kakawait / cas-security-spring-boot-starter Goto Github PK

View Code? Open in Web Editor NEW

152.0 15.0 45.0 494 KB

Spring boot starter for Apereo CAS client fully integrated with Spring security

License: MIT License

Java 98.51% HTML 0.47% Dockerfile 0.23% Shell 0.79%

spring-security cas spring-boot spring apereo

cas-security-spring-boot-starter's Introduction

Spring Security CAS starter

A Spring boot starter that will help you configure Spring Security Cas within the application security context.

Features

Spring boot 1 and 2 support.
Configures CAS authentication and authorization
Support dynamic service resolution based on current HttpServletRequest
Advance configuration through CasSecurityConfigurerAdapter
Integration with Basic authentication if security.basic.enabled=true will allow you to authenticate using header Authorization: Basic ... in addition to CAS
RestTemplate integration

Setup

Add the Spring boot starter to your project

<dependency>
  <groupId>com.kakawait</groupId>
  <artifactId>cas-security-spring-boot-starter</artifactId>
  <version>1.1.0</version>
</dependency>

But be careful 1.x.x version has some breaking changes if you comes from 0.x.x version. But be careful 2.x.x version will have some breaking changes if you comes from 1.x.x version.

Please checkout CHANGELOG.md, in particular breaking changes sections.

* breaking changes should be only possible between two major version, example:

from 0.x.x to 1.x.x
from 1.x.x to 2.x.x
...

Usage

In order to trigger auto-configuration you must fill, at least, the following properties regarding the resolution mode you want to use

static (classic) resolution mode

static resolution mode is classic and default mode that you could find if you're using plain old Apereo Java client or Spring Security CAS.

Thus you have to fill at least the following mandatory properties:

security:
  cas:
    server:
      base-url: http://your.cas.server/cas
    service:
      base-url: http://localhost:8080

Property	Apereo Java client equivalent	Description
`security.cas.server.base-url`	`casServerUrlPrefix`	The start of the CAS server url, i.e. https://localhost:8443/cas
`security.cas.service.base-url`	`serviceName`	The name of the server this application is hosted on. Service URL will be dynamically constructed using this, i.e. https://localhost:8443 (you must include the protocol, but port is optional if it's a standard port).

dynamic resolution mode:

dynamic resolution mode is a novel mode from that starter that will allow you to do not hard-code service url in your configuration. Thereby your configuration will be more portable and easy to use.

ATTENTION dynamic resolution mode use information from HttpServletRequest to build service url, that can be a security breach if you do not control headers like Host or X-Forwarded-* that why dynamic resolution mode is not the default mode and you must activate it as described in below properties.

security:
  cas:
    server:
      base-url: http://your.cas.server/cas
    service:
      resolution-mode: dynamic

Property	Apereo Java client equivalent	Description
`security.cas.server.base-url`	`casServerUrlPrefix`	the start of the CAS server url, i.e. https://localhost:8443/cas
`security.cas.service.resolution-mode`	Not implemented	Resolution modes can be `static` or `dynamic`, by default is `static` and you must fill `security.cas.service.base-url` whereas in `dynamic` mode service url will be generated from receiving `HttpServletRequest`

if you're using X-Forwarding-Prefix header I will strongly recommend you to use ForwardedHeaderFilter since Tomcat RemoteIpValve used when setting up server.use-forward-headers=true does not support prefix/context-path.

@Bean
FilterRegistrationBean forwardedHeaderFilter() {
    FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
    filterRegistrationBean.setFilter(new ForwardedHeaderFilter());
    filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
    return filterRegistrationBean;
}

Properties

The supported properties are:

Property	Default value	Description
`security.cas.enabled`	`true`	Enable CAS security
`security.cas.key`	`UUID.randomUUID().toString()`	An id used by the `CasAuthenticationProvider`
`security.cas.paths`	`/**`	Comma-separated list of paths to secure (works the same way as `security.basic.path`)
`security.cas.user.default-roles`	`USER`	Comma-separated list of default user roles. If roles have been found from `security.cas.user.roles-attributes` default roles will be append to the list of users roles
`security.cas.user.roles-attributes`		Comma-separated list of CAS attributes to be used to determine user roles
`security.cas.proxy-validation.enabled`	`true`	Defines if proxy should be checked again chains `security.cas.proxy-validation.chains`
`security.cas.proxy-validation.chains`		Defines proxy chains. Each acceptable proxy chain should include a comma-separated list of URLs (for exact match) or regular expressions of URLs (starting by the ^ character)
`security.cas.server.protocol-version`	`3`	Determine which CAS protocol version to be used, only protocol version 1, 2 or 3 is supported.
`security.cas.server.base-url`		The start of the CAS server url, i.e. https://localhost:8443/cas
`security.cas.server.validation-base-url`		Optional, `security.cas.server.base-url` is used if missing. The start of the CAS server url (similar to `security.cas.server.base-url`) used during ticket validation flow. Could be useful when server (your service) to server (CAS server) network is different from your external/browser network (i.e. docker environment, see docker profile properties).
`security.cas.server.paths.login`	`/login`	Defines the location of the CAS server login path that will be append to the existing `security.cas.server.base-url` url
`security.cas.server.paths.logout`	`/logout`	Defines the location of the CAS server logout path that will be appended to the existing `security.cas.server.base-url` url
`security.cas.service.resolution-mode`	`static`	Resolution modes can be `static` or `dynamic`, the default is `static` and you must fill `security.cas.service.base-url` whereas in `dynamic` mode service url will be generated from receiving `HttpServletRequest`. Attention will not override `security.cas.server.validation-base-url` and `security.cas.service.callback-base-url` if defined, see docker profile properties to get an example.
`security.cas.service.base-url`		The name of the server this application is hosted on. Service URL will be dynamically constructed using this, i.e. https://localhost:8443 (you must include the protocol, but port is optional if it's a standard port). Skipped if resolution mode is `dynamic`.
`security.cas.service.callback-base-url`		Optional, `security.cas.service.base-url` is used if missing. Represents the base url that will be used to compute Proxy granting ticket callback (see `security.cas.service.paths.proxy-callback`). It could be useful to be different from `security.cas.service.base-url` when server (CAS server) to server (your service) network is different from your external/browser network (i.e. docker environment, see see docker profile properties).
`security.cas.service.paths.login`	`/login`	Defines the application login path that will be appended to the existing `security.cas.service.base-url` url
`security.cas.service.paths.logout`	`/logout`	Defines the application logout path that will be appended to the existing `security.cas.service.base-url` url
`security.cas.service.paths.proxy-callback`		The callback path that will be, if present, appended to the `security.cas.service.callback-base-url` or `security.cas.service.base-url` and added to as parameter inside request validation. *It must be set if you want to receive Proxy Granting Ticket* `PGT`**.

Otherwise you can checkout CasSecurityProperties class.

Additional configuration

If you need to set additional configuration options simply register within Spring application context instance of CasSecurityConfigurerAdapter

@Configuration
class CustomCasSecurityConfiguration extends CasSecurityConfigurerAdapter {
    @Override
    public void configure(CasAuthenticationFilterConfigurer filter) {
        // Here you can configure CasAuthenticationFilter
    }

    @Override
    public void configure(CasSingleSignOutFilterConfigurer filter) {
        // Here you can configure SingleSignOutFilter
    }

    @Override
    public void configure(CasAuthenticationProviderSecurityBuilder provider) {
        // Here  you can configure CasAuthenticationProvider
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        // Here you can configure Spring Security HttpSecurity object during init configure
    }

    @Override
    public void configure(CasTicketValidatorBuilder ticketValidator) {
        // Here you can configure CasTicketValidator
    }
}

Otherwise many beans defined in that starter are annotated with @ConditionOnMissingBean thus you can override default bean definitions.

Proxy granting storage

Starter does not provide any additional proxy granting storage (yet), by default an in memory storage is used ProxyGrantingTicketStorageImpl.

To override it you can expose a ProxyGrantingTicketStorage bean like following:

@Bean
ProxyGrantingTicketStorage proxyGrantingTicketStorage() {
    return new MyCustomProxyGrantingTicketStorage();
}

Or use configurer but a bit longer since you must report ProxyGrantingTicketStorage in both CasAuthenticationFilter and TicketValidator

@Configuration
class CustomCasSecurityConfiguration extends CasSecurityConfigurerAdapter {
    @Override
    public void configure(CasAuthenticationFilterConfigurer filter) {
        filter.proxyGrantingTicketStorage(new MyCustomProxyGrantingStorage());
    }

    @Override
    public void configure(CasTicketValidatorBuilder ticketValidator) {
        ticketValidator.proxyGrantingTicketStorage(new MyCustomProxyGrantingStorage());
    }
}

Logout & SLO

By default starter will configure both logout and single logout (SLO).

ATTENTION default logout (on /logout) behavior will:

Logout from application and also logout from CAS server that will logout any other applications.
Keep default Spring security behavior concerning CSRF and logging out to summarize if CSRF is enabled logout will only mapped on POST, see https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#csrf-logout for more details

If you want to change those behaviors, for example by adding a logout page that will propose user to logout from other application, you may configure like following:

@Configuration
class CasCustomLogoutConfiguration extends CasSecurityConfigurerAdapter {
    private final CasSecurityProperties casSecurityProperties;

    private final LogoutSuccessHandler casLogoutSuccessHandler;

    public CustomLogoutConfiguration(LogoutSuccessHandler casLogoutSuccessHandler) {
        this.casLogoutSuccessHandler = casLogoutSuccessHandler;
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.logout()
            .permitAll()
            // Add null logoutSuccessHandler to disable CasLogoutSuccessHandler
            .logoutSuccessHandler(null)
            .logoutSuccessUrl("/logout.html")
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
        LogoutFilter filter = new LogoutFilter(casLogoutSuccessHandler, new SecurityContextLogoutHandler());
        filter.setFilterProcessesUrl("/cas/logout");
        http.addFilterBefore(filter, LogoutFilter.class);
    }
}

@Configuration
class WebMvcConfiguration extends WebMvcConfigurerAdapter {
    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("/logout.html").setViewName("logout");
        registry.setOrder(Ordered.HIGHEST_PRECEDENCE);
    }
}

With possible logout.html like following

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
   <meta charset="UTF-8" />
   <title>Logout page</title>
</head>
<body>
   <h2>Do you want to log out of CAS?</h2>
   <p>You have logged out of this application, but may still have an active single-sign on session with CAS.</p>
   <p><a href="/cas/logout" th:href="@{/cas/logout}">Logout of CAS</a></p>
</body>
</html>

You can checkout & run sample module cas-security-spring-boot-sample with profile custom-logout.

Proxy chains validation

By default client configuration is security.cas.proxy-validation.enabled = true with empty proxy chains (security.cas.proxy-validation.chains). That means you will not be able to validate proxy ticket since proxy chains is empty.

You should disable proxy validation using:

security:
  cas:
    proxy-validation:
      enabled: false

But is not recommended for production environment, or define your own proxy chains:

security
  cas:
    proxy-validation:
      chains:
        - http://localhost:8180, http://localhost:8181
        - - http://localhost:8280
          - http://localhost:8281
        - ^http://my\\.domain\\..*

As you can see there is multiple syntaxes for yml format to define collection of collection:

Using comma-separated list
Using double - - syntax

If you are using properties format you could translate like following:

security.cas.proxy-validation.chains[0] = http://localhost:8180, http://localhost:8181
security.cas.proxy-validation.chains[1] = http://localhost:8280, http://localhost:8281
security.cas.proxy-validation.chains[2] = ^http://my\\.domain\\..*

RestTemplate integration with Proxy ticket

Since 0.7.0 version, there is a simple integration with RestTemplate but not enabled by default.

In order to enable it you must create your own RestTemplate bean and add an interceptor

@Bean
RestTemplate casRestTemplate(ServiceProperties serviceProperties, ProxyTicketProvider proxyTicketProvider) {
    RestTemplate restTemplate = new RestTemplate();
    restTemplate.getInterceptors().add(new CasAuthorizationInterceptor(serviceProperties, proxyTicketProvider));
    return restTemplate;
}

This interceptor is pretty simple, it will simply ask a new proxy ticket for each request and append it to request query parameter. For example with: http://httpbin.org/get interceptor will modify request uri to become http://httpbin.org/get?ticket=PT-XX-YYYYYYYYYY.

ATTENTION if interceptor gets any issue to get proxy ticket from CAS server, it will throw an IllegalStateException.

Please checkout You can find sample usage for both on CasSecuritySpringBootSampleApplication

AssertionProvider and ProxyTicketProvider

In addition to RestTemplate integration, since 0.7.0 there are now two new autoconfigured beans:

AssertionProvider that will provide you a way to retrieve the current (bounded to current authenticated request) org.jasig.cas.client.validation.Assertion
ProxyTicketProvider that will provide you a simple way to ask a proxy ticket for a given service (regarding the current authenticated request)

You can find sample usage for both on CasSecuritySpringBootSampleApplication

License

MIT License

cas-security-spring-boot-starter's People

Contributors

Stargazers

Watchers

cas-security-spring-boot-starter's Issues

Make CasSecurityCondition public

Securing CORS RestAPI

Hi,

I want to securing my APIs which are accessed cross domain, so my expected behavior is(e.g.GET http://my.api/users/me from http://my.web/):

open http://my.web -(fetch API)->
OPTION http://my.api/users/me -> HTTP 200 ->
GET /users/me -> HTTP 403 or HTTP 401 ->
location.href='http://my.api/login/cas?return_url=http://my.web/' ->
http://my.api/login/cas?return_url=http://my.web/ -> HTTP 302 -> cas server

How could I implement this process?

Capacity to configure ProxyList for ProxyTicketValidator

Enabeling csrf

Hi, I am having difficulties enabling csrf

I have added
security.enable-csrf=true
in properties file. However i think the line 191 in CasHttpSecurityConfigurer.java still gets triggered

Is there a different property that needs to be set ?

PGT ticket

Hi @kakawait . I set security.cas.service.path.proxy-callback= /j_spring_cas_security_proxyreceptor. After this my app throw this

There was an unexpected error (type=Unauthorized, status=401). Authentication Failed: The supplied proxy callback url 'https://localhost:8443/j_spring_cas_security_proxyreceptor' could not be authenticated. Either 'https://localhost:8443/j_spring_cas_security_proxyreceptor' cannot be reached, it is not allowed to exercise proxy authentication.

How can i get pgt ticket for connect other cas-protected-apps?

Add badges

How configuration path roles CustomCasSecurityConfiguration HttpSecurity

hello,I want configuration path authorize must has role! I override method configure(HttpSecurity http),
User login and have roles 'A' , but the user can access any paths!

thanks!

@Configuration
class CustomCasSecurityConfiguration extends CasSecurityConfigurerAdapter {
	
	@Autowired
	private List<CasSecurityConfigurer> configurers;
	
	@Override
	public void configure(CasAuthenticationFilterConfigurer filter) {
		// Here you can configure CasAuthenticationFilter
	}

	@Override
	public void configure(CasSingleSignOutFilterConfigurer filter) {
		// Here you can configure SingleSignOutFilter
	}

	@Override
	public void configure(CasAuthenticationProviderSecurityBuilder provider) {
		// Here you can configure CasAuthenticationProvider
	}

	@Override
	public void configure(HttpSecurity http) throws Exception {
		// Here you can configure Spring Security HttpSecurity object during
		// init configure
		http
			.authorizeRequests()
				.antMatchers("/testa").hasRole("A")
				.antMatchers("/testb").hasRole("B");
	}

	@Override
	public void configure(CasTicketValidatorBuilder ticketValidator) {
		// Here you can configure CasTicketValidator
	}
}

spring boot start log

2017-12-27 15:43:27.091 DEBUG 11056 --- [  restartedMain] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'hasRole('ROLE_USER')', for org.springframework.security.web.util.matcher.AnyRequestMatcher@1
2017-12-27 15:43:27.091 DEBUG 11056 --- [  restartedMain] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'hasRole('ROLE_A')', for Ant [pattern='/testa']
2017-12-27 15:43:27.092 DEBUG 11056 --- [  restartedMain] edFilterInvocationSecurityMetadataSource : Adding web access control expression 'hasRole('ROLE_B')', for Ant [pattern='/testb']

Unresolved dependency on cas-security-spring-boot-parent 0.7.0

Latest release 0.7.0 can't be used due to unresolved dependency on cas-security-spring-boot-parent 0.7.0:
Could not resolve all files for configuration ':compileClasspath'.

Could not resolve com.kakawait:cas-security-spring-boot-starter:0.7.0.
Required by:
project :
Could not resolve com.kakawait:cas-security-spring-boot-starter:0.7.0.
> Could not parse POM https://repo.maven.apache.org/maven2/com/kakawait/cas-security-spring-boot-starter/0.7.0/cas-security-spring-boot-starter-0.7.0.pom
> Could not find com.kakawait:cas-security-spring-boot-parent:0.7.0.
Searched in the following locations:
https://repo.maven.apache.org/maven2/com/kakawait/cas-security-spring-boot-parent/0.7.0/cas-security-spring-boot-parent-0.7.0.pom
https://repo.maven.apache.org/maven2/com/kakawait/cas-security-spring-boot-parent/0.7.0/cas-security-spring-boot-parent-0.7.0.jar
https://jcenter.bintray.com/com/kakawait/cas-security-spring-boot-parent/0.7.0/cas-security-spring-boot-parent-0.7.0.pom
https://jcenter.bintray.com/com/kakawait/cas-security-spring-boot-parent/0.7.0/cas-security-spring-boot-parent-0.7.0.jar
Could not resolve com.kakawait:cas-security-spring-boot-starter:0.7.0.
> Could not parse POM https://jcenter.bintray.com/com/kakawait/cas-security-spring-boot-starter/0.7.0/cas-security-spring-boot-starter-0.7.0.pom
> Could not find com.kakawait:cas-security-spring-boot-parent:0.7.0.

Fix custom logout sample

i got status=401 when i use resolution-mode: dynamic

but static mode is ok.

Upgrade to Spring boot 1.5.4

Prototype API with different entrypoint than UI path

Cannot get targetUrl

nginx :

listen       9001;
location / {
            proxy_pass http://192.168.208.1:8762/main;
        }

when I access localhost:9001, after login, SavedRequestAwareAuthenticationSuccessHandler cannot get the targetUrl so that redirect to http://192.168.208.1:8762, but what I want is http://192.168.208.1:8762/main

CAN NOT Single Logout

when i logout in CAS, my client not logout.

Having difficulty combining cas security with in memory auth for external users

My application has two types of users. Internal users and external users so I want to combine your starter with a simple login page authentication.

The problem I am having is that this starter doesn't expose the AuthenticationManagerBuilder configure method.

public void configure(AuthenticationManagerBuilder auth)

Since I need to add a second auth mechanism I need access to this configuration. I am trying to use the approach described here https://www.baeldung.com/spring-security-multiple-auth-providers

Is it possible to configure a second authentication method using this starter that I am missing?

Take Spring boot security properties in consideration

properties like

security.enable-csrf
security.headers.*
security.require-ssl

GrantedAuthoritiesFromAssertionAttributesWithDefaultRolesUserDetailsService roles String[] data

The user "userc" has two role "a" and "c" with CAS ticket back data [a,c],but the GrantedAuthoritiesFromAssertionAttributesWithDefaultRolesUserDetailsService set user roles
"ROLE_USER" and "ROLE_[a,c]" .

How can I define the returned XML data field to support Collection?
Or improve GrantedAuthoritiesFromAssertionAttributesWithDefaultRolesUserDetailsService support
"[ROLE_A,ROLE_B]" 、"ROLE_A,ROLE_B" string data.
thanks!

CAS Cas30ProxyTicketValidator back data

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
	<cas:authenticationSuccess>
		<cas:user>testc</cas:user>
		<cas:attributes>
			<cas:longTermAuthenticationRequestTokenUsed>false
			</cas:longTermAuthenticationRequestTokenUsed>
			<cas:isFromNewLogin>true</cas:isFromNewLogin>
			<cas:authenticationDate>Fri Jan 05 15:12:03 CST 2018
			</cas:authenticationDate>
			<cas:roles>[a, c]</cas:roles>
			<cas:userid>1</cas:userid>
			<cas:username>testc</cas:username>
		</cas:attributes>
	</cas:authenticationSuccess>
</cas:serviceResponse>

Using rest api error.

Hi. Thank you for this project. It is best for cas auto config. But i have a little problem.

I did a cas-client project with gradle and it looks like good. My application.yml is that:

security:
  basic:
    enabled: false
  ignored: /
  cas:
    paths: /protected
    server:
      base-url: https://localhost:10100/cas
      protocol-version: 2
    service:
      base-url: https://localhost:8443
      paths:
        proxy-callback: /j_spring_cas_security_proxyreceptor

server:
  port: 8443
  ssl:
    enabled: true
    key-store: file:/etc/keystore/localhost.jks
    key-store-password: changeit

Cas server runs on 10100 port. The client web project works good. But i want to access controller to through get and post method.

I try that: (i use postman)

step :

Header:
POST https://localhost:10100/cas/v1/tickets
Content-Type: application/x-www-form-urlencoded
Body:
username=myname&password=123456

step result:
Body (html format):

<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">
<html>
    <head>
        <title>201 Created</title>
    </head>
    <body>
        <h1>TGT Created</h1>
        <form action="https://localhost:10100/cas/v1/tickets/TGT-32-NfRV2HIYL6JlqUFTpJuc6EfUyH6q9BImaS0a5CPyOpInrO3fqk-8ee6f154afba" method="POST">Service:
            <input type="text" name="service" value="">
            <br>
            <input type="submit" value="Submit">
        </form>
    </body>
</html>

step:
I want to get a service ticket for "https://localhost:8443/protected"

Header:
POST https://localhost:10100/cas/v1/tickets/TGT-32-NfRV2HIYL6JlqUFTpJuc6EfUyH6q9BImaS0a5CPyOpInrO3fqk-8ee6f154afba
Content-Type: application/x-www-form-urlencoded
Body:
service=https%3A%2F%2Flocalhost%3A8443%2Fprotected

step result:

ST-171-b2Sz3TseQlmFjthK7xqV-8ee6f154afba

step:

Header:
GET https://localhost:8443/protected?ticket=ST-171-b2Sz3TseQlmFjthK7xqV-8ee6f154afba

I expect my protected page html format. But i saw login page. What is the problem? Could you help me?

Working with GlobalMethodSecurity

Hi , i am trying to configure my application to work with
http://www.baeldung.com/spring-security-method-security

I was just wondering if i can do something like
security.securedEnabled = true
in the application.properties file to get this working with your CAS library

Relocate cas-security-dynamic-service-resolver to spring-cas-security-extension

Need for #31

Module will be deprecated and remove for milestone 1.0.0

Does it support set `ignorePattern`

How configuration matches CustomCasSecurityConfiguration HttpSecurity

public class CasConfiguration extends CasSecurityConfigurerAdapter {
       @Override
	public void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests().antMatchers("/testServide/**").permitAll()
               .anyRequest().authenticated();
	}
}

With this configuration, it still requires testService authentication. Am I implementing correctly? I want this service not to require authentication.

Empty query string generate trailing "?"

Release 1.0.0

Reminder

RestTemplate integration

stateless (aka asking new ProxyTicket each time) (see #76)
stateful
- retry strategy (if stateful context is no more valid, ask a new stateless ticket)
- stateful cookies (keep all cookies and retry with them, with chances that session is present inside cookie)
- stateful ticket (using StatelessTicketCache feature)

Fix Travis Build

Where is 1.0.0-beta-1 built from?

I want to view with the code that was used to build the 1.0.0-beta-1 release.

There is no branch or tag that I can find which was used to build this version.

How can I see the commit used to build this version?

Failed to collect dependencies

I downloaded a spring boot app from spring initializer. Added the dependency to the POM and now my builds fail. Any idea on how to resolve this ?

Failed to execute goal on project dataAccessRequest: Could not resolve dependencies for project uk.ac.stand:dataAccessRequest:war:0.0.1-SNAPSHOT:

Failed to collect dependencies at com.kakawait:cas-security-spring-boot-starter:jar:0.8.0:

Failed to read artifact descriptor for com.kakawait:cas-security-spring-boot-starter:jar:0.8.0: Could not find artifact com.kakawait:cas-security-spring-boot-parent:pom:0.8.0

DefaultProxyCallbackAndServiceAuthenticationDetails does not consider query string

Login redirect

Hi @kakawait. You published new version. But there is a same bug again. When you done #14 issue it was fixed. There is also the same error in UI. Could you fix this? I think you must not to redirect login page. Maybe you can add a property to config for login page.

Revamp pom.xml to get more common configurations inside parent pom

Remove cas-security-dynamic-service-resolver module

related to #34

Dockerize project

Could you dockerize project?

Spring boot 2 start-up error

Some class package path changed with spring-boot-starter-security , Can make a branch for spring boot 2 ?

CAS logout custom configuration logout success url?

Hello , @kakawait
The user logout success default url is http://cas.mydomain.com/cas/logout.

How configuration logout success ,and go to service url.

Like this:

http://cas.mydomain.com/cas/logout?service=http://www.google.com

Thanks!

Tests & coverage

spring-security-cas-extension #84
cas-security-spring-boot-starter #91

CAS auth override management security

Integration tests

Javadoc

Alternative storage for pgt

In-memory
Database (JDBC?)
Redis

And prototype/sample to change it and be able to also use existing one:

Maybe adding parse handlers would be good.

security:
  cas:
    paths: /secured/
    server:
      base-url: https://myserver/cas
    service:
      base-url: http://localhost:8080/secured

logout url is invalid

when i visit my application's /logout url, it raise 404 error.

this is the configuration：

server:
  port: 8081

security:
  cas:
    server:
      base-url: http://127.0.0.1:8080/cas/
    service:
      resolution-mode: dynamic
  ignored: /ignored

BTW. dynamic resolution mode is OK.

security:
  basic:
    enabled: false
  ignored: /ignored, /**/favicon.ico
  cas:
    server:
      base-url: http://localhost:8080/cas/
      protocol-version: 3
    service:
      resolution-mode: dynamic
    paths: /test

Auth does not work anymore because /login is not treated by CAS filters

Workaroud

security:
  basic:
    enabled: false
  ignored: /ignored, /**/favicon.ico
  cas:
    server:
      base-url: http://localhost:8080/cas/
      protocol-version: 3
    service:
      resolution-mode: dynamic
    paths: /test, /login