoint"><ref
bean="casProcessingFilterEntryPoint"/></property>
</bean>
<bean id="filterInvocationInterceptor"
class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"><ref
bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref
bean="httpRequestAccessDecisionManager"/></property>
<property name="runAsManager"><ref bean="runAsManager"/></property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/.*.app\Z=ROLE_SUPER_USER
</value>
</property>
</bean>
<bean id="runAsManager" class="net.sf.acegisecurity.runas.RunAsManagerImpl">
<property name="key"><value>my_run_as_password</value></property>
</bean>
<bean id="httpRequestAccessDecisionManager"
class="net.sf.acegisecurity.vote.AffirmativeBased">
<property
name="allowIfAllAbstainDecisions"><value>false</value></property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter"/>
</list>
</property>
</bean>
<bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter" />
<!-- ===================== HTTP CHANNEL REQUIREMENTS ==================== -->
<bean id="channelProcessingFilter"
class="net.sf.acegisecurity.securechannel.ChannelProcessingFilter">
<property name="channelDecisionManager"><ref
bean="channelDecisionManager"/></property>
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/.*\Z=REQUIRES_SECURE_CHANNEL
\A/j_acegi_cas_security_check.*\Z=REQUIRES_SECURE_CHANNEL
</value>
</property>
</bean>
<bean id="channelDecisionManager"
class="net.sf.acegisecurity.securechannel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<ref bean="secureChannelProcessor"/>
<ref bean="insecureChannelProcessor"/>
</list>
</property>
</bean>
<bean id="secureChannelProcessor" class="net.sf.acegisecurity.securechannel.SecureChannelProcessor"/>
<bean id="insecureChannelProcessor" class="net.sf.acegisecurity.securechannel.InsecureChannelProcessor"/>
</beans>
-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
