Authenticate spring web application through CAS server

Question

I installed a CAS server on my server . ( with war deployment in apache tomcat ) . I have my user information like user name and password on that CAS server . ( in the future it will connect to the LDAP or simple relation database for user credential . The problem is here . I want to authenticate my spring application through this CAS server , but I couldn't find any proper configuration for spring security . My config file is :

        @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf().disable()
            .authorizeRequests()
                .antMatchers("/assets","/css", "/js","/font-awesome","/bootstrap","/images").permitAll()
                .antMatchers("/", "/home").authenticated()
//                .antMatchers("/hi").access("hasRole('ROLE_SUBSCRIPTION') or hasRole('ROLE_ADMIN')")
                .antMatchers("/edit").authenticated()
//                .antMatchers("/playlists/*").authenticated()
//                .antMatchers("/createplaylist").authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
            .logout()
                .permitAll();
    }

    @Bean
    public ServiceProperties serviceProperties() {
        ServiceProperties sp = new ServiceProperties();
        sp.setService(env.getRequiredProperty(CAS_SERVICE_URL));
        sp.setSendRenew(false);
        return sp;
    }
    @Bean
    public Set<String> adminList() {
        Set<String> admins = new HashSet<String>();
        String adminUserName = env.getProperty(APP_ADMIN_USER_NAME);

        admins.add("admin");
        if (adminUserName != null && !adminUserName.isEmpty()) {
            admins.add(adminUserName);
        }
        return admins;
    }

    @Bean
    public AuthenticationUserDetailsService<CasAssertionAuthenticationToken> customUserDetailsService() {
        return new CustomUserDetailsService(adminList());
    }
    @Bean
    public CasAuthenticationProvider casAuthenticationProvider() {
        CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
//        casAuthenticationProvider.setAuthenticationUserDetailsService(customUserDetailsService());
//        casAuthenticationProvider.setServiceProperties(serviceProperties());
        casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator());
//        casAuthenticationProvider.setKey("an_id_for_this_auth_provider_only");
        return casAuthenticationProvider;
    }
    @Bean
    public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
        return new Cas20ServiceTicketValidator(env.getRequiredProperty(CAS_URL_PREFIX));
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
//        auth.inMemoryAuthentication().withUser("admin").password("admin").roles("ADMIN");
        auth.authenticationProvider(casAuthenticationProvider());
    }

Answer 1

Well I found an easy auto configuration for Cas client on GitHub for spring with just two movement :) first add the dependency second just add an annotation https://github.com/Unicon/cas-client-autoconfig-support

Answer 2

@kaveh.n I hope you are getting a 403 error while accessing your service. If this is your issue, authentication entry point is the missing part in your configuration. Please follow the spring tutorial for the configuration http://docs.spring.io/spring-security/site/docs/3.1.4.RELEASE/reference/cas.html#cas-how-it-works

Answer 3

You may want to use pac4j to have an easy configuration: https://github.com/pac4j/spring-security-pac4j and http://www.pac4j.org/1.9.x/docs/clients/cas.html

Examples: https://github.com/pac4j/spring-security-pac4j-demo/blob/master/src/main/resources/securityContext.xml#L158 or https://github.com/pac4j/spring-security-pac4j-boot-demo/blob/master/src/main/java/org/pac4j/demo/spring/SecurityConfig.java#L244