[cas-dev] Acegi Security 1.0.3 and JA-SIG CAS 3.0.6 final redirect loop problem!
=?gb2312?B?tcvq2A==?=
cdtdx at sohu.com
Fri Jan 19 06:39:55 EST 2007
Hi all !
I am using Acegi Security 1.0.3 and JA-SIG CAS 3.0.6 final(cas-client-java-2.1.1).
1. I try connect to my CASified application.
2. Acegi redirect me to CAS login page.
3. When I type username and password and press LOGIN button. This step should be successful, username and password are OK!
4. Cas must return me back to requested application, but instead it invoke
redirect LOOP and circle all the time. After that there's no future reaction. My Tomcat5.0's log is bellow:
------------------------------------------------------------
2007-01-19 18:24:03,234 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-28-PSsfQzVCTQv4cteqpA05EU2IPrpQrB3JSGG-20] for service [
https://localhost:8443/petclinic/j_acegi_cas_security_check
] for user [cdtdx]>
2007-01-19 18:24:03,265 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-29-QYh2HpaB5GtxlxNiAfDtUw45tlzURgnE7RX-20] for service [
https://localhost:8443/petclinic/j_acegi_cas_security_check
] for user [cdtdx]>
2007-01-19 18:24:03,375 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-30-HEercGfsjvMSwfLwbXp2yoG9lsLUpbanKbR-20] for service [
https://localhost:8443/petclinic/j_acegi_cas_security_check
] for user [cdtdx]>
2007-01-19 18:24:03,453 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-31-xrd3ejwfHoQZT0TZUiTjgiz7n9CUhQMfgwd-20] for service [
https://localhost:8443/petclinic/j_acegi_cas_security_check
] for user [cdtdx]>
2007-01-19 18:24:03,500 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-32-BjvwWjUYe2bFhrW4bnOOlPS5dBecm5a5aw5-20] for service [
https://localhost:8443/petclinic/j_acegi_cas_security_check
] for user [cdtdx]>
............repeatedly
--------------------------------------------------------------
How I may solve this problem ???
-------------------------------------------------------------
My applicationContext.xml:
<beans>
<!-- ===================CAS Config======================= -->
<bean id="serviceProperties"
class="org.acegisecurity.ui.cas.ServiceProperties">
<property name="service">
<value>
https://localhost:8443/petclinic/j_acegi_cas_security_check
</value>
</property>
<property name="sendRenew">
<value>false</value>
</property>
</bean>
<bean id="casProcessingFilter"
class="org.acegisecurity.ui.cas.CasProcessingFilter">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="authenticationFailureUrl">
<value>/casfailed.jsp</value>
</property>
<property name="defaultTargetUrl">
<value>/</value>
</property>
<property name="filterProcessesUrl">
<value>/j_acegi_cas_security_check</value>
</property>
</bean>
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<ref local="casProcessingFilterEntryPoint" />
</property>
</bean>
<bean id="casProcessingFilterEntryPoint"
class="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint">
<property name="loginUrl">
<value>https://localhost:8443/cas/login</value>
</property>
<property name="serviceProperties">
<ref bean="serviceProperties" />
</property>
</bean>
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="casAuthenticationProvider" />
</list>
</property>
</bean>
<bean id="casAuthenticationProvider"
class="org.acegisecurity.providers.cas.CasAuthenticationProvider">
<property name="casAuthoritiesPopulator">
<ref bean="casAuthoritiesPopulator" />
</property>
<property name="casProxyDecider">
<ref bean="casProxyDecider" />
</property>
<property name="ticketValidator">
<ref bean="casProxyTicketValidator" />
</property>
<property name="statelessTicketCache">
<ref bean="statelessTicketCache" />
</property>
<property name="key">
<value>my_password_for_this_auth_provider_only</value>
</property>
</bean>
<bean id="casProxyTicketValidator"
class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator">
<property name="casValidate">
<value>https://localhost:8443/cas/proxyValidate</value>
</property>
<property name="proxyCallbackUrl">
<value>
https://localhost:8443/petclinic/casProxy/receptor
</value>
</property>
<property name="serviceProperties">
<ref bean="serviceProperties" />
</property>
<!-- <property name="trustStore"><value>/some/path/to/your/lib/security/cacerts</value></property> -->
</bean>
<bean id="cacheManager"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
<property name="configLocation">
<value>classpath:/ehcache-failsafe.xml</value>
</property>
</bean>
<bean id="ticketCacheBackend"
class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<ref local="cacheManager" />
</property>
<property name="cacheName">
<value>ticketCache</value>
</property>
</bean>
<bean id="statelessTicketCache"
class="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache">
<property name="cache">
<ref local="ticketCacheBackend" />
</property>
</bean>
<bean id="casAuthoritiesPopulator"
class="org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator">
<property name="userDetailsService">
<ref bean="inMemoryDaoImpl" />
</property>
</bean>
<bean id="inMemoryDaoImpl"
class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userMap">
<value>
marissa=koala,ROLES_IGNORED_BY_CAS
dianne=emu,ROLES_IGNORED_BY_CAS
scott=wombat,ROLES_IGNORED_BY_CAS
cdtdx=1981110,ROLES_USER
cdrdx=1981110,ROLES_ADMIN
cdfdx=1981110,ROLES_GUEST
peter=opal,disabled,ROLES_IGNORED_BY_CAS
</value>
</property>
</bean>
<bean id="casProxyDecider"
class="org.acegisecurity.providers.cas.proxy.RejectProxyTickets" />
<!-- ===================================================== -->
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilter,casProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
<bean id="channelProcessingFilter"
class="org.acegisecurity.securechannel.ChannelProcessingFilter">
<property name="channelDecisionManager">
<ref bean="channelDecisionManager" />
</property>
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/acegilogin.jsp.*\Z=REQUIRES_SECURE_CHANNEL
\A/j_acegi_security_check.*\Z=REQUIRES_SECURE_CHANNEL
\A.*\Z=REQUIRES_SECURE_CHANNEL
</value>
</property>
</bean>
<bean id="channelDecisionManager"
class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<ref bean="secureChannelProcessor" />
<ref bean="insecureChannelProcessor" />
</list>
</property>
</bean>
<bean id="secureChannelProcessor"
class="org.acegisecurity.securechannel.SecureChannelProcessor" />
<bean id="insecureChannelProcessor"
class="org.acegisecurity.securechannel.InsecureChannelProcessor" />
<bean id="httpSessionContextIntegrationFilter"
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />
<bean id="logoutFilter"
class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/index.jsp" />
<!-- URL redirected to after logout -->
<constructor-arg>
<list>
<ref bean="rememberMeServices" />
<bean
class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
</list>
</constructor-arg>
</bean>
<!--
<bean id="authenticationProcessingFilter"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager"
ref="authenticationManager_local" />
<property name="authenticationFailureUrl"
value="/acegilogin.jsp?login_error=1" />
<property name="defaultTargetUrl" value="/" />
<property name="filterProcessesUrl"
value="/j_acegi_security_check" />
<property name="rememberMeServices" ref="rememberMeServices" />
</bean>
-->
<bean id="securityContextHolderAwareRequestFilter"
class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />
<bean id="rememberMeProcessingFilter"
class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
<property name="authenticationManager"
ref="authenticationManager" />
<property name="rememberMeServices" ref="rememberMeServices" />
</bean>
<bean id="anonymousProcessingFilter"
class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
<property name="key" value="changeThis" />
<property name="userAttribute"
value="anonymousUser,ROLE_ANONYMOUS" />
</bean>
<!--
<bean id="exceptionTranslationFilter_local"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/acegilogin.jsp" />
<property name="forceHttps" value="false" />
</bean>
</property>
<property name="accessDeniedHandler">
<bean
class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp" />
</bean>
</property>
</bean>
-->
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"
ref="authenticationManager" />
<property name="accessDecisionManager">
<bean class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"
value="false" />
<property name="decisionVoters">
<list>
<bean class="org.acegisecurity.vote.RoleVoter" />
<bean
class="org.acegisecurity.vote.AuthenticatedVoter" />
</list>
</property>
</bean>
</property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/docs/index.html=ROLE_ADMIN
/acegilogin.jsp=ROLE_ANONYMOUS
/**=IS_AUTHENTICATED_REMEMBERED
</value>
</property>
</bean>
<bean id="rememberMeServices"
class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
<property name="userDetailsService" ref="userDetailsService" />
<property name="key" value="changeThis" />
</bean>
<!--
<bean id="authenticationManager_local"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider" />
<bean
class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key" value="changeThis" />
</bean>
<bean
class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
<property name="key" value="changeThis" />
</bean>
</list>
</property>
</bean>
-->
<bean id="daoAuthenticationProvider"
class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService" />
<property name="userCache">
<bean
class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
<property name="cache">
<bean
class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<bean
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
</property>
<property name="cacheName" value="userCache" />
</bean>
</property>
</bean>
</property>
</bean>
<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
<!-- <bean id="userDetailsService"
class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userProperties">
<bean
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location"
value="/WEB-INF/users.properties" />
</bean>
</property>
</bean>-->
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<value>org.hsqldb.jdbcDriver</value>
</property>
<property name="url">
<value>jdbc:hsqldb:hsql://localhost:9001</value>
</property>
<property name="username">
<value>sa</value>
</property>
<property name="password">
<value></value>
</property>
</bean>
<bean id="userDetailsService"
class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource" />
</property>
</bean>
<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
<bean id="loggerListener"
class="org.acegisecurity.event.authentication.LoggerListener" />
</beans>
-------------------------------------------------------------------
Below I insert my deployerConfigContext.xml from CAS :
------------------------------------------------------------
deployerConfigContext.xml
<beans>
<bean id="authenticationManager"
class="org.jasig.cas.authentication.AuthenticationManagerImpl">
<property name="credentialsToPrincipalResolvers">
<list>
<bean
class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
<bean
class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
</list>
</property>
<property name="authenticationHandlers">
<list>
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" />
<bean class="org.acegisecurity.adapters.cas3.CasAuthenticationHandler">
<property name="authenticationManager" ref="acegiAuthenticationManager" />
</bean>
</list>
</property>
</bean>
<bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userMap">
<value>
marissa=koala,ROLES_IGNORED_BY_CAS
dianne=emu,ROLES_IGNORED_BY_CAS
scott=wombat,ROLES_IGNORED_BY_CAS
cdtdx=1981110,ROLES_IGNORED_BY_CAS
cdrdx=1981110,ROLES_IGNORED_BY_CAS
cdfdx=1981110,ROLES_IGNORED_BY_CAS
peter=opal,disabled,ROLES_IGNORED_BY_CAS
</value>
</property>
</bean>
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService"><ref bean="inMemoryDaoImpl"/></property>
</bean>
<bean id="acegiAuthenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="daoAuthenticationProvider"/>
</list>
</property>
</bean>
</beans>
---------------------------------------------------------------
Very wait aswers !!!!!
With regards, Ciro Deng
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20070119/dc057ed2/attachment-0001.html
More information about the cas-dev
mailing list