search

Unicon / cas-client-autoconfig-support

Annotation-based configuration support for Apereo CAS Java clients
Apache License 2.0
165 stars 73 forks source link

Any chance of including support for Spring Security? #6

Closed cm325 closed 8 years ago

cm325 commented 8 years ago

This certainly seems like the way to go for Spring Boot apps, but I think most people are going to want integration with Spring Security (I sure do!)

dima767 commented 8 years ago

Spring Security does have the CAS support, doesn't it? What would you like to see?

cm325 commented 8 years ago

Well, an example of tying it all together. I'm following instructions like this - https://objectpartners.com/2014/05/20/configuring-spring-security-cas-providers-with-java-config/

I'm wondering what I would need to finish, so I can just use @PreAuthorize, @AuthenticationPrincipal, etc-

On Tue, Jul 12, 2016 at 3:08 PM, Dmitriy Kopylenko <notifications@github.com

wrote:

Spring Security does have the CAS support, doesn't it? What would you like to see?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Unicon/cas-client-autoconfig-support/issues/6#issuecomment-232147987, or mute the thread https://github.com/notifications/unsubscribe/ABaeDYDGFLNz_9w5W_8uof6w1GWW69WPks5qU-Y-gaJpZM4JKuEY .

dima767 commented 8 years ago

I'm afraid that'd be beyond the scope of this project. May ba open an issue to provide something simple for CAS with Spring Security guys would be more appropriate.

charitharumapperuma commented 8 years ago

Following up with the original question, if I want to use org.springframework.security.cas.web.CasAuthenticationFilter instead of org.jasig.cas.client.authentication.AuthenticationFilter which is used in this module, how can I achieve this?

Following is what I've tried so far by collecting from here and there, which does not work obviously. ` @Override public void configureAuthenticationFilter(FilterRegistrationBean authenticationFilter) { LOG.info("configureAuthenticationFilter");

    CasAuthenticationFilter filter = new CasAuthenticationFilter();
    filter.setAuthenticationManager(authentication -> authentication);
    filter.setSessionAuthenticationStrategy(new SessionFixationProtectionStrategy());
    filter.setProxyGrantingTicketStorage(new ProxyGrantingTicketStorageImpl());
    filter.setFilterProcessesUrl(this.casClientFilterProcessUrl);
    filter.setProxyReceptorUrl(this.casProxyReceptor);

    Map<String, String> initParams = new HashMap<>(2);
    initParams.put("casServerLoginUrl", this.casServerLoginUrl);
    initParams.put("serverName", this.clientHostUrl);

    List urlPatterns = new ArrayList();
    // TODO: 7/22/2016 add url patterns (if any)

    authenticationFilter.setFilter(filter);
    authenticationFilter.setOrder(2);
    authenticationFilter.setInitParameters(initParams);
    if (urlPatterns.size() > 0) {
        authenticationFilter.setUrlPatterns(urlPatterns);
    }
}

`

My final goal is to store authentication in spring SecureContext. At the moment library supports storing Principal object. But I would prefer a org.jasig.cas.client.validation.Assertion object instead.

dima767 commented 8 years ago

As mentioned earlier, this library simply deals with pure CAS Java client, and Spring Security is beyond its scope.