Closed cm325 closed 8 years ago
Spring Security does have the CAS support, doesn't it? What would you like to see?
Well, an example of tying it all together. I'm following instructions like this - https://objectpartners.com/2014/05/20/configuring-spring-security-cas-providers-with-java-config/
I'm wondering what I would need to finish, so I can just use @PreAuthorize, @AuthenticationPrincipal, etc-
On Tue, Jul 12, 2016 at 3:08 PM, Dmitriy Kopylenko <notifications@github.com
wrote:
Spring Security does have the CAS support, doesn't it? What would you like to see?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Unicon/cas-client-autoconfig-support/issues/6#issuecomment-232147987, or mute the thread https://github.com/notifications/unsubscribe/ABaeDYDGFLNz_9w5W_8uof6w1GWW69WPks5qU-Y-gaJpZM4JKuEY .
I'm afraid that'd be beyond the scope of this project. May ba open an issue to provide something simple for CAS with Spring Security guys would be more appropriate.
Following up with the original question, if I want to use org.springframework.security.cas.web.CasAuthenticationFilter
instead of org.jasig.cas.client.authentication.AuthenticationFilter
which is used in this module, how can I achieve this?
Following is what I've tried so far by collecting from here and there, which does not work obviously. ` @Override public void configureAuthenticationFilter(FilterRegistrationBean authenticationFilter) { LOG.info("configureAuthenticationFilter");
CasAuthenticationFilter filter = new CasAuthenticationFilter();
filter.setAuthenticationManager(authentication -> authentication);
filter.setSessionAuthenticationStrategy(new SessionFixationProtectionStrategy());
filter.setProxyGrantingTicketStorage(new ProxyGrantingTicketStorageImpl());
filter.setFilterProcessesUrl(this.casClientFilterProcessUrl);
filter.setProxyReceptorUrl(this.casProxyReceptor);
Map<String, String> initParams = new HashMap<>(2);
initParams.put("casServerLoginUrl", this.casServerLoginUrl);
initParams.put("serverName", this.clientHostUrl);
List urlPatterns = new ArrayList();
// TODO: 7/22/2016 add url patterns (if any)
authenticationFilter.setFilter(filter);
authenticationFilter.setOrder(2);
authenticationFilter.setInitParameters(initParams);
if (urlPatterns.size() > 0) {
authenticationFilter.setUrlPatterns(urlPatterns);
}
}
`
My final goal is to store authentication in spring SecureContext
. At the moment library supports storing Principal object. But I would prefer a org.jasig.cas.client.validation.Assertion
object instead.
As mentioned earlier, this library simply deals with pure CAS Java client, and Spring Security is beyond its scope.
This certainly seems like the way to go for Spring Boot apps, but I think most people are going to want integration with Spring Security (I sure do!)