GrantedAuthoritiesFromAssertionAttributesWithDefaultRolesUserDetailsService roles String[] data

kakawait / cas-security-spring-boot-starter

Spring boot starter for Apereo CAS client fully integrated with Spring security

MIT License

153 stars 45 forks source link

GrantedAuthoritiesFromAssertionAttributesWithDefaultRolesUserDetailsService roles String[] data #70

Closed liyiorg closed 6 years ago

liyiorg commented 6 years ago

The user "userc" has two role "a" and "c" with CAS ticket back data [a,c],but the GrantedAuthoritiesFromAssertionAttributesWithDefaultRolesUserDetailsService set user roles "ROLEUSER" and "ROLE[a,c]" .

How can I define the returned XML data field to support Collection? Or improve GrantedAuthoritiesFromAssertionAttributesWithDefaultRolesUserDetailsService support "[ROLE_A,ROLE_B]" 、"ROLE_A,ROLE_B" string data. thanks!

CAS Cas30ProxyTicketValidator back data

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
    <cas:authenticationSuccess>
        <cas:user>testc</cas:user>
        <cas:attributes>
            <cas:longTermAuthenticationRequestTokenUsed>false
            </cas:longTermAuthenticationRequestTokenUsed>
            <cas:isFromNewLogin>true</cas:isFromNewLogin>
            <cas:authenticationDate>Fri Jan 05 15:12:03 CST 2018
            </cas:authenticationDate>
            <cas:roles>[a, c]</cas:roles>
            <cas:userid>1</cas:userid>
            <cas:username>testc</cas:username>
        </cas:attributes>
    </cas:authenticationSuccess>
</cas:serviceResponse>

kakawait commented 6 years ago

From what I read here

https://groups.google.com/forum/#!topic/jasig-cas-user/Ir9rcCuPgz4 https://issues.jasig.org/browse/CAS-1283

It seems that XML should be more like

<cas:authenticationSuccess>
    <cas:user>testc</cas:user>
    <cas:attributes>        
      <cas:longTermAuthenticationRequestTokenUsed>false</cas:longTermAuthenticationRequestTokenUsed>
      <cas:isFromNewLogin>true</cas:isFromNewLogin>
      <cas:authenticationDate>Fri Jan 05 14:40:59 CST 2018</cas:authenticationDate>
      <cas:role>a</cas:role>
      <cas:role>c</cas:role>
      <cas:userid>1</cas:userid>
      <cas:username>testc</cas:username>
  </cas:attributes>
</cas:authenticationSuccess>

But even with that format I not sure that GrantedAuthoritiesFromAssertionAttributesWithDefaultRolesUserDetailsService will work.

Anyway you can define your own AbstractCasAssertionUserDetailsService by creating a bean of AbstractCasAssertionUserDetailsService

kakawait commented 6 years ago

@liyiorg what did you do finaly to solve your issue?

liyiorg commented 6 years ago

@kakawait I am change cas response xml data. use you say xml data format

<cas:authenticationSuccess>
    <cas:user>testc</cas:user>
    <cas:attributes>        
      <cas:longTermAuthenticationRequestTokenUsed>false</cas:longTermAuthenticationRequestTokenUsed>
      <cas:isFromNewLogin>true</cas:isFromNewLogin>
      <cas:authenticationDate>Fri Jan 05 14:40:59 CST 2018</cas:authenticationDate>
      <cas:role>a</cas:role>
      <cas:role>c</cas:role>
      <cas:userid>1</cas:userid>
      <cas:username>testc</cas:username>
  </cas:attributes>
</cas:authenticationSuccess>