Skip to end of metadata
Go to start of metadata
Table of Contents

This was tested against the sample application that is included with Spring Security. As of this writing, replacing the applicationContext-security.xml in the sample application with the one below would enable this alternative configuration. We can not guarantee this version will work without modification in future versions of Spring Security.


The important additions to the web.xml include the addition of the 403 error page. 403 is what the CAS Validation Filter will throw if it has a problem with the ticket. Also, if you want Single Sign Out, you should enable the SingleSignOutHttpSessionListener.


Replacement Steps

  1. You should replace the userService with something that checks your user storage.
  2. Replace the serverName and casServerLoginUrl with your values (or better yet, externalize them).
  3. Replace the URLs with the URL configuration for your application.

Future Improvements

This relies on the CAS2 protocol. One could imagine swapping in the SAML1.1 response, obtaining attributes, and then using more of the J2EE PreAuth filter support to load the roles from that.

  • No labels