kakawait / cas-security-spring-boot-starter Goto Github PK
View Code? Open in Web Editor NEWSpring boot starter for Apereo CAS client fully integrated with Spring security
License: MIT License
Spring boot starter for Apereo CAS client fully integrated with Spring security
License: MIT License
Some class package path changed with spring-boot-starter-security
, Can make a branch for spring boot 2 ?
public class CasConfiguration extends CasSecurityConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/testServide/**").permitAll()
.anyRequest().authenticated();
}
}
With this configuration, it still requires testService authentication. Am I implementing correctly? I want this service not to require authentication.
And prototype/sample to change it and be able to also use existing one:
Essentially to be conform with security issue reported by Snyk
Hi,
I want to securing my APIs which are accessed cross domain, so my expected behavior is(e.g.GET http://my.api/users/me
from http://my.web/
):
open http://my.web -(fetch API)->
OPTION http://my.api/users/me
-> HTTP 200
->
GET /users/me
-> HTTP 403
or HTTP 401
->
location.href='http://my.api/login/cas?return_url=http://my.web/'
->
http://my.api/login/cas?return_url=http://my.web/
-> HTTP 302
-> cas server
How could I implement this process?
I downloaded a spring boot app from spring initializer. Added the dependency to the POM and now my builds fail. Any idea on how to resolve this ?
Failed to execute goal on project dataAccessRequest: Could not resolve dependencies for project uk.ac.stand:dataAccessRequest:war:0.0.1-SNAPSHOT:
Failed to collect dependencies at com.kakawait:cas-security-spring-boot-starter:jar:0.8.0:
Failed to read artifact descriptor for com.kakawait:cas-security-spring-boot-starter:jar:0.8.0: Could not find artifact com.kakawait:cas-security-spring-boot-parent:pom:0.8.0
With following conf:
security:
basic:
enabled: false
ignored: /ignored, /**/favicon.ico
cas:
server:
base-url: http://localhost:8080/cas/
protocol-version: 3
service:
resolution-mode: dynamic
paths: /test
Auth does not work anymore because /login
is not treated by CAS filters
Workaroud
security:
basic:
enabled: false
ignored: /ignored, /**/favicon.ico
cas:
server:
base-url: http://localhost:8080/cas/
protocol-version: 3
service:
resolution-mode: dynamic
paths: /test, /login
nginx :
listen 9001;
location / {
proxy_pass http://192.168.208.1:8762/main;
}
when I access localhost:9001, after login, SavedRequestAwareAuthenticationSuccessHandler
cannot get the targetUrl so that redirect to http://192.168.208.1:8762, but what I want is http://192.168.208.1:8762/main
Add the possibility to extend the ticket validator to do custom things.
The CAS server I am using sends the attributes in custom tags and the default implementation of this api does not recognize them. I am having a hard time to extend the existing ticket validator to be able to parse those fields.
Maybe adding parse handlers would be good.
related to #34
properties like
security.enable-csrf
security.headers.*
security.require-ssl
Hi @kakawait . I set security.cas.service.path.proxy-callback= /j_spring_cas_security_proxyreceptor. After this my app throw this
There was an unexpected error (type=Unauthorized, status=401). Authentication Failed: The supplied proxy callback url 'https://localhost:8443/j_spring_cas_security_proxyreceptor' could not be authenticated. Either 'https://localhost:8443/j_spring_cas_security_proxyreceptor' cannot be reached, it is not allowed to exercise proxy authentication.
How can i get pgt ticket for connect other cas-protected-apps?
Could you dockerize project?
when i logout in CAS, my client not logout.
Need to tests (help wanted) I even didn't try, it may already work (but I got some doubt)
I want to protect every resources in /secured/* but I get this error:
"Pattern cannot be null or empty"
with /** it works, but even my public resources (css, html...) are protected
security:
cas:
paths: /secured/
server:
base-url: https://myserver/cas
service:
base-url: http://localhost:8080/secured
And thinking about removing Hibernate Validator
Hi, I am having difficulties enabling csrf
I have added
security.enable-csrf=true
in properties file. However i think the line 191 in CasHttpSecurityConfigurer.java still gets triggered
Is there a different property that needs to be set ?
The user "userc" has two role "a" and "c" with CAS ticket back data [a,c],but the GrantedAuthoritiesFromAssertionAttributesWithDefaultRolesUserDetailsService set user roles
"ROLE_USER" and "ROLE_[a,c]" .
How can I define the returned XML data field to support Collection?
Or improve GrantedAuthoritiesFromAssertionAttributesWithDefaultRolesUserDetailsService support
"[ROLE_A,ROLE_B]" 、"ROLE_A,ROLE_B" string data.
thanks!
CAS Cas30ProxyTicketValidator back data
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>testc</cas:user>
<cas:attributes>
<cas:longTermAuthenticationRequestTokenUsed>false
</cas:longTermAuthenticationRequestTokenUsed>
<cas:isFromNewLogin>true</cas:isFromNewLogin>
<cas:authenticationDate>Fri Jan 05 15:12:03 CST 2018
</cas:authenticationDate>
<cas:roles>[a, c]</cas:roles>
<cas:userid>1</cas:userid>
<cas:username>testc</cas:username>
</cas:attributes>
</cas:authenticationSuccess>
</cas:serviceResponse>
Reminder
security.cas.authorize-mode
-> security.cas.authorization.mode
README.md
(and remove absolute links)TBD
date on CHANGELOG.md
develop
branch in CHANGELOG.md
My application has two types of users. Internal users and external users so I want to combine your starter with a simple login page authentication.
The problem I am having is that this starter doesn't expose the AuthenticationManagerBuilder configure method.
public void configure(AuthenticationManagerBuilder auth)
Since I need to add a second auth mechanism I need access to this configuration. I am trying to use the approach described here https://www.baeldung.com/spring-security-multiple-auth-providers
Is it possible to configure a second authentication method using this starter that I am missing?
ProxyTicket
each time) (see #76)Latest release 0.7.0 can't be used due to unresolved dependency on cas-security-spring-boot-parent 0.7.0:
Could not resolve all files for configuration ':compileClasspath'.
Could not resolve com.kakawait:cas-security-spring-boot-starter:0.7.0.
Required by:
project :
Could not resolve com.kakawait:cas-security-spring-boot-starter:0.7.0.
> Could not parse POM https://repo.maven.apache.org/maven2/com/kakawait/cas-security-spring-boot-starter/0.7.0/cas-security-spring-boot-starter-0.7.0.pom
> Could not find com.kakawait:cas-security-spring-boot-parent:0.7.0.
Searched in the following locations:
https://repo.maven.apache.org/maven2/com/kakawait/cas-security-spring-boot-parent/0.7.0/cas-security-spring-boot-parent-0.7.0.pom
https://repo.maven.apache.org/maven2/com/kakawait/cas-security-spring-boot-parent/0.7.0/cas-security-spring-boot-parent-0.7.0.jar
https://jcenter.bintray.com/com/kakawait/cas-security-spring-boot-parent/0.7.0/cas-security-spring-boot-parent-0.7.0.pom
https://jcenter.bintray.com/com/kakawait/cas-security-spring-boot-parent/0.7.0/cas-security-spring-boot-parent-0.7.0.jar
Could not resolve com.kakawait:cas-security-spring-boot-starter:0.7.0.
> Could not parse POM https://jcenter.bintray.com/com/kakawait/cas-security-spring-boot-starter/0.7.0/cas-security-spring-boot-starter-0.7.0.pom
> Could not find com.kakawait:cas-security-spring-boot-parent:0.7.0.
Hello , @kakawait
The user logout success default url is http://cas.mydomain.com/cas/logout.
How configuration logout success ,and go to service url.
Like this:
http://cas.mydomain.com/cas/logout?service=http://www.google.com
Thanks!
hello,I want configuration path authorize must has role! I override method configure(HttpSecurity http),
User login and have roles 'A' , but the user can access any paths!
thanks!
@Configuration
class CustomCasSecurityConfiguration extends CasSecurityConfigurerAdapter {
@Autowired
private List<CasSecurityConfigurer> configurers;
@Override
public void configure(CasAuthenticationFilterConfigurer filter) {
// Here you can configure CasAuthenticationFilter
}
@Override
public void configure(CasSingleSignOutFilterConfigurer filter) {
// Here you can configure SingleSignOutFilter
}
@Override
public void configure(CasAuthenticationProviderSecurityBuilder provider) {
// Here you can configure CasAuthenticationProvider
}
@Override
public void configure(HttpSecurity http) throws Exception {
// Here you can configure Spring Security HttpSecurity object during
// init configure
http
.authorizeRequests()
.antMatchers("/testa").hasRole("A")
.antMatchers("/testb").hasRole("B");
}
@Override
public void configure(CasTicketValidatorBuilder ticketValidator) {
// Here you can configure CasTicketValidator
}
}
spring boot start log
2017-12-27 15:43:27.091 DEBUG 11056 --- [ restartedMain] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'hasRole('ROLE_USER')', for org.springframework.security.web.util.matcher.AnyRequestMatcher@1
2017-12-27 15:43:27.091 DEBUG 11056 --- [ restartedMain] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'hasRole('ROLE_A')', for Ant [pattern='/testa']
2017-12-27 15:43:27.092 DEBUG 11056 --- [ restartedMain] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'hasRole('ROLE_B')', for Ant [pattern='/testb']
Hi. Thank you for this project. It is best for cas auto config. But i have a little problem.
I did a cas-client project with gradle and it looks like good. My application.yml is that:
security:
basic:
enabled: false
ignored: /
cas:
paths: /protected
server:
base-url: https://localhost:10100/cas
protocol-version: 2
service:
base-url: https://localhost:8443
paths:
proxy-callback: /j_spring_cas_security_proxyreceptor
server:
port: 8443
ssl:
enabled: true
key-store: file:/etc/keystore/localhost.jks
key-store-password: changeit
Cas server runs on 10100 port. The client web project works good. But i want to access controller to through get and post method.
I try that: (i use postman)
Header:
POST https://localhost:10100/cas/v1/tickets
Content-Type: application/x-www-form-urlencoded
Body:
username=myname&password=123456
<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">
<html>
<head>
<title>201 Created</title>
</head>
<body>
<h1>TGT Created</h1>
<form action="https://localhost:10100/cas/v1/tickets/TGT-32-NfRV2HIYL6JlqUFTpJuc6EfUyH6q9BImaS0a5CPyOpInrO3fqk-8ee6f154afba" method="POST">Service:
<input type="text" name="service" value="">
<br>
<input type="submit" value="Submit">
</form>
</body>
</html>
Header:
POST https://localhost:10100/cas/v1/tickets/TGT-32-NfRV2HIYL6JlqUFTpJuc6EfUyH6q9BImaS0a5CPyOpInrO3fqk-8ee6f154afba
Content-Type: application/x-www-form-urlencoded
Body:
service=https%3A%2F%2Flocalhost%3A8443%2Fprotected
ST-171-b2Sz3TseQlmFjthK7xqV-8ee6f154afba
Header:
GET https://localhost:8443/protected?ticket=ST-171-b2Sz3TseQlmFjthK7xqV-8ee6f154afba
I expect my protected page html format. But i saw login page. What is the problem? Could you help me?
I want to view with the code that was used to build the 1.0.0-beta-1 release.
There is no branch or tag that I can find which was used to build this version.
How can I see the commit used to build this version?
Hi , i am trying to configure my application to work with
http://www.baeldung.com/spring-security-method-security
I was just wondering if i can do something like
security.securedEnabled = true
in the application.properties file to get this working with your CAS library
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.