TechQA.

Spring Security with CAS redirect loop

340 views Asked by At

I've been stumbling for the last few days on a redirect loop when integrating a CAS SSO to one of my web app. This happens just after I've logged in thanks to the CAS

I've been monitoring the requests that are being exchanged between the CAS and my web app, and they seem to be working.

I suspect that the problem might come from a bad implementation of the user rights / tokens.

Here's my file : 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
    xmlns:sec="http://www.springframework.org/schema/security" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:util="http://www.springframework.org/schema/util"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">

<bean id="userAuditService" class="net.UserAuditServiceImpl">
        <property name="passwordEncoder" ref="passwordEncoder" />
        <property name="seedGenerator" ref="seedGenerator" />
        <property name="canResetPassword" value="${security.resetPassword.enabled}" />
    </bean>

<sec:http entry-point-ref="casEntryPoint">
  <sec:intercept-url pattern="/**" access="ROLE_USER"/> 
  <sec:custom-filter position="CAS_FILTER" ref="casFilter" />
</sec:http>

<bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
  <property name="loginUrl" value="http://localhost:8080/cas/login" />
  <property name="serviceProperties" ref="serviceProperties" />
</bean>

<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
        <property name="service" value="http://localhost:8088/myapp/supervision"/>
        <property name="sendRenew" value="false"/>
</bean> 

<bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationSuccessHandler">
            <bean
                class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler" />
        </property>
        <property name="filterProcessesUrl" value="http://localhost:8088/myapp/supervision"/>

<sec:authentication-manager alias="authenticationManager">
        <sec:authentication-provider ref="casAuthenticationProvider" />
</sec:authentication-manager>

<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
        <property name="authenticationUserDetailsService">
            <bean id="authenticationUserDetailsService" class="net.spAuthenticationUserDetailsService" >
                <constructor-arg ref="userAuditService" />
            </bean>
        </property>
        <property name="serviceProperties" ref="serviceProperties" />
        <property name="ticketValidator">
            <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
                <constructor-arg index="0" value="http://localhost:8080/cas" />
            </bean>
        </property>
        <property name="key" value="an_id_for_this_auth_provider_only"/>
    </bean>

</beans>

My AuthenticationUserDetailsService class : 

public class spAuthenticationUserDetailsService implements AuthenticationUserDetailsService {

    private final Logger logger = LoggerFactory.getLogger(getClass());

    private UserAuditService userAuditService;

    public spAuthenticationUserDetailsService(final UserAuditService userAuditService) {
        this.userAuditService = userAuditService;
    }

    @Override
    public UserDetails loadUserDetails(Authentication token) throws UsernameNotFoundException {
        AuditUser user = userAuditService.findByLogin(token.getName());
        logger.info(">> loadUserDetails : user name : " + user.getLogin());
        return new UserDetailsAdapter(user);
    }
}

Any ideas what I am doing wrong ?

Thanks !

spring spring-security cas spring-security-cas
Original Q&A
1

There are 1 answers

2
dgofactory On

(Note: this should be just a comment but I can't comment). Could you try just cleaning your web browser cache, I've had a similar trouble in the past with this configuration and it was just a bad cache in chrome.

Related Questions in SPRING

Related Questions in SPRING-SECURITY

Related Questions in CAS

Related Questions in SPRING-SECURITY-CAS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions