I am using CAS authentication in my Spring MVC application deployed in a WebLogic Server Version: 12.1.2.0.0.
The CAS server (http://www.jasig.org/cas)
– Serves CAS login web page and authenticates users
– Issues TGT cookie (ticket granting ticket) so user does not have to login every redirect to CAS server
– Redirects back to application server with ticket=ST-xxx service ticket in url for CAS client to check
– Validates CAS service tickets for application servers
But everytime I refresh the page I realized that the ticket parameter is different,
http://127.0.0.1:7001/devices_admin/welcome/welcome.do?ticket=ST-4857110-xJpv1gJ85niEGKBJHnQ5XZ5Et8pPY2kdXXkRzOlywdipakotoWUodeh4WCcovXPHWWxqbM6M0zNjxDy4uWSuazG-PHslUMVSXYCWTApMlTfLGC-m8dJiJ6e0zsxwwPOhzc5uNsRJh4dpl1mWcPdxaYhj21G
http://127.0.0.1:7001/devices_admin/welcome/welcome.do?ticket=ST-4860089-wzJ3y2wzsMYHmpl8H7CenIURY68LSu0xzSKNB2o0XZiOrR60FGQHN9wSo83MuUraWFavzn3Qlp6VhtOzSEvdfwY-PHslUMVSXYCWTApMlTfLGC-JJBSzIydnDGzcECwzsiDiYCLUVecvzxZHmjIN2kDTewo
so I get a Error 404--Not Found in the browser
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not Found
The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.
Here my weblogic.xml file
<?xml version="1.0" encoding="UTF-8"?>
<weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/weblogic-web-app"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd
http://www.bea.com/ns/weblogic/weblogic-web-app
http://www.bea.com/ns/weblogic/weblogic-web-app/1.0/weblogic-web-app.xsd">
<!-- Example of a role mapped to a group provided by Ecas -->
<session-descriptor>
<cookie-path>/devices_admin</cookie-path>
<cookie-name>DEVICESJSESSIONID</cookie-name>
<url-rewriting-enabled>false</url-rewriting-enabled>
</session-descriptor>
<context-root>/devices_admin</context-root>
<security-role-assignment>
<role-name>authenticated</role-name>
<principal-name>INTERNET</principal-name>
</security-role-assignment>
<!-- Only needed if you want to allow some resources to be accessed by authenticated users who do not possess any role -->
<container-descriptor>
<allow-all-roles>true</allow-all-roles>
</container-descriptor>
<jsp-descriptor>
<precompile>true</precompile>
</jsp-descriptor>
</weblogic-web-app>
There is also an exception start the WL
javax.security.auth.callback.UnsupportedCallbackException: Unrecognized Callback at weblogic.security.BaseCallbackHandler.handle(BaseCallbackHandler.java:44)
at weblogic.security.BaseCallbackHandler.handle(BaseCallbackHandler.java:32)
at com.bea.common.security.internal.service.CallbackHandlerWrapper.handle(CallbackHandlerWrapper.java:76)
at weblogic.security.service.internal.WLSJAASLoginServiceImpl$CallbackHandlerWrapper.handle(WLSJAASLoginServiceImpl.java:154)
at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:947)
at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:944)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext$SecureCallbackHandler.handle(LoginContext.java:943)
