I have been tasked with adding password change functionality to our CAS Server, but am new to CAS as well as Spring. I have successfully added a multi action controller to the overlay, but I am at a loss as to how to secure the views and require the user to be authenticated before viewing the pages. As of now, this is what I have added to the CAS overlay project:
web.xml
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/pm/change/*</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>cas</servlet-name>
<url-pattern>/pm/change/*</url-pattern>
</servlet-mapping>
cas-servlet.xml
<property name="mappings">
<props>
...
<prop key="/pm/change/*">passwordChangeController</prop>
</props>
</property>
<bean id="passwordChangeController" class="...PasswordChangeController"
p:passwordChangeView="default/ui/pmPasswordChangeView"
p:passwordChangeSuccessView="default/ui/pmPasswordChangeSuccessView"
/>
I believe I am missing mappings in securityContext.xml, but everything I have tried there has ended in endless redirect loops, or simply access denied messages in all cases.
Any advice would be much appreciated.
Thank you