diff --git a/cas-secured-app/.gitignore b/cas-secured-app/.gitignore
new file mode 100644
index 0000000000..2af7cefb0a
--- /dev/null
+++ b/cas-secured-app/.gitignore
@@ -0,0 +1,24 @@
+target/
+!.mvn/wrapper/maven-wrapper.jar
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+nbproject/private/
+build/
+nbbuild/
+dist/
+nbdist/
+.nb-gradle/
\ No newline at end of file
diff --git a/cas-secured-app/.mvn/wrapper/maven-wrapper.jar b/cas-secured-app/.mvn/wrapper/maven-wrapper.jar
new file mode 100644
index 0000000000..9cc84ea9b4
Binary files /dev/null and b/cas-secured-app/.mvn/wrapper/maven-wrapper.jar differ
diff --git a/cas-secured-app/.mvn/wrapper/maven-wrapper.properties b/cas-secured-app/.mvn/wrapper/maven-wrapper.properties
new file mode 100644
index 0000000000..c315043703
--- /dev/null
+++ b/cas-secured-app/.mvn/wrapper/maven-wrapper.properties
@@ -0,0 +1 @@
+distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.5.0/apache-maven-3.5.0-bin.zip
diff --git a/cas-secured-app/mvnw b/cas-secured-app/mvnw
new file mode 100644
index 0000000000..5bf251c077
--- /dev/null
+++ b/cas-secured-app/mvnw
@@ -0,0 +1,225 @@
+#!/bin/sh
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+
+# ----------------------------------------------------------------------------
+# Maven2 Start Up Batch script
+#
+# Required ENV vars:
+# ------------------
+# JAVA_HOME - location of a JDK home dir
+#
+# Optional ENV vars
+# -----------------
+# M2_HOME - location of maven2's installed home dir
+# MAVEN_OPTS - parameters passed to the Java VM when running Maven
+# e.g. to debug Maven itself, use
+# set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+# MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+# ----------------------------------------------------------------------------
+
+if [ -z "$MAVEN_SKIP_RC" ] ; then
+
+ if [ -f /etc/mavenrc ] ; then
+ . /etc/mavenrc
+ fi
+
+ if [ -f "$HOME/.mavenrc" ] ; then
+ . "$HOME/.mavenrc"
+ fi
+
+fi
+
+# OS specific support. $var _must_ be set to either true or false.
+cygwin=false;
+darwin=false;
+mingw=false
+case "`uname`" in
+ CYGWIN*) cygwin=true ;;
+ MINGW*) mingw=true;;
+ Darwin*) darwin=true
+ # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
+ # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
+ if [ -z "$JAVA_HOME" ]; then
+ if [ -x "/usr/libexec/java_home" ]; then
+ export JAVA_HOME="`/usr/libexec/java_home`"
+ else
+ export JAVA_HOME="/Library/Java/Home"
+ fi
+ fi
+ ;;
+esac
+
+if [ -z "$JAVA_HOME" ] ; then
+ if [ -r /etc/gentoo-release ] ; then
+ JAVA_HOME=`java-config --jre-home`
+ fi
+fi
+
+if [ -z "$M2_HOME" ] ; then
+ ## resolve links - $0 may be a link to maven's home
+ PRG="$0"
+
+ # need this for relative symlinks
+ while [ -h "$PRG" ] ; do
+ ls=`ls -ld "$PRG"`
+ link=`expr "$ls" : '.*-> \(.*\)$'`
+ if expr "$link" : '/.*' > /dev/null; then
+ PRG="$link"
+ else
+ PRG="`dirname "$PRG"`/$link"
+ fi
+ done
+
+ saveddir=`pwd`
+
+ M2_HOME=`dirname "$PRG"`/..
+
+ # make it fully qualified
+ M2_HOME=`cd "$M2_HOME" && pwd`
+
+ cd "$saveddir"
+ # echo Using m2 at $M2_HOME
+fi
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched
+if $cygwin ; then
+ [ -n "$M2_HOME" ] &&
+ M2_HOME=`cygpath --unix "$M2_HOME"`
+ [ -n "$JAVA_HOME" ] &&
+ JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+ [ -n "$CLASSPATH" ] &&
+ CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
+fi
+
+# For Migwn, ensure paths are in UNIX format before anything is touched
+if $mingw ; then
+ [ -n "$M2_HOME" ] &&
+ M2_HOME="`(cd "$M2_HOME"; pwd)`"
+ [ -n "$JAVA_HOME" ] &&
+ JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
+ # TODO classpath?
+fi
+
+if [ -z "$JAVA_HOME" ]; then
+ javaExecutable="`which javac`"
+ if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
+ # readlink(1) is not available as standard on Solaris 10.
+ readLink=`which readlink`
+ if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
+ if $darwin ; then
+ javaHome="`dirname \"$javaExecutable\"`"
+ javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
+ else
+ javaExecutable="`readlink -f \"$javaExecutable\"`"
+ fi
+ javaHome="`dirname \"$javaExecutable\"`"
+ javaHome=`expr "$javaHome" : '\(.*\)/bin'`
+ JAVA_HOME="$javaHome"
+ export JAVA_HOME
+ fi
+ fi
+fi
+
+if [ -z "$JAVACMD" ] ; then
+ if [ -n "$JAVA_HOME" ] ; then
+ if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+ # IBM's JDK on AIX uses strange locations for the executables
+ JAVACMD="$JAVA_HOME/jre/sh/java"
+ else
+ JAVACMD="$JAVA_HOME/bin/java"
+ fi
+ else
+ JAVACMD="`which java`"
+ fi
+fi
+
+if [ ! -x "$JAVACMD" ] ; then
+ echo "Error: JAVA_HOME is not defined correctly." >&2
+ echo " We cannot execute $JAVACMD" >&2
+ exit 1
+fi
+
+if [ -z "$JAVA_HOME" ] ; then
+ echo "Warning: JAVA_HOME environment variable is not set."
+fi
+
+CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
+
+# traverses directory structure from process work directory to filesystem root
+# first directory with .mvn subdirectory is considered project base directory
+find_maven_basedir() {
+
+ if [ -z "$1" ]
+ then
+ echo "Path not specified to find_maven_basedir"
+ return 1
+ fi
+
+ basedir="$1"
+ wdir="$1"
+ while [ "$wdir" != '/' ] ; do
+ if [ -d "$wdir"/.mvn ] ; then
+ basedir=$wdir
+ break
+ fi
+ # workaround for JBEAP-8937 (on Solaris 10/Sparc)
+ if [ -d "${wdir}" ]; then
+ wdir=`cd "$wdir/.."; pwd`
+ fi
+ # end of workaround
+ done
+ echo "${basedir}"
+}
+
+# concatenates all lines of a file
+concat_lines() {
+ if [ -f "$1" ]; then
+ echo "$(tr -s '\n' ' ' < "$1")"
+ fi
+}
+
+BASE_DIR=`find_maven_basedir "$(pwd)"`
+if [ -z "$BASE_DIR" ]; then
+ exit 1;
+fi
+
+export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
+echo $MAVEN_PROJECTBASEDIR
+MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin; then
+ [ -n "$M2_HOME" ] &&
+ M2_HOME=`cygpath --path --windows "$M2_HOME"`
+ [ -n "$JAVA_HOME" ] &&
+ JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
+ [ -n "$CLASSPATH" ] &&
+ CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
+ [ -n "$MAVEN_PROJECTBASEDIR" ] &&
+ MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
+fi
+
+WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+exec "$JAVACMD" \
+ $MAVEN_OPTS \
+ -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
+ "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
+ ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
diff --git a/cas-secured-app/mvnw.cmd b/cas-secured-app/mvnw.cmd
new file mode 100644
index 0000000000..019bd74d76
--- /dev/null
+++ b/cas-secured-app/mvnw.cmd
@@ -0,0 +1,143 @@
+@REM ----------------------------------------------------------------------------
+@REM Licensed to the Apache Software Foundation (ASF) under one
+@REM or more contributor license agreements. See the NOTICE file
+@REM distributed with this work for additional information
+@REM regarding copyright ownership. The ASF licenses this file
+@REM to you under the Apache License, Version 2.0 (the
+@REM "License"); you may not use this file except in compliance
+@REM with the License. You may obtain a copy of the License at
+@REM
+@REM http://www.apache.org/licenses/LICENSE-2.0
+@REM
+@REM Unless required by applicable law or agreed to in writing,
+@REM software distributed under the License is distributed on an
+@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+@REM KIND, either express or implied. See the License for the
+@REM specific language governing permissions and limitations
+@REM under the License.
+@REM ----------------------------------------------------------------------------
+
+@REM ----------------------------------------------------------------------------
+@REM Maven2 Start Up Batch script
+@REM
+@REM Required ENV vars:
+@REM JAVA_HOME - location of a JDK home dir
+@REM
+@REM Optional ENV vars
+@REM M2_HOME - location of maven2's installed home dir
+@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
+@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending
+@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
+@REM e.g. to debug Maven itself, use
+@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+@REM ----------------------------------------------------------------------------
+
+@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
+@echo off
+@REM enable echoing my setting MAVEN_BATCH_ECHO to 'on'
+@if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
+
+@REM set %HOME% to equivalent of $HOME
+if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
+
+@REM Execute a user defined script before this one
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
+@REM check for pre script, once with legacy .bat ending and once with .cmd ending
+if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
+if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
+:skipRcPre
+
+@setlocal
+
+set ERROR_CODE=0
+
+@REM To isolate internal variables from possible post scripts, we use another setlocal
+@setlocal
+
+@REM ==== START VALIDATION ====
+if not "%JAVA_HOME%" == "" goto OkJHome
+
+echo.
+echo Error: JAVA_HOME not found in your environment. >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+:OkJHome
+if exist "%JAVA_HOME%\bin\java.exe" goto init
+
+echo.
+echo Error: JAVA_HOME is set to an invalid directory. >&2
+echo JAVA_HOME = "%JAVA_HOME%" >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+@REM ==== END VALIDATION ====
+
+:init
+
+@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
+@REM Fallback to current working directory if not found.
+
+set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
+IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
+
+set EXEC_DIR=%CD%
+set WDIR=%EXEC_DIR%
+:findBaseDir
+IF EXIST "%WDIR%"\.mvn goto baseDirFound
+cd ..
+IF "%WDIR%"=="%CD%" goto baseDirNotFound
+set WDIR=%CD%
+goto findBaseDir
+
+:baseDirFound
+set MAVEN_PROJECTBASEDIR=%WDIR%
+cd "%EXEC_DIR%"
+goto endDetectBaseDir
+
+:baseDirNotFound
+set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
+cd "%EXEC_DIR%"
+
+:endDetectBaseDir
+
+IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
+
+@setlocal EnableExtensions EnableDelayedExpansion
+for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
+@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
+
+:endReadAdditionalConfig
+
+SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
+
+set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
+set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+%MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
+if ERRORLEVEL 1 goto error
+goto end
+
+:error
+set ERROR_CODE=1
+
+:end
+@endlocal & set ERROR_CODE=%ERROR_CODE%
+
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
+@REM check for post script, once with legacy .bat ending and once with .cmd ending
+if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
+if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
+:skipRcPost
+
+@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
+if "%MAVEN_BATCH_PAUSE%" == "on" pause
+
+if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
+
+exit /B %ERROR_CODE%
diff --git a/cas-secured-app/pom.xml b/cas-secured-app/pom.xml
new file mode 100644
index 0000000000..f66d54ae67
--- /dev/null
+++ b/cas-secured-app/pom.xml
@@ -0,0 +1,110 @@
+
+
+ 4.0.0
+
+ com.baeldung
+ cas-secured-app
+ 0.0.1-SNAPSHOT
+ jar
+
+ cas-secured-app
+ Demo project for Spring Boot
+
+
+ org.springframework.boot
+ spring-boot-starter-parent
+ 2.0.0.BUILD-SNAPSHOT
+
+
+
+
+ UTF-8
+ UTF-8
+ 1.8
+
+
+
+
+ org.springframework.boot
+ spring-boot-starter-security
+
+
+ org.springframework.security
+ spring-security-cas
+
+
+ org.springframework.boot
+ spring-boot-starter-freemarker
+
+
+ org.springframework.boot
+ spring-boot-starter-web
+
+
+
+ org.springframework.boot
+ spring-boot-devtools
+ runtime
+
+
+ org.springframework.boot
+ spring-boot-starter-test
+ test
+
+
+ org.springframework.security
+ spring-security-test
+ test
+
+
+
+
+
+
+ org.springframework.boot
+ spring-boot-maven-plugin
+
+
+
+
+
+
+ spring-snapshots
+ Spring Snapshots
+ https://repo.spring.io/snapshot
+
+ true
+
+
+
+ spring-milestones
+ Spring Milestones
+ https://repo.spring.io/milestone
+
+ false
+
+
+
+
+
+
+ spring-snapshots
+ Spring Snapshots
+ https://repo.spring.io/snapshot
+
+ true
+
+
+
+ spring-milestones
+ Spring Milestones
+ https://repo.spring.io/milestone
+
+ false
+
+
+
+
+
+
diff --git a/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/CasSecuredAppApplication.java b/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/CasSecuredAppApplication.java
new file mode 100644
index 0000000000..fc05e3b38f
--- /dev/null
+++ b/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/CasSecuredAppApplication.java
@@ -0,0 +1,91 @@
+package com.baeldung.cassecuredapp;
+
+import org.jasig.cas.client.session.SingleSignOutFilter;
+import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
+import org.jasig.cas.client.validation.Cas30ServiceTicketValidator;
+import org.jasig.cas.client.validation.TicketValidator;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Primary;
+import org.springframework.context.event.EventListener;
+import org.springframework.security.cas.ServiceProperties;
+import org.springframework.security.cas.authentication.CasAuthenticationProvider;
+import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.authentication.logout.LogoutFilter;
+import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
+
+import javax.servlet.http.HttpSessionEvent;
+
+@SpringBootApplication
+public class CasSecuredAppApplication {
+
+ public static void main(String[] args) {
+ SpringApplication.run(CasSecuredAppApplication.class, args);
+ }
+
+ @Bean
+ public ServiceProperties serviceProperties() {
+ ServiceProperties serviceProperties = new ServiceProperties();
+ serviceProperties.setService("http://localhost:9000/login/cas");
+ serviceProperties.setSendRenew(false);
+ return serviceProperties;
+ }
+
+ @Bean
+ @Primary
+ public AuthenticationEntryPoint authenticationEntryPoint(ServiceProperties sP) {
+ CasAuthenticationEntryPoint entryPoint = new CasAuthenticationEntryPoint();
+ entryPoint.setLoginUrl("https://localhost:8443/cas/login");
+ entryPoint.setServiceProperties(sP);
+ return entryPoint;
+ }
+
+ @Bean
+ public TicketValidator ticketValidator() {
+ return new Cas30ServiceTicketValidator("https://localhost:8443/cas");
+ }
+
+ @Bean
+ public CasAuthenticationProvider casAuthenticationProvider() {
+ CasAuthenticationProvider provider = new CasAuthenticationProvider();
+ provider.setServiceProperties(serviceProperties());
+ provider.setTicketValidator(ticketValidator());
+ provider.setUserDetailsService((s) -> new User("test@test.com", "smatt",
+ true, true, true, true,
+ AuthorityUtils.createAuthorityList("ROLE_ADMIN")));
+ provider.setKey("CAS_PROVIDER_LOCALHOST_9000");
+ return provider;
+ }
+
+
+ @Bean
+ public SecurityContextLogoutHandler securityContextLogoutHandler() {
+ return new SecurityContextLogoutHandler();
+ }
+
+ @Bean
+ public LogoutFilter logoutFilter() {
+ LogoutFilter logoutFilter = new LogoutFilter(
+ "https://localhost:8443/cas/logout", securityContextLogoutHandler());
+ logoutFilter.setFilterProcessesUrl("/logout/cas");
+ return logoutFilter;
+ }
+
+ @Bean
+ public SingleSignOutFilter singleSignOutFilter() {
+ SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
+ singleSignOutFilter.setCasServerUrlPrefix("https://localhost:8443/cas");
+ singleSignOutFilter.setIgnoreInitConfiguration(true);
+ return singleSignOutFilter;
+ }
+
+ @EventListener
+ public SingleSignOutHttpSessionListener singleSignOutHttpSessionListener(HttpSessionEvent event) {
+ return new SingleSignOutHttpSessionListener();
+ }
+}
diff --git a/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/config/SecurityConfig.java b/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/config/SecurityConfig.java
new file mode 100644
index 0000000000..2eabed49e1
--- /dev/null
+++ b/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/config/SecurityConfig.java
@@ -0,0 +1,83 @@
+package com.baeldung.cassecuredapp.config;
+
+import org.jasig.cas.client.session.SingleSignOutFilter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.ProviderManager;
+import org.springframework.security.cas.ServiceProperties;
+import org.springframework.security.cas.authentication.CasAuthenticationProvider;
+import org.springframework.security.cas.web.CasAuthenticationFilter;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.authentication.logout.LogoutFilter;
+
+import java.util.Arrays;
+
+@EnableWebSecurity
+@Configuration
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+ private AuthenticationProvider authenticationProvider;
+ private AuthenticationEntryPoint authenticationEntryPoint;
+ private SingleSignOutFilter singleSignOutFilter;
+ private LogoutFilter logoutFilter;
+
+ @Autowired
+ public SecurityConfig(CasAuthenticationProvider casAuthenticationProvider, AuthenticationEntryPoint eP,
+ LogoutFilter lF
+ , SingleSignOutFilter ssF
+ ) {
+ this.authenticationProvider = casAuthenticationProvider;
+ this.authenticationEntryPoint = eP;
+
+ this.logoutFilter = lF;
+ this.singleSignOutFilter = ssF;
+
+ }
+
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http
+ .authorizeRequests()
+ .regexMatchers("/secured.*", "/login")
+ .authenticated()
+ .and()
+ .authorizeRequests()
+ .regexMatchers("/")
+ .permitAll()
+ .and()
+ .httpBasic()
+ .authenticationEntryPoint(authenticationEntryPoint)
+ .and()
+ .logout().logoutSuccessUrl("/logout")
+ .and()
+ .addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class)
+ .addFilterBefore(logoutFilter, LogoutFilter.class);
+
+ }
+
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.authenticationProvider(authenticationProvider);
+ }
+
+ @Override
+ protected AuthenticationManager authenticationManager() throws Exception {
+ return new ProviderManager(Arrays.asList(authenticationProvider));
+ }
+
+ @Bean
+ public CasAuthenticationFilter casAuthenticationFilter(ServiceProperties sP) throws Exception {
+ CasAuthenticationFilter filter = new CasAuthenticationFilter();
+ filter.setServiceProperties(sP);
+ filter.setAuthenticationManager(authenticationManager());
+ return filter;
+ }
+
+}
diff --git a/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/AuthController.java b/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/AuthController.java
new file mode 100644
index 0000000000..703e6abf7a
--- /dev/null
+++ b/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/AuthController.java
@@ -0,0 +1,35 @@
+package com.baeldung.cassecuredapp.controllers;
+
+import org.apache.log4j.Logger;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler;
+import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
+import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@Controller
+public class AuthController {
+
+ private Logger logger = Logger.getLogger(AuthController.class);
+
+ @GetMapping("/logout")
+ public String logout(
+ HttpServletRequest request, HttpServletResponse response, SecurityContextLogoutHandler logoutHandler) {
+ Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+ logoutHandler.logout(request, response, auth );
+ new CookieClearingLogoutHandler(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY).logout(request, response, auth);
+ return "auth/logout";
+ }
+
+
+ @GetMapping("/login")
+ public String login() {
+ return "redirect:/secured";
+ }
+
+}
diff --git a/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/IndexController.java b/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/IndexController.java
new file mode 100644
index 0000000000..75956cf493
--- /dev/null
+++ b/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/IndexController.java
@@ -0,0 +1,15 @@
+package com.baeldung.cassecuredapp.controllers;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+
+@Controller
+public class IndexController {
+
+ @GetMapping("/")
+ public String index() {
+ return "index";
+ }
+}
diff --git a/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/SecuredPageController.java b/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/SecuredPageController.java
new file mode 100644
index 0000000000..9a872d1f40
--- /dev/null
+++ b/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/SecuredPageController.java
@@ -0,0 +1,24 @@
+package com.baeldung.cassecuredapp.controllers;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+@RequestMapping(value = "/secured")
+public class SecuredPageController {
+
+ @GetMapping
+ public String index(ModelMap modelMap) {
+ Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+ if( auth != null && auth.getPrincipal() != null
+ && auth.getPrincipal() instanceof UserDetails) {
+ modelMap.put("username", ((UserDetails) auth.getPrincipal()).getUsername());
+ }
+ return "secure/index";
+ }
+}
diff --git a/cas-secured-app/src/main/resources/application.properties b/cas-secured-app/src/main/resources/application.properties
new file mode 100644
index 0000000000..99802c632f
--- /dev/null
+++ b/cas-secured-app/src/main/resources/application.properties
@@ -0,0 +1 @@
+server.port=9000
\ No newline at end of file
diff --git a/cas-secured-app/src/main/resources/templates/auth/logout.ftl b/cas-secured-app/src/main/resources/templates/auth/logout.ftl
new file mode 100644
index 0000000000..eac345ec33
--- /dev/null
+++ b/cas-secured-app/src/main/resources/templates/auth/logout.ftl
@@ -0,0 +1,10 @@
+
+
+ Cas Secured App - Logout
+
+
+You have logged out of Cas Secured Spring Boot App Successfully
+
+Log out of all other Services
+
+
\ No newline at end of file
diff --git a/cas-secured-app/src/main/resources/templates/index.ftl b/cas-secured-app/src/main/resources/templates/index.ftl
new file mode 100644
index 0000000000..d407756044
--- /dev/null
+++ b/cas-secured-app/src/main/resources/templates/index.ftl
@@ -0,0 +1,11 @@
+
+
+ Cas Secured App - Index
+
+
+Welcome to Cas Secured Spring Boot App
+This is a Public Page
+
+Login
+
+
\ No newline at end of file
diff --git a/cas-secured-app/src/main/resources/templates/secure/index.ftl b/cas-secured-app/src/main/resources/templates/secure/index.ftl
new file mode 100644
index 0000000000..210ebecc7b
--- /dev/null
+++ b/cas-secured-app/src/main/resources/templates/secure/index.ftl
@@ -0,0 +1,12 @@
+
+
+ Cas Secured App - Secured
+
+
+Welcome to Cas Secured Spring Boot App
+This is a Secured Page
+Welcome home ${username!""}
+
+Logout
+
+
\ No newline at end of file
diff --git a/cas-secured-app/src/test/java/com/baeldung/cassecuredapp/CasSecuredAppApplicationTests.java b/cas-secured-app/src/test/java/com/baeldung/cassecuredapp/CasSecuredAppApplicationTests.java
new file mode 100644
index 0000000000..09dbaf0c61
--- /dev/null
+++ b/cas-secured-app/src/test/java/com/baeldung/cassecuredapp/CasSecuredAppApplicationTests.java
@@ -0,0 +1,16 @@
+package com.baeldung.cassecuredapp;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest
+public class CasSecuredAppApplicationTests {
+
+ @Test
+ public void contextLoads() {
+ }
+
+}
diff --git a/pom.xml b/pom.xml
index fac746f7df..ed607ec338 100644
--- a/pom.xml
+++ b/pom.xml
@@ -46,6 +46,8 @@
core-java-8
core-java-concurrency
couchbase
+ cas-server
+ cas-secured-app
deltaspike
dozer