SPRING BOOT Configure with Jasig CAS

Question

I'm making a test project to try spring boot for our future projects.

We are using jasig CAS and I'm trying to configure with spring boot and the embedded tomcat server.

So I add in the pom.xml spring-boot-starter-security

After that I try to configure WebSecurityConfig -> spring provides classes to configure with cas, for example I need to configure an entry point :

@Bean
public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
    CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
    casAuthenticationEntryPoint.setLoginUrl("https://localhost:9443/cas/login");
    casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
    return casAuthenticationEntryPoint;
}

Here is the first problem : the class org.springframework.security.cas.web.CasAuthenticationEntryPoint isn't reconized by the application.

The class dosen't seem to be imported with spring-boot-starter-security.

What is the best practice ? Do I have to manually add the dependency in my pom like I was doing before ?

example :

<dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-cas</artifactId>
        <version>${spring-security.version}</version>
        <type>jar</type>
        <scope>compile</scope>
    </dependency>

If so, which version do I need to use to fit with the boot version package and avoid conflicts ?

The second point is how do I configure the embedded tomcat to enable ssl with certificate ?

Here is my classic server.xml config for CAS :

Connector emptySessionPath="true" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" URIEncoding="UTF-8"
    maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" 
           keystoreFile="C:\***\***\***\.keystore" keystorePass="***"
    truststoreFile="C:\Program Files\Java\jdk1.7.0_67\jre\lib\security\cacerts"
compression="on"
     compressionMinSize="2048"
     noCompressionUserAgents="gozilla, traviata"
     compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript"/>

Is it possible to configure keystorefile/truststorefile with the embedded tomcat ?

Thanks

Answer 1

I'm a little bit confused, I'm trying to finish the SSL configuration but I still facing a problem.

Here is my tomcat configuration with spring boot :

server.port = 8080
server.ssl.key-store = C:\\dev\\web\\tomcat\\.keystore
server.ssl.key-store-password = changeit
server.ssl.key-password = changeit
server.ssl.trustStore = C:\\Program Files\\Java\\jdk1.7.0_67\\jre\\lib\\security\\cacerts
server.ssl.trustStorePassword = changeit

I launch the app, no problem, I'm redirected on my CAS server, I enter the login/pass press enter then I get and error :

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

It's like if my certificate isn't working, but when I'm using tomcat in a classic way (not embedded, my configuration is in my first post), it works perfectly.

Do I miss something ?

Answer 2

Assuming you're using spring-boot-starter-parent as your project's parent (or importing it into your own <dependencyManagement> section), you don't need to declare a version for the spring-security-cas dependency as Boot already provides dependency management for it. You can just do this:

<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-cas</artifactId>
</dependency>

SSL configuration is covered in the reference docs. You just need to specify a handful of properties to configure the keystore, etc. For example:

server.port = 8443
server.ssl.key-store = keystore.jks
server.ssl.key-store-password = secret
server.ssl.key-password = another-secret