[cas-dev] Acegi not redirecting to CAS
Kevin Jordan
kevin at kjordan.net
Tue Dec 11 09:22:39 EST 2007
Ah, I see, there's a URL in FilterSecurityInterceptor that looked all
weird and that's probably why I overlooked it. Changed that and CAS
came up. Thanks for your help.
Scott Battaglia wrote:
> As I stated, take a look at the bean that defines the URLs to protect
> and the ROLES required for those URLs.
>
> -Scott
>
> On Dec 11, 2007 8:47 AM, Kevin Jordan < kevin at kjordan.net
> <mailto:kevin at kjordan.net>> wrote:
>
> As far as I can tell,
> <filter>
>
> <filter-name>Acegi CAS Processing Filter</filter-name>
>
> <filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
> <init-param>
> <param-name>targetClass</param-name>
> <!--
> <param-value>org.acegisecurity.ui.cas.CasProcessingFilter</param-value>-->
>
> <param-value>org.acegisecurity.util.FilterChainProxy</param-value>
> </init-param>
> </filter>
> is the filter used by my URL pattern which then
> <bean id="filterChainProxy"
> class="org.acegisecurity.util.FilterChainProxy">
> <property name="filterInvocationDefinitionSource">
> <value>
> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
> PATTERN_TYPE_APACHE_ANT
>
> /**=channelProcessingFilter,httpSessionContextIntegrationFilter,logoutFilter,casProcessingFilter,basicProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
> </value>
> </property>
> </bean>
> seems to have /** for the URL in there which should protect
> everything in my webapp with the chain of beans on the right of
> the equal sign, I would think assuming I'm reading that
> correctly. Is that not correct? Is there an error in my chain
> somewhere?
>
> That was based off their contacts example. The reference guide
> doesn't even have a filter chain, it just has that commented out
> CasProcessingFilter which didn't seem to work either.
>
> Scott Battaglia wrote:
>> You need to configure Acegi to protect the URLs you want
>> protected with the appropriate roles. Look at your configuration
>> file, and you'll see pattern-matching URLs with appropriate roles
>> after them. Make sure they match the URLs you want protected.
>>
>> -Scott
>>
>> On Dec 11, 2007 8:16 AM, Kevin Jordan <kevin at kjordan.net
>> <mailto:kevin at kjordan.net>> wrote:
>>
>> Do you know what property I need to set then in my config
>> files to require authentication? I've been following
>> http://acegisecurity.org/guide/springsecurity.html#cas and
>> the contacts example, but if that's not the property that
>> requires authentication, then I can't seem to see which one
>> does since that's the only thing with a url-pattern in it.
>>
>> Scott Battaglia wrote:
>>> No, all that tells you to do is delegate all filtering to
>>> Acegi and then you're configuring Acegi to tell it which
>>> urls to protect.
>>>
>>> -Scott
>>>
>>> On Dec 11, 2007 7:55 AM, Kevin M. Jordan < kevin at kjordan.net
>>> <mailto:kevin at kjordan.net>> wrote:
>>>
>>>
>>> Should:
>>> <filter-mapping>
>>> <filter-name>Acegi CAS Processing Filter</filter-name>
>>> <url-pattern>/*</url-pattern>
>>> </filter-mapping>
>>> not make all the stuff in my webapp be forced under CAS?
>>>
>>>
>>> scott_battaglia wrote:
>>> >
>>> > Make sure you are attempting to access a URL in your
>>> application that has
>>> > been configured to require authentication (i.e.
>>> something under /secure/*)
>>> >
>>> > Also, this discussion is best had on the user list as
>>> its unrelated to CAS
>>> > development.
>>> >
>>> > -Scott
>>> >
>>> > On Dec 9, 2007 1:51 AM, Kevin Jordan <
>>> kevin at kjordan.net <mailto:kevin at kjordan.net>> wrote:
>>> >
>>> >> I'm using the examples in the Acegi documentation as
>>> well as the contacts
>>> >> example as a guide to set up acegi as a cas client,
>>> but I can't seem to
>>> >> get
>>> >> either to work when I put them into my own
>>> application. I can get the
>>> >> contacts example to redirect when I put the
>>> *security-cas.xml file
>>> >> instead
>>> >> of just security.xml in the web.xml file and modify
>>> the cas locations.
>>> >> However, I can't seem to figure out which one bean or
>>> property makes it
>>> >> redirect. If anyone can share any insight into my
>>> config files. I did get
>>> >> it
>>> >> working prior with the ja-sig client, but I found a
>>> hibernate audit
>>> >> logging
>>> >> example which uses acegi to get the username which is
>>> good because the
>>> >> only
>>> >> way I can get it right now with the ja-sig client is
>>> through
>>> >> request.getRemoteUser().
>>> >>
>>> >> http://kjordan.net/securityConfiguration.xml
>>> >> http://kjordan.net/web.xml
>>> >>
>>> >> The only other things in my web.xml which aren't in
>>> the posted one are
>>> >> servlet mappings and a hibernate listener to
>>> autostart the
>>> >> sessionfactory.
>>> >>
>>> >> _______________________________________________
>>> >> cas-dev mailing list
>>> >> cas-dev at tp.its.yale.edu <mailto:cas-dev at tp.its.yale.edu>
>>> >> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>>> >>
>>> >
>>> >
>>> >
>>> > --
>>> > -Scott Battaglia
>>> >
>>> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
>>> <http://www.linkedin.com/in/scottbattaglia>
>>> >
>>> > _______________________________________________
>>> > Yale CAS mailing list
>>> > cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>>> > http://tp.its.yale.edu/mailman/listinfo/cas
>>> >
>>> >
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Re%3A--cas-dev--Acegi-not-redirecting-to-CAS-tp14254013p14273398.html
>>> Sent from the CAS Users mailing list archive at
>>> Nabble.com <http://Nabble.com>.
>>>
>>> _______________________________________________
>>> Yale CAS mailing list
>>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>> <http://tp.its.yale.edu/mailman/listinfo/cas>
>>>
>>>
>>>
>>>
>>> --
>>> -Scott Battaglia
>>>
>>> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>>> ------------------------------------------------------------------------
>>> _______________________________________________ Yale CAS
>>> mailing list cas at tp.its.yale.edu
>>> <mailto:cas at tp.its.yale.edu>
>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>>
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>> http://tp.its.yale.edu/mailman/listinfo/cas
>> <http://tp.its.yale.edu/mailman/listinfo/cas>
>>
>>
>>
>>
>> --
>> -Scott Battaglia
>>
>> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>> ------------------------------------------------------------------------
>> _______________________________________________ Yale CAS mailing
>> list cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> http://tp.its.yale.edu/mailman/listinfo/cas
> <http://tp.its.yale.edu/mailman/listinfo/cas>
>
>
>
>
> --
> -Scott Battaglia
>
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
> ------------------------------------------------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
More information about the cas
mailing list