SEC-1344: Minor CAS doc updates
This commit is contained in:
Luke Taylor
parent
0aab19ed4b
commit
b737fa451d
|
|
@ -17,13 +17,13 @@
|
|||
<title>How CAS Works</title>
|
||||
</info>
|
||||
<para>Whilst the CAS web site contains documents that detail the architecture of CAS, we present
|
||||
the general overview again here within the context of Spring Security. Spring Security 2.0
|
||||
supports CAS 3. At the time of writing, the CAS server was at version 3.2.</para>
|
||||
the general overview again here within the context of Spring Security. Spring Security 3.0
|
||||
supports CAS 3. At the time of writing, the CAS server was at version 3.3.</para>
|
||||
<para>Somewhere in your enterprise you will need to setup a CAS server. The CAS server is simply
|
||||
a standard WAR file, so there isn't anything difficult about setting up your server. Inside
|
||||
the WAR file you will customise the login and other single sign on pages displayed to
|
||||
users.</para>
|
||||
<para>When deploying a CAS 3.2 server, you will also need to specify an
|
||||
<para>When deploying a CAS 3.3 server, you will also need to specify an
|
||||
<literal>AuthenticationHandler</literal> in the
|
||||
<filename>deployerConfigContext.xml</filename> included with CAS. The
|
||||
<literal>AuthenticationHandler</literal> has a simple method that returns a boolean as to
|
||||
|
|
@ -251,8 +251,8 @@
|
|||
<para>The web application side of CAS is made easy due to Spring Security. It is assumed you
|
||||
already know the basics of using Spring Security, so these are not covered again below. We'll
|
||||
assume a namespace based configuration is being used and add in the CAS beans as required. </para>
|
||||
<para>You will need to add a <literal>ServiceProperties</literal> bean to your application
|
||||
context. This represents your service:</para>
|
||||
<para>You will need to add a <classname>ServiceProperties</classname> bean to your application
|
||||
context. This represents your CAS service:</para>
|
||||
<para>
|
||||
<programlisting><![CDATA[
|
||||
<bean id="serviceProperties"
|
||||
|
|
@ -273,11 +273,7 @@
|
|||
(assuming you're using a namespace configuration):</para>
|
||||
<para>
|
||||
<programlisting><![CDATA[
|
||||
<security:authentication-manager alias="authenticationManager">
|
||||
...
|
||||
</security:authentication-manager>
|
||||
|
||||
<security:http>
|
||||
<security:http entry-point-ref="casEntryPoint">
|
||||
...
|
||||
<custom-filter position="FORM_LOGIN_FILTER" ref="myFilter" />
|
||||
</security:http>
|
||||
|
|
@ -285,8 +281,6 @@
|
|||
<bean id="casFilter"
|
||||
class="org.springframework.security.cas.web.CasAuthenticationFilter">
|
||||
<property name="authenticationManager" ref="authenticationManager"/>
|
||||
<property name="authenticationFailureUrl" value="/casfailed.jsp"/>
|
||||
<property name="defaultTargetUrl" value="/"/>
|
||||
</bean>
|
||||
|
||||
<bean id="casEntryPoint"
|
||||
|
|
@ -295,27 +289,27 @@
|
|||
<property name="serviceProperties" ref="serviceProperties"/>
|
||||
</bean>
|
||||
]]>
|
||||
|
||||
</programlisting>
|
||||
</para>
|
||||
<para> The <classname>CasAuthenticationEntryPoint</classname> should be selected to drive
|
||||
authentication using <link xlink:href="ns-entry-point-ref"
|
||||
><literal>entry-point-ref</literal></link>. </para>
|
||||
<para>The <literal>CasAuthenticationFilter</literal> has very similar properties to the
|
||||
<literal>UsernamePasswordAuthenticationFilter</literal> (used for form-based logins). Each
|
||||
property is self-explanatory. Note that we've also used the namespace syntax for setting up an
|
||||
alias to the authentication manager, since the <literal>CasAuthenticationFilter</literal>
|
||||
needs a reference to it.</para>
|
||||
<para>The <classname>CasAuthenticationFilter</classname> has very similar properties to the
|
||||
<classname>UsernamePasswordAuthenticationFilter</classname> (used for form-based logins).
|
||||
</para>
|
||||
<para>For CAS to operate, the <classname>ExceptionTranslationFilter</classname> must have its
|
||||
<literal>authenticationEntryPoint</literal> property set to the
|
||||
<literal>CasAuthenticationEntryPoint</literal> bean.</para>
|
||||
<para>The <literal>CasAuthenticationEntryPoint</literal> must refer to the
|
||||
<literal>ServiceProperties</literal> bean (discussed above), which provides the URL to the
|
||||
<classname>CasAuthenticationEntryPoint</classname> bean.</para>
|
||||
<para>The <classname>CasAuthenticationEntryPoint</classname> must refer to the
|
||||
<classname>ServiceProperties</classname> bean (discussed above), which provides the URL to the
|
||||
enterprise's CAS login server. This is where the user's browser will be redirected.</para>
|
||||
<para>Next you need to add a <literal>CasAuthenticationProvider</literal> and its collaborators: <programlisting><![CDATA[
|
||||
<security:authentication-manager alias="authenticationManager">
|
||||
<security:authentication-provider ref="casAuthenticationProvider" />
|
||||
</security:authentication-manager>
|
||||
|
||||
<bean id="casAuthenticationProvider"
|
||||
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
|
||||
<security:custom-authentication-provider />
|
||||
<property name="userDetailsService" ref="userService"/>
|
||||
<property name="serviceProperties" ref="serviceProperties" />
|
||||
<property name="ticketValidator">
|
||||
|
|
|
|||
Loading…
Reference in New Issue