mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-25 13:32:30 +00:00
SEC-1344: Minor CAS doc updates
This commit is contained in:
Luke Taylor
parent
0aab19ed4b
commit
b737fa451d
@ -17,13 +17,13 @@
|
|||||||
<title>How CAS Works</title>
|
<title>How CAS Works</title>
|
||||||
</info>
|
</info>
|
||||||
<para>Whilst the CAS web site contains documents that detail the architecture of CAS, we present
|
<para>Whilst the CAS web site contains documents that detail the architecture of CAS, we present
|
||||||
the general overview again here within the context of Spring Security. Spring Security 2.0
|
the general overview again here within the context of Spring Security. Spring Security 3.0
|
||||||
supports CAS 3. At the time of writing, the CAS server was at version 3.2.</para>
|
supports CAS 3. At the time of writing, the CAS server was at version 3.3.</para>
|
||||||
<para>Somewhere in your enterprise you will need to setup a CAS server. The CAS server is simply
|
<para>Somewhere in your enterprise you will need to setup a CAS server. The CAS server is simply
|
||||||
a standard WAR file, so there isn't anything difficult about setting up your server. Inside
|
a standard WAR file, so there isn't anything difficult about setting up your server. Inside
|
||||||
the WAR file you will customise the login and other single sign on pages displayed to
|
the WAR file you will customise the login and other single sign on pages displayed to
|
||||||
users.</para>
|
users.</para>
|
||||||
<para>When deploying a CAS 3.2 server, you will also need to specify an
|
<para>When deploying a CAS 3.3 server, you will also need to specify an
|
||||||
<literal>AuthenticationHandler</literal> in the
|
<literal>AuthenticationHandler</literal> in the
|
||||||
<filename>deployerConfigContext.xml</filename> included with CAS. The
|
<filename>deployerConfigContext.xml</filename> included with CAS. The
|
||||||
<literal>AuthenticationHandler</literal> has a simple method that returns a boolean as to
|
<literal>AuthenticationHandler</literal> has a simple method that returns a boolean as to
|
||||||
@ -251,8 +251,8 @@
|
|||||||
<para>The web application side of CAS is made easy due to Spring Security. It is assumed you
|
<para>The web application side of CAS is made easy due to Spring Security. It is assumed you
|
||||||
already know the basics of using Spring Security, so these are not covered again below. We'll
|
already know the basics of using Spring Security, so these are not covered again below. We'll
|
||||||
assume a namespace based configuration is being used and add in the CAS beans as required. </para>
|
assume a namespace based configuration is being used and add in the CAS beans as required. </para>
|
||||||
<para>You will need to add a <literal>ServiceProperties</literal> bean to your application
|
<para>You will need to add a <classname>ServiceProperties</classname> bean to your application
|
||||||
context. This represents your service:</para>
|
context. This represents your CAS service:</para>
|
||||||
<para>
|
<para>
|
||||||
<programlisting><![CDATA[
|
<programlisting><![CDATA[
|
||||||
<bean id="serviceProperties"
|
<bean id="serviceProperties"
|
||||||
@ -273,11 +273,7 @@
|
|||||||
(assuming you're using a namespace configuration):</para>
|
(assuming you're using a namespace configuration):</para>
|
||||||
<para>
|
<para>
|
||||||
<programlisting><![CDATA[
|
<programlisting><![CDATA[
|
||||||
<security:authentication-manager alias="authenticationManager">
|
<security:http entry-point-ref="casEntryPoint">
|
||||||
...
|
|
||||||
</security:authentication-manager>
|
|
||||||
|
|
||||||
<security:http>
|
|
||||||
...
|
...
|
||||||
<custom-filter position="FORM_LOGIN_FILTER" ref="myFilter" />
|
<custom-filter position="FORM_LOGIN_FILTER" ref="myFilter" />
|
||||||
</security:http>
|
</security:http>
|
||||||
@ -285,8 +281,6 @@
|
|||||||
<bean id="casFilter"
|
<bean id="casFilter"
|
||||||
class="org.springframework.security.cas.web.CasAuthenticationFilter">
|
class="org.springframework.security.cas.web.CasAuthenticationFilter">
|
||||||
<property name="authenticationManager" ref="authenticationManager"/>
|
<property name="authenticationManager" ref="authenticationManager"/>
|
||||||
<property name="authenticationFailureUrl" value="/casfailed.jsp"/>
|
|
||||||
<property name="defaultTargetUrl" value="/"/>
|
|
||||||
</bean>
|
</bean>
|
||||||
|
|
||||||
<bean id="casEntryPoint"
|
<bean id="casEntryPoint"
|
||||||
@ -295,27 +289,27 @@
|
|||||||
<property name="serviceProperties" ref="serviceProperties"/>
|
<property name="serviceProperties" ref="serviceProperties"/>
|
||||||
</bean>
|
</bean>
|
||||||
]]>
|
]]>
|
||||||
|
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
<para> The <classname>CasAuthenticationEntryPoint</classname> should be selected to drive
|
<para> The <classname>CasAuthenticationEntryPoint</classname> should be selected to drive
|
||||||
authentication using <link xlink:href="ns-entry-point-ref"
|
authentication using <link xlink:href="ns-entry-point-ref"
|
||||||
><literal>entry-point-ref</literal></link>. </para>
|
><literal>entry-point-ref</literal></link>. </para>
|
||||||
<para>The <literal>CasAuthenticationFilter</literal> has very similar properties to the
|
<para>The <classname>CasAuthenticationFilter</classname> has very similar properties to the
|
||||||
<literal>UsernamePasswordAuthenticationFilter</literal> (used for form-based logins). Each
|
<classname>UsernamePasswordAuthenticationFilter</classname> (used for form-based logins).
|
||||||
property is self-explanatory. Note that we've also used the namespace syntax for setting up an
|
</para>
|
||||||
alias to the authentication manager, since the <literal>CasAuthenticationFilter</literal>
|
|
||||||
needs a reference to it.</para>
|
|
||||||
<para>For CAS to operate, the <classname>ExceptionTranslationFilter</classname> must have its
|
<para>For CAS to operate, the <classname>ExceptionTranslationFilter</classname> must have its
|
||||||
<literal>authenticationEntryPoint</literal> property set to the
|
<literal>authenticationEntryPoint</literal> property set to the
|
||||||
<literal>CasAuthenticationEntryPoint</literal> bean.</para>
|
<classname>CasAuthenticationEntryPoint</classname> bean.</para>
|
||||||
<para>The <literal>CasAuthenticationEntryPoint</literal> must refer to the
|
<para>The <classname>CasAuthenticationEntryPoint</classname> must refer to the
|
||||||
<literal>ServiceProperties</literal> bean (discussed above), which provides the URL to the
|
<classname>ServiceProperties</classname> bean (discussed above), which provides the URL to the
|
||||||
enterprise's CAS login server. This is where the user's browser will be redirected.</para>
|
enterprise's CAS login server. This is where the user's browser will be redirected.</para>
|
||||||
<para>Next you need to add a <literal>CasAuthenticationProvider</literal> and its collaborators: <programlisting><![CDATA[
|
<para>Next you need to add a <literal>CasAuthenticationProvider</literal> and its collaborators: <programlisting><![CDATA[
|
||||||
|
<security:authentication-manager alias="authenticationManager">
|
||||||
|
<security:authentication-provider ref="casAuthenticationProvider" />
|
||||||
|
</security:authentication-manager>
|
||||||
|
|
||||||
<bean id="casAuthenticationProvider"
|
<bean id="casAuthenticationProvider"
|
||||||
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
|
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
|
||||||
<security:custom-authentication-provider />
|
|
||||||
<property name="userDetailsService" ref="userService"/>
|
<property name="userDetailsService" ref="userService"/>
|
||||||
<property name="serviceProperties" ref="serviceProperties" />
|
<property name="serviceProperties" ref="serviceProperties" />
|
||||||
<property name="ticketValidator">
|
<property name="ticketValidator">
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user