I have created sample App with Spring Security and Spring MVC with CAS Server Authentication. Spring Security /MVC version:3.1 Problem: After timeout, user is not taken to login page given by JASIG CAS server instead user taken to requested page. But in the debug logs, I can see user session is invalidated and but new session created automatically and continues work .. I attached my logs and security-context.xml for reference.
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:task="http://www.springframework.org/schema/task"
xsi:schemaLocation="http://www.springframework.org/schema/task
http://www.springframework.org/schema/task/spring-task-3.1.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http use-expressions="true" entry-point-ref="casAuthenticationEntryPoint" auto-config="true">
<security:intercept-url pattern="/**" access="hasAnyRole('ROLE_SUPER_USER_SA','ROLE_END_USER_SA','ROLE_SUPER_USER_IFA','ROLE_END_USER_IFA')" />
<security:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter" />
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="casAuthenticationProvider" />
</security:authentication-manager>
<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map request-matcher="ant">
<security:filter-chain pattern="/**" filters="logoutFilter" />
</security:filter-chain-map>
</bean>
<!-- sends to the CAS Server, CAS Authentication Entry point -->
<bean id="casAuthenticationEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="https://localhost:8443/cas/login" />
<property name="serviceProperties" ref="serviceProperties" />
</bean>
<bean id="logoutFilter" class="co.uk.adminre.groupsandschemes.portal.presentation.listener.CasLogoutFilter">
<constructor-arg > <bean class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler"/> </constructor-arg>
<constructor-arg> <list>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/> </list>
</constructor-arg>
</bean>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="https://localhost:8443/GroupsAndSchemes-Presentation/j_spring_cas_security_check" />
</bean>
<!-- authenticates CAS tickets -->
<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/casfailed.jsp" />
</bean>
</property>
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/"/>
</bean>
</property>
</bean>
<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="authenticationUserDetailsService" ref="authenticationUserDetailsService"/>
<property name="ticketValidator" ref="ticketValidator"/>
<property name="serviceProperties" ref="serviceProperties" />
<property name="key" value="casJbcpCalendar" />
<!-- <property name="statelessTicketCache" ref="statelessTicketCache"/> -->
</bean>
<!-- <bean id="statelessTicketCache" class="org.springframework.security.cas.authentication.EhCacheBasedTicketCache">
<property name="cache">
<bean class="net.sf.ehcache.Cache"
init-method="initialise" destroy-method="dispose">
<constructor-arg value="casTickets"/>
<constructor-arg value="50"/>
<constructor-arg value="true"/>
<constructor-arg value="false"/>
<constructor-arg value="3600"/>
<constructor-arg value="900"/>
</bean>
</property>
</bean> -->
<bean id="ticketValidator" class="org.jasig.cas.client.validation.Saml11TicketValidator">
<constructor-arg value="https://localhost:8443/cas" />
</bean>
<bean id="authenticationUserDetailsService" class="org.springframework.security.cas.userdetails.GrantedAuthorityFromAssertionAttributesUserDetailsService">
<constructor-arg>
<array>
<value>FullName </value>
<value>LastName </value>
<value>role </value>
<value>telephoneNumber </value>
</array>
</constructor-arg>
</bean>
</beans>
debug logs:
| |2013-09-26 18:50:04,660|org.hdiv.listener.InitListener|INFO|HDIV's session destroyed:6427E5C51797126090DBBFFF661151A9
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789|org.springframework.security.web.FilterChainProxy|DEBUG|/portal/home?execution=e1s1&_eventId=getSchemeSummary&action=0&schemeId=0&collectionNumber=0&1177981884=19-6-612269E5540BA3BB13968B9F719D8A80 at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789|org.springframework.security.web.context.HttpSessionSecurityContextRepository|DEBUG|No HttpSession currently exists
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789| org.springframework.security.web.context.HttpSessionSecurityContextRepository|DEBUG|No SecurityContext was available from the HttpSession: null. A new one will be created.
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789| org.springframework.security.web.FilterChainProxy|DEBUG|/portal/home?execution=e1s1&_eventId=getSchemeSummary&action=0&schemeId=0&collectionNumber=0&1177981884=19-6-612269E5540BA3BB13968B9F719D8A80 at position 2 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789| org.springframework.security.web.FilterChainProxy|DEBUG|/portal/home?execution=e1s1&_eventId=getSchemeSummary&action=0&schemeId=0&collectionNumber=0&1177981884=19-6-612269E5540BA3BB13968B9F719D8A80 at position 3 of 12 in additional filter chain; firing Filter: 'CasAuthenticationFilter'
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789| org.springframework.security.cas.web.CasAuthenticationFilter|DEBUG|serviceTicketRequest = false
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789| org.springframework.security.cas.web.CasAuthenticationFilter|DEBUG|proxyReceptorConfigured = false
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789| org.springframework.security.cas.web.CasAuthenticationFilter|DEBUG|proxyReceptorRequest = false
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789| org.springframework.security.cas.web.CasAuthenticationFilter|DEBUG|proxyTicketRequest = false
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789| org.springframework.security.cas.web.CasAuthenticationFilter|DEBUG|requiresAuthentication = false
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789| org.springframework.security.web.FilterChainProxy|DEBUG|/portal/home?execution=e1s1&_eventId=getSchemeSummary&action=0&schemeId=0&collectionNumber=0&1177981884=19-6-612269E5540BA3BB13968B9F719D8A80 at position 4 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789| org.springframework.security.web.FilterChainProxy|DEBUG|/portal/home?execution=e1s1&_eventId=getSchemeSummary&action=0&schemeId=0&collectionNumber=0&1177981884=19-6-612269E5540BA3BB13968B9F719D8A80 at position 5 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789| org.springframework.security.web.FilterChainProxy|DEBUG|/portal/home?execution=e1s1&_eventId=getSchemeSummary&action=0&schemeId=0&collectionNumber=0&1177981884=19-6-612269E5540BA3BB13968B9F719D8A80 at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789| org.springframework.security.web.FilterChainProxy|DEBUG|/portal/home?execution=e1s1&_eventId=getSchemeSummary&action=0&schemeId=0&collectionNumber=0&1177981884=19-6-612269E5540BA3BB13968B9F719D8A80 at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789| org.springframework.security.web.FilterChainProxy|DEBUG|/portal/home?execution=e1s1&_eventId=getSchemeSummary&action=0&schemeId=0&collectionNumber=0&1177981884=19-6-612269E5540BA3BB13968B9F719D8A80 at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789| org.springframework.security.web.FilterChainProxy|DEBUG|/portal/home?execution=e1s1&_eventId=getSchemeSummary&action=0&schemeId=0&collectionNumber=0&1177981884=19-6-612269E5540BA3BB13968B9F719D8A80 at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789| org.springframework.security.web.authentication.AnonymousAuthenticationFilter|DEBUG|Populated SecurityContextHolder with anonymous token: ' org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789| org.springframework.security.web.FilterChainProxy|DEBUG|/portal/home?execution=e1s1&_eventId=getSchemeSummary&action=0&schemeId=0&collectionNumber=0&1177981884=19-6-612269E5540BA3BB13968B9F719D8A80 at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789| org.springframework.security.web.session.SessionManagementFilter|DEBUG|Requested session ID 6427E5C51797126090DBBFFF661151A9 is invalid.
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789| org.springframework.security.web.FilterChainProxy|DEBUG|/portal/home?execution=e1s1&_eventId=getSchemeSummary&action=0&schemeId=0&collectionNumber=0&1177981884=19-6-612269E5540BA3BB13968B9F719D8A80 at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789| org.springframework.security.web.FilterChainProxy|DEBUG|/portal/home?execution=e1s1&_eventId=getSchemeSummary&action=0&schemeId=0&collectionNumber=0&1177981884=19-6-612269E5540BA3BB13968B9F719D8A80 at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789| org.springframework.security.web.access.intercept.FilterSecurityInterceptor|DEBUG|Secure object: FilterInvocation: URL: /portal/home?execution=e1s1&_eventId=getSchemeSummary&action=0&schemeId=0&collectionNumber=0&1177981884=19-6-612269E5540BA3BB13968B9F719D8A80; Attributes: [hasAnyRole('ROLE_SUPER_USER_SA','ROLE_END_USER_SA','ROLE_SUPER_USER_IFA','ROLE_END_USER_IFA')]
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,789| org.springframework.security.web.access.intercept.FilterSecurityInterceptor|DEBUG|Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,790| org.springframework.security.access.vote.AffirmativeBased|DEBUG|Voter: org.springframework.security.web.access.expression.WebExpressionVoter@91af0f, returned: -1
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,790| org.springframework.security.web.access.ExceptionTranslationFilter|DEBUG|Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.selva.base.portal.infrastructure.MDCFilter.doFilterInternal(MDCFilter.java:47)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,822| org.springframework.beans.factory.support.DefaultListableBeanFactory|DEBUG|Creating instance of bean 'cache'
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,822| org.springframework.beans.factory.support.DefaultListableBeanFactory|DEBUG|Invoking init method 'init' on bean with name 'cache'
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,822| org.springframework.beans.factory.support.DefaultListableBeanFactory|DEBUG|Finished creating instance of bean 'cache'
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,822| org.springframework.beans.factory.support.DefaultListableBeanFactory|DEBUG|Creating instance of bean 'pageIdGenerator'
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,822| org.springframework.beans.factory.support.DefaultListableBeanFactory|DEBUG|Finished creating instance of bean 'pageIdGenerator'
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,822| org.hdiv.listener.InitListener|INFO|HDIV's session created:1C07D8BC2E69EC543F785B8209FF8350
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,823| org.springframework.security.web.savedrequest.HttpSessionRequestCache|DEBUG|DefaultSavedRequest added to Session: DefaultSavedRequest[https://localhost:8443/base-Presentation/portal/home?execution=e1s1&_eventId=getSchemeSummary&action=0&schemeId=0&collectionNumber=0&1177981884=19-6-612269E5540BA3BB13968B9F719D8A80]
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,823| org.springframework.security.web.access.ExceptionTranslationFilter|DEBUG|Calling Authentication entry point.
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,823| org.springframework.security.web.context.HttpSessionSecurityContextRepository|DEBUG|SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,823| org.springframework.security.web.context.SecurityContextPersistenceFilter|DEBUG|SecurityContextHolder now cleared, as request processing completed
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,866| org.springframework.security.web.FilterChainProxy|DEBUG|/j_spring_cas_security_check?ticket=ST-2-gWAwHig4UcUSYL5sUSvk-cas at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,866| org.springframework.security.web.context.HttpSessionSecurityContextRepository|DEBUG|HttpSession returned null object for SPRING_SECURITY_CONTEXT
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,866| org.springframework.security.web.context.HttpSessionSecurityContextRepository|DEBUG|No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@1eb5a32. A new one will be created.
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,866| org.springframework.security.web.FilterChainProxy|DEBUG|/j_spring_cas_security_check?ticket=ST-2-gWAwHig4UcUSYL5sUSvk-cas at position 2 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,866| org.springframework.security.web.FilterChainProxy|DEBUG|/j_spring_cas_security_check?ticket=ST-2-gWAwHig4UcUSYL5sUSvk-cas at position 3 of 12 in additional filter chain; firing Filter: 'CasAuthenticationFilter'
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,866| org.springframework.security.cas.web.CasAuthenticationFilter|DEBUG|serviceTicketRequest = true
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,866| org.springframework.security.cas.web.CasAuthenticationFilter|DEBUG|requiresAuthentication = true
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,866| org.springframework.security.cas.web.CasAuthenticationFilter|DEBUG|Request is to process authentication
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,866| org.springframework.security.cas.web.CasAuthenticationFilter|DEBUG|proxyReceptorConfigured = false
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,866| org.springframework.security.cas.web.CasAuthenticationFilter|DEBUG|proxyReceptorRequest = false
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,866| org.springframework.security.cas.web.CasAuthenticationFilter|DEBUG|serviceTicketRequest = true
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,866| org.springframework.security.authentication.ProviderManager|DEBUG|Authentication attempt using org.springframework.security.cas.authentication.CasAuthenticationProvider
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,866| org.springframework.security.cas.authentication.CasAuthenticationProvider|DEBUG|serviceUrl = https://localhost:8443/base-Presentation/j_spring_cas_security_check
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,866| org.jasig.cas.client.validation.Saml11TicketValidator|DEBUG|Placing URL parameters in map.
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,866| org.jasig.cas.client.validation.Saml11TicketValidator|DEBUG|Calling template URL attribute map.
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,866| org.jasig.cas.client.validation.Saml11TicketValidator|DEBUG|Loading custom parameters from configuration.
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,866| org.jasig.cas.client.validation.Saml11TicketValidator|DEBUG|Constructing validation url: https://localhost:8443/cas/samlValidate?TARGET=https%3A%2F%2Flocalhost%3A8443%2Fbase-Presentation%2Fj_spring_cas_security_check
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,866| org.jasig.cas.client.validation.Saml11TicketValidator|DEBUG|Retrieving response from server.
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,877| org.jasig.cas.client.validation.Saml11TicketValidator|DEBUG|Server response: <?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap. org/soap/envelope/"><SOAP-ENV:Header/><SOAP-ENV:Body><Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3. org/2001/XMLSchema" xmlns:xsi="http://www.w3. org/2001/XMLSchema-instance" IssueInstant="2013-09-26T13:25:22.873Z" MajorVersion="1" MinorVersion="1" Recipient="https://localhost:8443/base-Presentation/j_spring_cas_security_check" ResponseID="_1a7d854b2579e8d0793bf121230ee650"><Status><StatusCode Value="samlp:Success"></StatusCode></Status><Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_a43b14e66a324ea7cf366eab6437745a" IssueInstant="2013-09-26T13:25:22.873Z" Issuer="localhost" MajorVersion="1" MinorVersion="1"><Conditions NotBefore="2013-09-26T13:25:22.873Z" NotOnOrAfter="2013-09-26T13:25:52.873Z"><AudienceRestrictionCondition><Audience>https://localhost:8443/base-Presentation/j_spring_cas_security_check</Audience></AudienceRestrictionCondition></Conditions><AttributeStatement><Subject><NameIdentifier>[email protected]</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfirmation></Subject><Attribute AttributeName="FullName" AttributeNamespace="http://www.ja-sig. org/products/cas/"><AttributeValue>EUSA</AttributeValue></Attribute><Attribute AttributeName="role" AttributeNamespace="http://www.ja-sig. org/products/cas/"><AttributeValue>ROLE_END_USER_SA</AttributeValue><AttributeValue>Active</AttributeValue></Attribute><Attribute AttributeName="LastName" AttributeNamespace="http://www.ja-sig. org/products/cas/"><AttributeValue>EU</AttributeValue></Attribute></AttributeStatement><AuthenticationStatement AuthenticationInstant="2013-09-26T13:18:16.422Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject><NameIdentifier>[email protected]</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfirmation></Subject></AuthenticationStatement></Assertion></Response></SOAP-ENV:Body></SOAP-ENV:Envelope>
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,879| org.springframework.security.cas.web.CasAuthenticationFilter|DEBUG|serviceTicketRequest = true
0:0:0:0:0:0:0:1 |null |2013-09-26 18:55:22,879| org.springframework.security.cas.web.CasAuthenticationFilter|DEBUG|Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.cas.authentication.CasAuthenticationToken@744ab48a: Principal: org.springframework.security.core.userdetails.User@1f89a334: Username: [email protected]; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ACTIVE,EU,EUSA,ROLE_END_USER_SA; Credentials: [PROTECTED]; Authenticated: true; Details:
Updated: I have written a custom logoutfilter to handle both logout and sessiontimeout.
public class CasLogoutFilter extends LogoutFilter implements
ApplicationListener<SessionDestroyedEvent> {
public CasLogoutFilter(LogoutSuccessHandler logoutSuccessHandler,
LogoutHandler... handlers) {
super(logoutSuccessHandler, handlers);
} @Override
public void onApplicationEvent(SessionDestroyedEvent event) {
this.event=event;
System.out.println(" Session over Calling CASLogout");
new CasLogoutFilter(logoutSuccessHandler, localHandler);
}
}
I registered HttpSessionEventPublisher in web.xml . After timout the ondestroy method is called and illegal argument exception is throwing in LogoutFilter.
Thanks, Selva
