CAS with acegi client

::SammyRulez:: sammyrulez at gmail.com
Thu May 8 06:45:32 EDT 2008 

Hi folks

I need to cassify spring app using acegi 1.0.6.

I think I had setted up all right in application xml as follows

?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd">
<beans default-autowire="byName" >

	<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy" lazy-init="false">
		<property name="filterInvocationDefinitionSource">
			<value>
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
				PATTERN_TYPE_APACHE_ANT
				/**=httpSessionContextIntegrationFilter,logoutFilter,casProcessingFilter,securityContextHolderAwareRequestFilter,exceptionTranslationFilter,filterInvocationInterceptor
			</value>
		</property>
	</bean>
	
	<bean id="serviceProperties"
class="org.acegisecurity.ui.cas.ServiceProperties">
  <property name="service"><value>https://sreghenzixp:8443/LIT-Profile_Web/j_acegi_cas_security_check</value></property>
  <property name="sendRenew"><value>false</value></property>
</bean>
<bean id="casProcessingFilter"
class="org.acegisecurity.ui.cas.CasProcessingFilter">
  <property name="authenticationManager"><ref
bean="authenticationManager"/></property>
  <property name="authenticationFailureUrl"><value>/acegijsp/accessDenied.jsp</value></property>
  <property name="defaultTargetUrl"><value>/</value></property>
  <property name="filterProcessesUrl"><value>/j_acegi_cas_security_check</value></property>
</bean>

<bean id="casProcessingFilterEntryPoint"
class="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint">
  <property name="loginUrl"><value>https://sreghenzixp:8443/CAS/login</value></property>
  <property name="serviceProperties"><ref bean="serviceProperties"/></property>
</bean>

	<bean id="httpSessionContextIntegrationFilter"
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>

	<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
		<constructor-arg value="/home.htm"/> <!-- URL redirected to after logout -->
		<constructor-arg>
			<list>
			
				<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
			</list>
		</constructor-arg>
	</bean>

	

	<bean id="securityContextHolderAwareRequestFilter"
class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
  <property name="authenticationEntryPoint"><ref
local="casProcessingFilterEntryPoint"/></property>
</bean>

	<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
		<property name="authenticationManager" ref="authenticationManager"/>
		<property name="accessDecisionManager">
			<bean class="org.acegisecurity.vote.AffirmativeBased">
				<property name="allowIfAllAbstainDecisions" value="false"/>
				<property name="decisionVoters">
					<list>
						<bean class="org.acegisecurity.vote.RoleVoter"/>
						<bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
					</list>
				</property>
			</bean>
		</property>
		<property name="objectDefinitionSource">
			<value>
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
				PATTERN_TYPE_APACHE_ANT
				/**=IS_AUTHENTICATED_ANONYMOUSLY
			</value>
		</property>
	</bean>
<!--
	<bean id="rememberMeServices"
class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
		<property name="userDetailsService" ref="userDetailsService"/>
		<property name="key" value="changeThis"/>
	</bean>
 -->
	<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
  <property name="providers">
    <list>
      <ref bean="casAuthenticationProvider"/>
    </list>
  </property>
</bean>

<bean id="casAuthenticationProvider"
class="org.acegisecurity.providers.cas.CasAuthenticationProvider">
  <property name="casAuthoritiesPopulator"><ref
bean="casAuthoritiesPopulator"/></property>
  <property name="casProxyDecider"><ref bean="casProxyDecider"/></property>
  <property name="ticketValidator"><ref
bean="casProxyTicketValidator"/></property>
  <property name="statelessTicketCache"><ref
bean="statelessTicketCache"/></property>
  <property name="key"><value>my_password_for_this_auth_provider_only</value></property>
</bean>

<bean id="casProxyTicketValidator"
class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator">
  <property name="casValidate"><value>https://sreghenzixp:8443/CAS/proxyValidate</value></property>
  <property name="proxyCallbackUrl"><value>https://sreghenzixp:8443/LIT-Profile_Web/casProxy/receptor</value></property>
  <property name="serviceProperties"><ref bean="serviceProperties"/></property>
  <!-- <property
name="trustStore"><value>/some/path/to/your/lib/security/cacerts</value></property>
-->
</bean>

<bean id="cacheManager"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
  <property name="configLocation">
    <value>classpath:/ehcache-failsafe.xml</value>
  </property>
</bean>

<bean id="ticketCacheBackend"
class="org.springframework.cache.ehcache.EhCacheFactoryBean">
  <property name="cacheManager">
    <ref local="cacheManager"/>
  </property>
  <property name="cacheName">
    <value>ticketCache</value>
  </property>
</bean>

<bean id="statelessTicketCache"
class="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache">
  <property name="cache"><ref local="ticketCacheBackend"/></property>
</bean>

<bean id="casAuthoritiesPopulator"
class="org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator">
  <property name="userDetailsService"><ref
bean="userDetailsService"/></property>
</bean>

<bean id="casProxyDecider"
class="org.acegisecurity.providers.cas.proxy.RejectProxyTickets"/>
	
	<bean id="userDetailsService"
class="it.trend.lit.acegisecurity.UserDetailsService">
	
	</bean>
	

</beans>

cert is installe right in my jboss 4.0.5, calling the webapp with the
right hostname I'm redirected to cas login, it execute authentication
right, but then I' redirected I fall on the "cassfailed page" with
this log in the consolle




12:09:34,858 DEBUG [ProviderManager] Authentication attempt using
org.acegisecurity.providers.cas.CasAuthenticationProvider
12:09:34,858 DEBUG [XmlWebApplicationContext] Publishing event in
context [org.springframework.web.context.support.XmlWebApplicationContext at 1ef3d12]:
org.acegisecurity.event.authentication.AuthenticationFailureServiceExceptionEvent[source=org.acegisecurity.providers.UsernamePasswordAuthenticationToken at f9b29b47:
Username: _cas_stateful_; Password: [PROTECTED]; Authenticated: false;
Details: org.acegisecurity.ui.WebAuthenticationDetails at 1c07a:
RemoteIpAddress: 10.1.225.123; SessionId:
534E2A0064A4F867EA0570B381A4F709; Not granted any authorities]
12:09:34,858 DEBUG [CasProcessingFilter] Updated SecurityContextHolder
to contain null Authentication
12:09:34,858 DEBUG [CasProcessingFilter] Authentication request
failed: org.acegisecurity.AuthenticationServiceException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
12:09:34,858 DEBUG [HttpSessionContextIntegrationFilter]
SecurityContextHolder set to new context, as request processing
completed
12:09:34,873 INFO  [ResourceBundleThemeSource] Theme created: name
'theme', basename [theme]
12:14:40,879 DEBUG [other] CallbackHandler:
org.jboss.security.auth.callback.SecurityAssociationHandler at dce479
12:14:40,879 DEBUG [JaasSecurityManagerService] Created
securityMgr=org.jboss.security.plugins.JaasSecurityManager at 1c2cbee
12:14:40,879 DEBUG [other] CachePolicy set to:
org.jboss.util.TimedCachePolicy at 1da89a0

casProxyTicketValidator is configured and active... I think I'm
missing something...


-- 
::SammyRulez::
http://www.kyub.com/
pownce & twitter: sammyrulez

More information about the cas mailing list