Configuring the JA-SIG CAS Client for Java using Spring

Owned by ScottS
Last updated: Apr 10, 2011 by Dale OgilvieVersion comment

Configuration of the CAS Client for Java via Spring IoC will depend heavily on their DelegatingFilterProxy class. For each filter that will be configured for CAS via Spring, a corresponding DelegatingFilterProxy is needed in the web.xml.

As the SingleSignOutFilter, HttpServletRequestWrapperFilter and AssertionThreadLocalFilter have no configuration options, we recommend you just configure them in the web.xml

Note: A sample authentication configuration is attached to this page.

Bean definition examples:

<filter>
	<filter-name>CAS Authentication Filter</filter-name>
  	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	<init-param>
		<param-name>targetBeanName</param-name>
		<param-value>authenticationFilter</param-value>
	</init-param>
  </filter>

<filter-mapping>
	<filter-name>CAS Authentication Filter</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>

The specific filters can be configured in the following ways. Please see the JavaDocs included in the distribution for specific required and optional properties:

AuthenticationFilter

<bean
	name="authenticationFilter"
	class="org.jasig.cas.client.authentication.AuthenticationFilter"
	p:casServerLoginUrl="https://localhost:8443/cas/login"
	p:renew="false"
	p:gateway="false"
	p:service="https://my.local.service.com/cas-client" />

Cas10TicketValidationFilter

<bean
	name="ticketValidationFilter"
	class="org.jasig.cas.client.validation.Cas10TicketValidationFilter"
	p:service="https://my.local.service.com/cas-client">
	<property name="ticketValidator">
		<bean class="org.jasig.cas.client.validation.Cas10TicketValidator">
			<constructor-arg index="0" value="https://localhost:8443/cas" />
		</bean>
	</property>
</bean>

Saml11TicketValidationFilter

<bean
	name="ticketValidationFilter"
	class="org.jasig.cas.client.validation.Saml11TicketValidationFilter"
	p:service="https://my.local.service.com/cas-client">
	<property name="ticketValidator">
		<bean class="org.jasig.cas.client.validation.Saml11TicketValidator">
			<constructor-arg index="0" value="https://localhost:8443/cas" />
		</bean>
	</property>
</bean>

Note: When using the Saml11TicketValidationFilter for non-SAML authentication with attribute release the artifactParameterName must be set to "ticket" for the ticket to be consumed by the filter. Add p:artifactParameterName="ticket" to the bean definition above.

Cas20ProxyReceivingTicketValidationFilter

Configuration to just validate service tickets:

<bean
	name="ticketValidationFilter"
	class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter"
	p:service="https://my.local.service.com/cas-client">
	<property name="ticketValidator">
		<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
			<constructor-arg index="0" value="https://localhost:8443/cas" />
		</bean>
	</property>
</bean>

Configuration to accept a Proxy Granting Ticket:

<bean
	name="ticketValidationFilter"
	class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter"
	p:service="https://my.local.service.com/cas-client"
	p:proxyReceptorUrl="/proxy/receptor">
	<property name="ticketValidator">
		<bean
			class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"
			p:proxyCallbackUrl="/proxy/receptor">
			<constructor-arg index="0" value="https://localhost:8443/cas" />
		</bean>
	</property>
</bean>

Configuration to accept any Proxy Ticket (and Proxy Granting Tickets):

<bean
	name="ticketValidationFilter"
	class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter"
	p:service="https://my.local.service.com/cas-client"
	p:proxyReceptorUrl="/proxy/receptor">
	<property name="ticketValidator">
		<bean class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator"
			p:acceptAnyProxy="true"
			p:proxyCallbackUrl="/proxy/receptor">
			<constructor-arg index="0" value="https://localhost:8443/cas" />
		</bean>
	</property>
</bean>

Configuration to accept Proxy Ticket from a chain (and Proxy Granting Tickets):

<bean
	name="ticketValidationFilter"
	class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter"
	p:service="https://my.local.service.com/cas-client"
	p:proxyReceptorUrl="/proxy/receptor">
	<property name="ticketValidator">
		<bean class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator"
			p:proxyCallbackUrl="/proxy/receptor">
			<constructor-arg index="0" value="https://localhost:8443/cas" />
			<property name="allowedProxyChains">
				<list>
					<value>http://proxy1 http://proxy2</value>
				</list>
			</property>
		</bean>
	</property>
</bean>