Configuring the JA-SIG CAS Client for Java using Spring
Configuration of the CAS Client for Java via Spring IoC will depend heavily on their DelegatingFilterProxy class. For each filter that will be configured for CAS via Spring, a corresponding DelegatingFilterProxy is needed in the web.xml.
As the SingleSignOutFilter, HttpServletRequestWrapperFilter and AssertionThreadLocalFilter have no configuration options, we recommend you just configure them in the web.xml
Note: A sample authentication configuration is attached to this page.
Bean definition examples:
<filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>targetBeanName</param-name> <param-value>authenticationFilter</param-value> </init-param> </filter>
<filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
The specific filters can be configured in the following ways. Please see the JavaDocs included in the distribution for specific required and optional properties:
AuthenticationFilter
<bean name="authenticationFilter" class="org.jasig.cas.client.authentication.AuthenticationFilter" p:casServerLoginUrl="https://localhost:8443/cas/login" p:renew="false" p:gateway="false" p:service="https://my.local.service.com/cas-client" />
Cas10TicketValidationFilter
<bean name="ticketValidationFilter" class="org.jasig.cas.client.validation.Cas10TicketValidationFilter" p:service="https://my.local.service.com/cas-client"> <property name="ticketValidator"> <bean class="org.jasig.cas.client.validation.Cas10TicketValidator"> <constructor-arg index="0" value="https://localhost:8443/cas" /> </bean> </property> </bean>
Saml11TicketValidationFilter
<bean name="ticketValidationFilter" class="org.jasig.cas.client.validation.Saml11TicketValidationFilter" p:service="https://my.local.service.com/cas-client"> <property name="ticketValidator"> <bean class="org.jasig.cas.client.validation.Saml11TicketValidator"> <constructor-arg index="0" value="https://localhost:8443/cas" /> </bean> </property> </bean>
Note: When using the Saml11TicketValidationFilter for non-SAML authentication with attribute release the artifactParameterName must be set to "ticket" for the ticket to be consumed by the filter. Add p:artifactParameterName="ticket" to the bean definition above.
Cas20ProxyReceivingTicketValidationFilter
Configuration to just validate service tickets:
<bean name="ticketValidationFilter" class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter" p:service="https://my.local.service.com/cas-client"> <property name="ticketValidator"> <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <constructor-arg index="0" value="https://localhost:8443/cas" /> </bean> </property> </bean>
Configuration to accept a Proxy Granting Ticket:
<bean name="ticketValidationFilter" class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter" p:service="https://my.local.service.com/cas-client" p:proxyReceptorUrl="/proxy/receptor"> <property name="ticketValidator"> <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator" p:proxyCallbackUrl="/proxy/receptor"> <constructor-arg index="0" value="https://localhost:8443/cas" /> </bean> </property> </bean>
Configuration to accept any Proxy Ticket (and Proxy Granting Tickets):
<bean name="ticketValidationFilter" class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter" p:service="https://my.local.service.com/cas-client" p:proxyReceptorUrl="/proxy/receptor"> <property name="ticketValidator"> <bean class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator" p:acceptAnyProxy="true" p:proxyCallbackUrl="/proxy/receptor"> <constructor-arg index="0" value="https://localhost:8443/cas" /> </bean> </property> </bean>
Configuration to accept Proxy Ticket from a chain (and Proxy Granting Tickets):
<bean name="ticketValidationFilter" class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter" p:service="https://my.local.service.com/cas-client" p:proxyReceptorUrl="/proxy/receptor"> <property name="ticketValidator"> <bean class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator" p:proxyCallbackUrl="/proxy/receptor"> <constructor-arg index="0" value="https://localhost:8443/cas" /> <property name="allowedProxyChains"> <list> <value>http://proxy1 http://proxy2</value> </list> </property> </bean> </property> </bean>