search

spring-projects / spring-boot

Spring Boot helps you to create Spring-powered, production-grade applications and services with absolute minimum fuss.
https://spring.io/projects/spring-boot
Apache License 2.0
75.23k stars 40.7k forks source link

Add CAS autoconfiguration support #2530

Closed eddumelendez closed 6 years ago

eddumelendez commented 9 years ago

CAS (Central Authentication Service) has had integration with spring for a long time. It would be great to add the CasAutoConfiguration.

rwinch commented 9 years ago

I think the other thing we need to consider is that there is not explicit Java Configuration support for CAS at the moment. So this is likely being blocked by SEC-2866.

It's not that we don't want to add Java Config DSL for CAS, but more of a lack of resources.

eddumelendez commented 9 years ago

Unicorn has added cas-client-autoconfig-support project which intent to integrate with spring-boot. I think that could be merged inside the spring-boot project to be supported in a native way after talk with the author.

It is feasible to include this in spring-boot or spring-security projects?

kakawait commented 7 years ago

I didn't try cas-client-autoconfig-support by myself (thus following is may wrong, please correct me if relevant), but it seems to be not using Spring Security and simply init Filter from Apereo CAS client.

Can be enough for some use case, but I truly think if something should be integrated to Spring boot should be Spring Security way in order to be compliant with other part of Spring Security autoconfiguration and/or starter.

Other point from @rwinch about SEC-2866, today Spring Security CAS can be successfully configured using JavaConfig thus what's the main purpose of that issue except provided sample on documentation?

Or maybe you're talking about XML DSL, but if yes I don't think is blocking issue for Spring Boot integration.

The real question I think is: does anyone really care about CAS auth in Spring-boot in 2017? I can't respond, but issue was created on 2015 and no much activities (I said that even if I personally need such integration because our enterprise is using CAS and I have no choice).

I'm actually already integrated Spring Security CAS on Spring Boot (even more in a Spring Cloud Security project, I mean a @EnableAuthorizationServer that authenticate through CAS and then convert and authorize using OAuth2) but is hardly linked on my source code. I will try to create a generic spring boot starter. I will keep you in touch (if you want to discuss, you can ping me on gitter)

kakawait commented 7 years ago

As promised here my cas security spring boot starter https://github.com/kakawait/cas-security-spring-boot-starter. Is not yet finished, I need to write tests and tests more use cases but you can already try yourself using provided sample module.

@rwinch if you have 10 min to lost I will be happy to get your review about that starter.

Feel free (anyone) to discuss on Gitter.im (I'm GMT+1 timezone) for more questions.

Auto configuration is based on my limited experience of using CAS as client, but everything can be override and there is a CasSecurityConfigurerAdapter to tweak default configuration, in addition that every bean is @ConditionOnMissingBean that will allow you to override default bean if necessary.

philwebb commented 6 years ago

We're cleaning out the issue tracker and closing issues that we've not seen much demand to fix. Feel free to comment with additional justifications if you feel that this one should not have been closed.