Grails Spring Security and CAS issue

2
votes

I have installed Spring Security using s2-quickstart and the Spring Security CAS plugin. I have the CAS plugin set up correctly (I believe) but when I try to visit the localhost:8080/caslogin/j_spring_security_check page to force a CAS login I am redirected to the default Spring Security log in page rather than the CAS login page that our company has set up. Does anyone know what might be causing this behavior? Here is my current CAS setup in Config.groovy:

grails.plugins.springsecurity.cas.loginUri = '/login'
grails.plugins.springsecurity.cas.serverUrlPrefix = 'https://cas-server/cas'
grails.plugins.springsecurity.cas.key = 'grails-spring-security-cas'
grails.plugins.springsecurity.cas.filterProcessUrl = '/j_spring_security_check'
grails.plugins.springsecurity.cas.serverName = 'http://localhost:8080'
grails.plugins.springsecurity.cas.serviceUrl = 'http://localhost:8080/caslogin/j_spring_security_check'
grails.plugins.springsecurity.cas.proxyCallbackUrl = 'http://localhost:8080/caslogin/secure/receptor'
grails.plugins.springsecurity.cas.proxyReceptorUrl = '/secure/receptor'
grails.plugins.springsecurity.cas.active = true

grails.plugins.springsecurity.providerNames = ['casAuthenticationProvider']

// Added by the Spring Security Core plugin:
grails.plugins.springsecurity.userLookup.userDomainClassName = 'com.mycompany.caslogin.User'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'com.mycompany.caslogin.UserRole'
grails.plugins.springsecurity.authority.className = 'com.mycompany.caslogin.Role'
1
grailsspring-securitycas

1 Answers

1
votes

We have successfully used CAS in a Grails application, check my Config.groovy below:

In my case, when I try to go to localhost:8080/MyApp/j_spring_cas_security_check I get an access denied 404.

grails.serverURL = "http://192.168.10.12:8080/MyApp"

plugins {

    springsecurity {

        active = true
        rejectIfNoRule = false

        password.algorithm = 'SHA-256'
        securityConfigType = grails.plugins.springsecurity.SecurityConfigType.Requestmap //url permission
        apf.filterProcessesUrl = '/j_spring_security_check'

        auth {
            forceHttps = false
            loginFormUrl = '/access/login'
            ajaxLoginFormUrl = '/access/login?remote=true'
        }
        adh {
            errorPage = '/access/denied'
            ajaxErrorPage = '/acesso/denied?remote=true'
        }
        ajaxHeader = 'X-Requested-With'
        failureHandler {
            ajaxAuthFailUrl = '/access/fail?remote=true'
            defaultFailureUrl = '/access/fail?login_error=1' //TODO
        }
        successHandler {
            defaultTargetUrl = '/'
            alwaysUseDefault = false
        }

        // Configuracao do CAS
        providerNames = ['casAuthenticationProvider']

        cas {
            serverUrlPrefix = 'https://mycompany.com.br:8443/cas'
            loginUri = '/login'
            proxyReceptorUrl = '/secure/receptor'
            serviceUrl = "${grails.serverURL}/j_spring_cas_security_check"
            proxyCallbackUrl = "${grails.serverURL}/secure/receptor"
        }

        logout.afterLogoutUrl = 'https://mycompany.com.br:8443/cas/logout?service=${grails.serverURL}/'

        // Customizacao de Entidades
        userLookup.userDomainClassName = 'br.com.mycompany.app.access.User'
        userLookup.authoritiesPropertyName = 'permissions'
        authority.className = 'br.com.mycompany.app.access.Permission'
        requestMap.className = 'br.com.mycompany.app.access.UrlAccess'
        requestMap.configAttributeField = 'ruleExpression'
    }

}