Redirect Problem
Richard Gundersen
richardgundersen at hotmail.com
Fri May 2 06:57:33 EDT 2008
Hi
I think I'm nearly there! But....
My App is using Spring Security to authenticate to CAS. I access a secure page, and it correctly sends me to CAS. I log in to CAS, and it seems to be redirecting back to the right URL, but then it sends me back to CAS again with the following URL:
https://mycomputer/cas/login;jsessionid=762CDC73672F70FFB30C000FB59FAED8?service=https%3A%2F%2Fmycomputer%3A443%2FSample4%2Fj_spring_cas_security_check
(this gives a DNS error)
If I change the loginUrl property of casProcessingFilterEntryPoint so that there's a '?' at the end, the request param string is correctly broken up, and I get sent to the 'Login Successful' cas JSP.
QUESTION 1) Is this a bug? I saw a bug about redirecting, but it was fixed a while ago, so presumably is in my very recently downloaded version of CAS server.
But I should be back at my webapp at this point. For some reason, it's sent me back to CAS.
QUESTION 2) Is my config causing a redirection problem? The certificate is setup for 'mycomputer', and my proxy is being bypassed for that computer name (just in case). It's also in my hosts file (127.0.0.1 localhost mycomputer)
Here's my applicationContext.xml
<sec:http entry-point-ref="casProcessingFilterEntryPoint">
<sec:intercept-url pattern="/secure/**" access="ROLE_USER"/>
<sec:logout />
</sec:http>
<sec:authentication-manager alias="authenticationManager"/>
<bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter">
<sec:custom-filter after="CAS_PROCESSING_FILTER"/>
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureUrl" value="/casfailed.jsp"/>
<property name="defaultTargetUrl" value="/"/>
</bean>
<bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint">
<property name="loginUrl" value="https://mycomputer:443/cas/login?"/>
<property name="serviceProperties" ref="serviceProperties"/>
</bean>
<bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
<sec:custom-authentication-provider />
<property name="userDetailsService" ref="userService"/>
<property name="serviceProperties" ref="serviceProperties" />
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="https://mycomputer:443/cas" />
</bean>
</property>
<property name="key" value="an_id_for_this_auth_provider_only"/>
</bean>
<bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties">
<property name="service" value="https://mycomputer:443/Sample4/j_spring_cas_security_check"/>
<property name="sendRenew" value="false"/>
</bean>
<sec:user-service id="userService">
<sec:user name="richard.gundersen" password="password" authorities="ROLE_SUPERVISOR,ROLE_USER" />
<sec:user name="dianne" password="dianne" authorities="ROLE_USER" />
<sec:user name="scott" password="scott" authorities="ROLE_USER" />
</sec:user-service>
Here's my log output
2008-05-02 11:56:25,179 DEBUG org.springframework.security.ui.ExceptionTranslationFilter.sendStartAuthentication:200 - Authentication entry point being called; SavedRequest added to Session: SavedRequest[http://mycomputer/Sample4/secure/secure.jsp]
2008-05-02 11:56:25,179 DEBUG org.springframework.security.ui.session.HttpSessionEventPublisher.sessionCreated:67 - Publishing event: org.springframework.security.ui.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade at 19c25e8]
2008-05-02 11:56:25,179 DEBUG org.springframework.web.context.support.XmlWebApplicationContext.publishEvent:273 - Publishing event in context [org.springframework.web.context.support.XmlWebApplicationContext at 1886a34]: org.springframework.security.ui.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade at 19c25e8]
2008-05-02 11:56:25,179 DEBUG org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp:249 - SecurityContextHolder now cleared, as request processing completed
2008-05-02 11:56:25,179 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-2-w7oHeda1o2rhz4J1ueU1-cas] for service [https://mycomputer/Sample4/j_spring_cas_security_check] for user [richard.gundersen]>
2008-05-02 11:56:25,195 DEBUG org.springframework.security.util.FilterChainProxy.getFilters:194 - Converted URL to lowercase, from: '/j_spring_cas_security_check?ticket=st-2-w7oheda1o2rhz4j1ueu1-cas'; to: '/j_spring_cas_security_check?ticket=st-2-w7oheda1o2rhz4j1ueu1-cas'
2008-05-02 11:56:25,195 DEBUG org.springframework.security.util.FilterChainProxy.getFilters:201 - Candidate is: '/j_spring_cas_security_check?ticket=st-2-w7oheda1o2rhz4j1ueu1-cas'; pattern is /**; matched=true
2008-05-02 11:56:25,195 DEBUG org.springframework.security.util.FilterChainProxy.doFilter:366 - /j_spring_cas_security_check?ticket=ST-2-w7oHeda1o2rhz4J1ueU1-cas at position 1 of 7 in additional filter chain; firing Filter: 'class org.springframework.security.context.HttpSessionContextIntegrationFilter[ order=200; ]'
2008-05-02 11:56:25,195 DEBUG org.springframework.security.context.HttpSessionContextIntegrationFilter.readSecurityContextFromSession:280 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2008-05-02 11:56:25,195 DEBUG org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp:203 - New SecurityContext instance will be associated with SecurityContextHolder
2008-05-02 11:56:25,195 DEBUG org.springframework.security.util.FilterChainProxy.doFilter:366 - /j_spring_cas_security_check?ticket=ST-2-w7oHeda1o2rhz4J1ueU1-cas at position 2 of 7 in additional filter chain; firing Filter: 'class org.springframework.security.ui.SessionFixationProtectionFilter[ order=300; ]'
2008-05-02 11:56:25,195 DEBUG org.springframework.security.util.FilterChainProxy.doFilter:366 - /j_spring_cas_security_check?ticket=ST-2-w7oHeda1o2rhz4J1ueU1-cas at position 3 of 7 in additional filter chain; firing Filter: 'class org.springframework.security.ui.logout.LogoutFilter[ order=400; ]'
2008-05-02 11:56:25,195 DEBUG org.springframework.security.util.FilterChainProxy.doFilter:366 - /j_spring_cas_security_check?ticket=ST-2-w7oHeda1o2rhz4J1ueU1-cas at position 4 of 7 in additional filter chain; firing Filter: 'org.springframework.security.config.OrderedFilterBeanDefinitionDecorator$OrderedFilterDecorator at 1133f58'
2008-05-02 11:56:25,195 DEBUG org.springframework.security.ui.cas.CasProcessingFilter.doFilterHttp:242 - Request is to process authentication
2008-05-02 11:56:25,195 DEBUG org.springframework.security.providers.ProviderManager.doAuthentication:190 - Authentication attempt using org.springframework.security.providers.cas.CasAuthenticationProvider
May 2, 2008 11:56:25 AM org.apache.tomcat.util.http.Parameters processParameters
WARNING: Parameters: Invalid chunk ignored.
2008-05-02 11:56:25,210 DEBUG org.springframework.web.context.support.XmlWebApplicationContext.publishEvent:273 - Publishing event in context [org.springframework.web.context.support.XmlWebApplicationContext at 1886a34]: org.springframework.security.event.authentication.AuthenticationSuccessEvent[source=org.springframework.security.providers.cas.CasAuthenticationToken at 47629e74: Principal: org.springframework.security.userdetails.User at f2c34a00: Username: richard.gundersen; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR, ROLE_USER; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails at fffdaa08: RemoteIpAddress: 127.0.0.1; SessionId: 7105BAEC5E94DEC1E6F89B15735C8D6D; Granted Authorities: ROLE_SUPERVISOR, ROLE_USER Assertion: org.jasig.cas.client.validation.AssertionImpl at ebeb19 Credentials (Service/Proxy Ticket): ST-2-w7oHeda1o2rhz4J1ueU1-cas]
2008-05-02 11:56:25,210 DEBUG org.springframework.security.ui.cas.CasProcessingFilter.successfulAuthentication:348 - Authentication success: org.springframework.security.providers.cas.CasAuthenticationToken at 47629e74: Principal: org.springframework.security.userdetails.User at f2c34a00: Username: richard.gundersen; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR, ROLE_USER; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails at fffdaa08: RemoteIpAddress: 127.0.0.1; SessionId: 7105BAEC5E94DEC1E6F89B15735C8D6D; Granted Authorities: ROLE_SUPERVISOR, ROLE_USER Assertion: org.jasig.cas.client.validation.AssertionImpl at ebeb19 Credentials (Service/Proxy Ticket): ST-2-w7oHeda1o2rhz4J1ueU1-cas
2008-05-02 11:56:25,210 DEBUG org.springframework.security.ui.cas.CasProcessingFilter.successfulAuthentication:354 - Updated SecurityContextHolder to contain the following Authentication: 'org.springframework.security.providers.cas.CasAuthenticationToken at 47629e74: Principal: org.springframework.security.userdetails.User at f2c34a00: Username: richard.gundersen; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR, ROLE_USER; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails at fffdaa08: RemoteIpAddress: 127.0.0.1; SessionId: 7105BAEC5E94DEC1E6F89B15735C8D6D; Granted Authorities: ROLE_SUPERVISOR, ROLE_USER Assertion: org.jasig.cas.client.validation.AssertionImpl at ebeb19 Credentials (Service/Proxy Ticket): ST-2-w7oHeda1o2rhz4J1ueU1-cas'
2008-05-02 11:56:25,210 DEBUG org.springframework.security.ui.cas.CasProcessingFilter.successfulAuthentication:364 - Redirecting to target URL from HTTP Session (or default): http://mycomputer/Sample4/secure/secure.jsp
2008-05-02 11:56:25,210 DEBUG org.springframework.web.context.support.XmlWebApplicationContext.publishEvent:273 - Publishing event in context [org.springframework.web.context.support.XmlWebApplicationContext at 1886a34]: org.springframework.security.event.authentication.InteractiveAuthenticationSuccessEvent[source=org.springframework.security.providers.cas.CasAuthenticationToken at 47629e74: Principal: org.springframework.security.userdetails.User at f2c34a00: Username: richard.gundersen; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR, ROLE_USER; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails at fffdaa08: RemoteIpAddress: 127.0.0.1; SessionId: 7105BAEC5E94DEC1E6F89B15735C8D6D; Granted Authorities: ROLE_SUPERVISOR, ROLE_USER Assertion: org.jasig.cas.client.validation.AssertionImpl at ebeb19 Credentials (Service/Proxy Ticket): ST-2-w7oHeda1o2rhz4J1ueU1-cas]
2008-05-02 11:56:25,210 DEBUG org.springframework.security.util.SessionUtils.startNewSessionIfRequired:39 - Invalidating session with Id '7105BAEC5E94DEC1E6F89B15735C8D6D' and migrating attributes.
2008-05-02 11:56:25,210 DEBUG org.springframework.security.ui.session.HttpSessionEventPublisher.sessionDestroyed:83 - Publishing event: org.springframework.security.ui.session.HttpSessionDestroyedEvent[source=org.apache.catalina.session.StandardSessionFacade at 19c25e8]
2008-05-02 11:56:25,226 DEBUG org.springframework.web.context.support.XmlWebApplicationContext.publishEvent:273 - Publishing event in context [org.springframework.web.context.support.XmlWebApplicationContext at 1886a34]: org.springframework.security.ui.session.HttpSessionDestroyedEvent[source=org.apache.catalina.session.StandardSessionFacade at 19c25e8]
2008-05-02 11:56:25,226 DEBUG org.springframework.security.ui.session.HttpSessionEventPublisher.sessionCreated:67 - Publishing event: org.springframework.security.ui.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade at 101b0fa]
2008-05-02 11:56:25,226 DEBUG org.springframework.web.context.support.XmlWebApplicationContext.publishEvent:273 - Publishing event in context [org.springframework.web.context.support.XmlWebApplicationContext at 1886a34]: org.springframework.security.ui.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade at 101b0fa]
2008-05-02 11:56:25,226 DEBUG org.springframework.security.util.SessionUtils.startNewSessionIfRequired:59 - Started new session: BCEAEC7E62C9CDD284219602DFC02C0A
2008-05-02 11:56:25,226 DEBUG org.springframework.security.context.HttpSessionContextIntegrationFilter.storeSecurityContextInSession:382 - SecurityContext stored to HttpSession: 'org.springframework.security.context.SecurityContextImpl at 47629e74: Authentication: org.springframework.security.providers.cas.CasAuthenticationToken at 47629e74: Principal: org.springframework.security.userdetails.User at f2c34a00: Username: richard.gundersen; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_SUPERVISOR, ROLE_USER; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails at fffdaa08: RemoteIpAddress: 127.0.0.1; SessionId: 7105BAEC5E94DEC1E6F89B15735C8D6D; Granted Authorities: ROLE_SUPERVISOR, ROLE_USER Assertion: org.jasig.cas.client.validation.AssertionImpl at ebeb19 Credentials (Service/Proxy Ticket): ST-2-w7oHeda1o2rhz4J1ueU1-cas'
2008-05-02 11:56:25,226 DEBUG org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp:249 - SecurityContextHolder now cleared, as request processing completed
Please help
Richard
_________________________________________________________________
Discover and Win with Live Search
http://clk.atdmt.com/UKM/go/msnnkmgl0010000007ukm/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080502/fdd97bdd/attachment.html
More information about the cas
mailing list