[cas-dev] Acegi Security 1.0.3 and JA-SIG CAS 3.0.6 final redirect loop problem!
Scott Battaglia
scott.battaglia at gmail.com
Fri Jan 19 11:04:26 EST 2007
This probably belongs on the CAS Users Mailing List or Acegi Users List and
not the CAS Dev List. Thou
Turn on the debug level for Acegi Security and see which filter is executing
to send it back
to the CAS server after the authentication. You most likely have your
filters on the Acegi side configured incorrectly.
-Scott
On 1/19/07, µËêØ <cdtdx at sohu.com> wrote:
>
> Hi all !
> I am using Acegi Security 1.0.3 and JA-SIG CAS 3.0.6 final(
> cas-client-java-2.1.1).
> 1. I try connect to my CASified application.
> 2. Acegi redirect me to CAS login page.
> 3. When I type username and password and press LOGIN button. This step
> should be successful, username and password are OK!
> 4. Cas must return me back to requested application, but instead it invoke
> redirect LOOP and circle all the time. After that there's no future
> reaction. My Tomcat5.0's log is bellow:
> ------------------------------------------------------------
> 2007-01-19 18:24:03,234 INFO [
> org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket
> [ST-28-PSsfQzVCTQv4cteqpA05EU2IPrpQrB3JSGG-20] for service [
> https://localhost:8443/petclinic/j_acegi_cas_security_check
> ] for user [cdtdx]>
> 2007-01-19 18:24:03,265 INFO [
> org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket
> [ST-29-QYh2HpaB5GtxlxNiAfDtUw45tlzURgnE7RX-20] for service [
> https://localhost:8443/petclinic/j_acegi_cas_security_check
> ] for user [cdtdx]>
> 2007-01-19 18:24:03,375 INFO [
> org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket
> [ST-30-HEercGfsjvMSwfLwbXp2yoG9lsLUpbanKbR-20] for service [
> https://localhost:8443/petclinic/j_acegi_cas_security_check
> ] for user [cdtdx]>
> 2007-01-19 18:24:03,453 INFO [
> org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket
> [ST-31-xrd3ejwfHoQZT0TZUiTjgiz7n9CUhQMfgwd-20] for service [
> https://localhost:8443/petclinic/j_acegi_cas_security_check
> ] for user [cdtdx]>
> 2007-01-19 18:24:03,500 INFO [
> org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket
> [ST-32-BjvwWjUYe2bFhrW4bnOOlPS5dBecm5a5aw5-20] for service [
> https://localhost:8443/petclinic/j_acegi_cas_security_check
> ] for user [cdtdx]>
> ............repeatedly
> --------------------------------------------------------------
> How I may solve this problem ???
>
>
> -------------------------------------------------------------
> My applicationContext.xml:
> <beans>
> <!-- ===================CAS Config======================= -->
> <bean id="serviceProperties"
> class="org.acegisecurity.ui.cas.ServiceProperties">
> <property name="service">
> <value>
> https://localhost:8443/petclinic/j_acegi_cas_security_check
> </value>
> </property>
> <property name="sendRenew">
> <value>false</value>
> </property>
> </bean>
>
> <bean id="casProcessingFilter"
> class="org.acegisecurity.ui.cas.CasProcessingFilter">
> <property name="authenticationManager">
> <ref bean="authenticationManager" />
> </property>
> <property name="authenticationFailureUrl">
> <value>/casfailed.jsp</value>
> </property>
> <property name="defaultTargetUrl">
> <value>/</value>
> </property>
> <property name="filterProcessesUrl">
> <value>/j_acegi_cas_security_check</value>
> </property>
> </bean>
>
> <bean id="exceptionTranslationFilter"
> class="org.acegisecurity.ui.ExceptionTranslationFilter">
> <property name="authenticationEntryPoint">
> <ref local="casProcessingFilterEntryPoint" />
> </property>
> </bean>
>
> <bean id="casProcessingFilterEntryPoint"
> class="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint">
> <property name="loginUrl">
> <value>https://localhost:8443/cas/login</value>
> </property>
> <property name="serviceProperties">
> <ref bean="serviceProperties" />
> </property>
> </bean>
>
> <bean id="authenticationManager"
> class="org.acegisecurity.providers.ProviderManager">
> <property name="providers">
> <list>
> <ref bean="casAuthenticationProvider" />
> </list>
> </property>
> </bean>
>
> <bean id="casAuthenticationProvider"
> class="org.acegisecurity.providers.cas.CasAuthenticationProvider">
> <property name="casAuthoritiesPopulator">
> <ref bean="casAuthoritiesPopulator" />
> </property>
> <property name="casProxyDecider">
> <ref bean="casProxyDecider" />
> </property>
> <property name="ticketValidator">
> <ref bean="casProxyTicketValidator" />
> </property>
> <property name="statelessTicketCache">
> <ref bean="statelessTicketCache" />
> </property>
> <property name="key">
> <value>my_password_for_this_auth_provider_only</value>
> </property>
> </bean>
>
> <bean id="casProxyTicketValidator"
> class="
> org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator">
> <property name="casValidate">
> <value>https://localhost:8443/cas/proxyValidate</value>
> </property>
> <property name="proxyCallbackUrl">
> <value>
> https://localhost:8443/petclinic/casProxy/receptor
> </value>
> </property>
> <property name="serviceProperties">
> <ref bean="serviceProperties" />
> </property>
> <!-- <property
> name="trustStore"><value>/some/path/to/your/lib/security/cacerts</value></property>
> -->
> </bean>
>
> <bean id="cacheManager"
> class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
> <property name="configLocation">
> <value>classpath:/ehcache-failsafe.xml</value>
> </property>
> </bean>
>
> <bean id="ticketCacheBackend"
> class="org.springframework.cache.ehcache.EhCacheFactoryBean">
> <property name="cacheManager">
> <ref local="cacheManager" />
> </property>
> <property name="cacheName">
> <value>ticketCache</value>
> </property>
> </bean>
>
> <bean id="statelessTicketCache"
> class="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache">
> <property name="cache">
> <ref local="ticketCacheBackend" />
> </property>
> </bean>
>
> <bean id="casAuthoritiesPopulator"
> class="
> org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator">
> <property name="userDetailsService">
> <ref bean="inMemoryDaoImpl" />
> </property>
> </bean>
>
> <bean id="inMemoryDaoImpl"
> class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
> <property name="userMap">
> <value>
> marissa=koala,ROLES_IGNORED_BY_CAS
> dianne=emu,ROLES_IGNORED_BY_CAS
> scott=wombat,ROLES_IGNORED_BY_CAS
> cdtdx=1981110,ROLES_USER
> cdrdx=1981110,ROLES_ADMIN
> cdfdx=1981110,ROLES_GUEST
> peter=opal,disabled,ROLES_IGNORED_BY_CAS
> </value>
> </property>
> </bean>
>
> <bean id="casProxyDecider"
> class="org.acegisecurity.providers.cas.proxy.RejectProxyTickets" />
>
>
> <!-- ===================================================== -->
>
>
> <bean id="filterChainProxy"
> class="org.acegisecurity.util.FilterChainProxy">
> <property name="filterInvocationDefinitionSource">
> <value>
> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
> PATTERN_TYPE_APACHE_ANT
>
> /**=httpSessionContextIntegrationFilter,logoutFilter,casProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
> </value>
> </property>
> </bean>
>
> <bean id="channelProcessingFilter"
> class="org.acegisecurity.securechannel.ChannelProcessingFilter">
> <property name="channelDecisionManager">
> <ref bean="channelDecisionManager" />
> </property>
> <property name="filterInvocationDefinitionSource">
> <value>
> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
> \A/acegilogin.jsp.*\Z=REQUIRES_SECURE_CHANNEL
> \A/j_acegi_security_check.*\Z=REQUIRES_SECURE_CHANNEL
> \A.*\Z=REQUIRES_SECURE_CHANNEL
> </value>
> </property>
> </bean>
>
> <bean id="channelDecisionManager"
> class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl">
> <property name="channelProcessors">
> <list>
> <ref bean="secureChannelProcessor" />
> <ref bean="insecureChannelProcessor" />
> </list>
> </property>
> </bean>
>
> <bean id="secureChannelProcessor"
> class="org.acegisecurity.securechannel.SecureChannelProcessor" />
> <bean id="insecureChannelProcessor"
> class="org.acegisecurity.securechannel.InsecureChannelProcessor" />
>
>
> <bean id="httpSessionContextIntegrationFilter"
> class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />
>
> <bean id="logoutFilter"
> class="org.acegisecurity.ui.logout.LogoutFilter">
> <constructor-arg value="/index.jsp" />
> <!-- URL redirected to after logout -->
> <constructor-arg>
> <list>
> <ref bean="rememberMeServices" />
> <bean
> class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
> </list>
> </constructor-arg>
> </bean>
>
> <!--
> <bean id="authenticationProcessingFilter"
> class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
> <property name="authenticationManager"
> ref="authenticationManager_local" />
> <property name="authenticationFailureUrl"
> value="/acegilogin.jsp?login_error=1" />
> <property name="defaultTargetUrl" value="/" />
> <property name="filterProcessesUrl"
> value="/j_acegi_security_check" />
> <property name="rememberMeServices" ref="rememberMeServices" />
> </bean>
> -->
> <bean id="securityContextHolderAwareRequestFilter"
> class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"
> />
>
> <bean id="rememberMeProcessingFilter"
> class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
> <property name="authenticationManager"
> ref="authenticationManager" />
> <property name="rememberMeServices" ref="rememberMeServices" />
> </bean>
>
> <bean id="anonymousProcessingFilter"
> class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
> <property name="key" value="changeThis" />
> <property name="userAttribute"
> value="anonymousUser,ROLE_ANONYMOUS" />
> </bean>
>
> <!--
> <bean id="exceptionTranslationFilter_local"
> class="org.acegisecurity.ui.ExceptionTranslationFilter">
> <property name="authenticationEntryPoint">
> <bean
> class="
> org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
> <property name="loginFormUrl" value="/acegilogin.jsp" />
> <property name="forceHttps" value="false" />
> </bean>
> </property>
> <property name="accessDeniedHandler">
> <bean
> class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
> <property name="errorPage" value="/accessDenied.jsp" />
> </bean>
> </property>
> </bean>
> -->
>
> <bean id="filterInvocationInterceptor"
> class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
> <property name="authenticationManager"
> ref="authenticationManager" />
> <property name="accessDecisionManager">
> <bean class="org.acegisecurity.vote.AffirmativeBased">
> <property name="allowIfAllAbstainDecisions"
> value="false" />
> <property name="decisionVoters">
> <list>
> <bean class="org.acegisecurity.vote.RoleVoter" />
> <bean
> class="org.acegisecurity.vote.AuthenticatedVoter" />
> </list>
> </property>
> </bean>
> </property>
> <property name="objectDefinitionSource">
> <value>
> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
> PATTERN_TYPE_APACHE_ANT
> /docs/index.html=ROLE_ADMIN
> /acegilogin.jsp=ROLE_ANONYMOUS
> /**=IS_AUTHENTICATED_REMEMBERED
> </value>
> </property>
>
> </bean>
>
> <bean id="rememberMeServices"
> class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
> <property name="userDetailsService" ref="userDetailsService" />
> <property name="key" value="changeThis" />
> </bean>
>
> <!--
> <bean id="authenticationManager_local"
> class="org.acegisecurity.providers.ProviderManager">
> <property name="providers">
> <list>
> <ref local="daoAuthenticationProvider" />
> <bean
> class="
> org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
> <property name="key" value="changeThis" />
> </bean>
> <bean
> class="
> org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
> <property name="key" value="changeThis" />
> </bean>
> </list>
> </property>
> </bean>
> -->
>
> <bean id="daoAuthenticationProvider"
> class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
> <property name="userDetailsService" ref="userDetailsService" />
> <property name="userCache">
> <bean
> class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
> <property name="cache">
> <bean
> class="org.springframework.cache.ehcache.EhCacheFactoryBean">
> <property name="cacheManager">
> <bean
> class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"
> />
> </property>
> <property name="cacheName" value="userCache" />
> </bean>
> </property>
> </bean>
> </property>
> </bean>
>
> <!-- UserDetailsService is the most commonly frequently Acegi Security
> interface implemented by end users -->
> <!-- <bean id="userDetailsService"
> class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
> <property name="userProperties">
> <bean
> class="org.springframework.beans.factory.config.PropertiesFactoryBean">
> <property name="location"
> value="/WEB-INF/users.properties" />
> </bean>
> </property>
> </bean>-->
>
> <bean id="dataSource"
> class="org.springframework.jdbc.datasource.DriverManagerDataSource">
> <property name="driverClassName">
> <value>org.hsqldb.jdbcDriver</value>
> </property>
> <property name="url">
> <value>jdbc:hsqldb:hsql://localhost:9001</value>
> </property>
> <property name="username">
> <value>sa</value>
> </property>
> <property name="password">
> <value></value>
> </property>
> </bean>
>
> <bean id="userDetailsService"
> class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
> <property name="dataSource">
> <ref bean="dataSource" />
> </property>
> </bean>
>
> <!-- This bean is optional; it isn't used by any other bean as it only
> listens and logs -->
> <bean id="loggerListener"
> class="org.acegisecurity.event.authentication.LoggerListener" />
>
> </beans>
> -------------------------------------------------------------------
>
>
> Below I insert my deployerConfigContext.xml from CAS :
> ------------------------------------------------------------
> deployerConfigContext.xml
>
> <beans>
>
> <bean id="authenticationManager"
> class="org.jasig.cas.authentication.AuthenticationManagerImpl">
>
> <property name="credentialsToPrincipalResolvers">
> <list>
>
> <bean
> class="
> org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"
> />
>
> <bean
> class="
> org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver"
> />
> </list>
> </property>
>
>
> <property name="authenticationHandlers">
> <list>
>
> <bean
> class="
> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> />
>
>
> <bean class="org.acegisecurity.adapters.cas3.CasAuthenticationHandler
> ">
> <property name="authenticationManager"
> ref="acegiAuthenticationManager" />
> </bean>
>
> </list>
> </property>
> </bean>
>
> <bean id="inMemoryDaoImpl" class="
> org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
> <property name="userMap">
> <value>
> marissa=koala,ROLES_IGNORED_BY_CAS
> dianne=emu,ROLES_IGNORED_BY_CAS
> scott=wombat,ROLES_IGNORED_BY_CAS
> cdtdx=1981110,ROLES_IGNORED_BY_CAS
> cdrdx=1981110,ROLES_IGNORED_BY_CAS
> cdfdx=1981110,ROLES_IGNORED_BY_CAS
> peter=opal,disabled,ROLES_IGNORED_BY_CAS
> </value>
> </property>
> </bean>
>
> <bean id="daoAuthenticationProvider" class="
> org.acegisecurity.providers.dao.DaoAuthenticationProvider">
> <property name="userDetailsService"><ref
> bean="inMemoryDaoImpl"/></property>
> </bean>
>
> <bean id="acegiAuthenticationManager" class="
> org.acegisecurity.providers.ProviderManager">
> <property name="providers">
> <list>
> <ref bean="daoAuthenticationProvider"/>
> </list>
> </property>
> </bean>
>
>
> </beans>
> ---------------------------------------------------------------
>
>
>
>
>
> Very wait aswers !!!!!
> With regards, Ciro Deng
>
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070119/d0ba50e9/attachment-0001.html
More information about the cas
mailing list