I've been stumbling for the last few days on a redirect loop when integrating a CAS SSO to one of my web app. This happens just after I've logged in thanks to the CAS
I've been monitoring the requests that are being exchanged between the CAS and my web app, and they seem to be working.
I suspect that the problem might come from a bad implementation of the user rights / tokens.
Here's my file :
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:sec="http://www.springframework.org/schema/security" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">
<bean id="userAuditService" class="net.UserAuditServiceImpl">
<property name="passwordEncoder" ref="passwordEncoder" />
<property name="seedGenerator" ref="seedGenerator" />
<property name="canResetPassword" value="${security.resetPassword.enabled}" />
</bean>
<sec:http entry-point-ref="casEntryPoint">
<sec:intercept-url pattern="/**" access="ROLE_USER"/>
<sec:custom-filter position="CAS_FILTER" ref="casFilter" />
</sec:http>
<bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="http://localhost:8080/cas/login" />
<property name="serviceProperties" ref="serviceProperties" />
</bean>
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="http://localhost:8088/myapp/supervision"/>
<property name="sendRenew" value="false"/>
</bean>
<bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationSuccessHandler">
<bean
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler" />
</property>
<property name="filterProcessesUrl" value="http://localhost:8088/myapp/supervision"/>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="casAuthenticationProvider" />
</sec:authentication-manager>
<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="authenticationUserDetailsService">
<bean id="authenticationUserDetailsService" class="net.spAuthenticationUserDetailsService" >
<constructor-arg ref="userAuditService" />
</bean>
</property>
<property name="serviceProperties" ref="serviceProperties" />
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="http://localhost:8080/cas" />
</bean>
</property>
<property name="key" value="an_id_for_this_auth_provider_only"/>
</bean>
</beans>
My AuthenticationUserDetailsService class :
public class spAuthenticationUserDetailsService implements AuthenticationUserDetailsService {
private final Logger logger = LoggerFactory.getLogger(getClass());
private UserAuditService userAuditService;
public spAuthenticationUserDetailsService(final UserAuditService userAuditService) {
this.userAuditService = userAuditService;
}
@Override
public UserDetails loadUserDetails(Authentication token) throws UsernameNotFoundException {
AuditUser user = userAuditService.findByLogin(token.getName());
logger.info(">> loadUserDetails : user name : " + user.getLogin());
return new UserDetailsAdapter(user);
}
}
Any ideas what I am doing wrong ?
Thanks !