StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POGrails and CAS Basic Setup
text
Body
copied!<p>Trying to setup a simple Grails app with basic CAS protection.</p> <p>First, I'm having trouble telling what the differences are between cas-plugin versus spring-security-core and spring-security-cas...when would I use one versus the other?</p> <p>In my test I have the following configured:</p> <p>In BuildConfig.groovy:</p> <pre><code>plugins { ... ... compile ":spring-security-core:1.2.7.3" compile ":spring-security-cas:1.0.5" } </code></pre> <p>In Config.groovy...I don't know what I need. Different docs refer to different values, but here's what I've got so far:</p> <pre><code>grails.plugins.springsecurity.providerNames = ['casAuthenticationProvider'] grails.plugins.springsecurity.rejectIfNoRule = true grails.plugins.springsecurity.securityConfigType = "InterceptUrlMap" grails.plugins.springsecurity.interceptUrlMap = [ '/js/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/css/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/images/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/login/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/logout/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], '/**': ['IS_AUTHENTICATED_FULLY'] ] grails.plugins.springsecurity.cas.loginUri = '/login' grails.plugins.springsecurity.cas.serviceUrl = 'http://cas2.mydomain.com:8085/' + appName + '/j_spring_cas_security_check' grails.plugins.springsecurity.cas.serverUrlPrefix = 'https://cas2.mydomain.com:8443/cas' grails.plugins.springsecurity.cas.proxyCallbackUrl = 'http://cas2.mydomain.com:8085/' + appName + '/secure/receptor' grails.plugins.springsecurity.cas.proxyReceptorUrl = '/secure/receptor' grails.plugins.springsecurity.logout.afterLogoutUrl = 'https://cas2.mydomain.com:8443/cas/logout?url=http://cas2.mydomain.com:8085/' + appName + '/' </code></pre> <p>Now when I browse to my app, I get forwarded to the CAS login page...after entering credentails I get a browser error page:</p> <pre><code>The page isn't redirecting properly Firefox has detected that the server is redirecting the request for this address in a way that will never complete. </code></pre> <p>and the cas.log says:</p> <pre><code>INFO: Server startup in 21570 ms 2013-10-31 11:28:05,178 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Beginning ticket cleanup.> 2013-10-31 11:28:05,180 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <0 tickets found to be removed.> 2013-10-31 11:28:05,180 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Finished ticket cleanup.> 2013-10-31 11:28:10,088 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Setting path for cookies to: /cas/> 2013-10-31 11:28:16,498 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully authenticated [username: myusername]> 2013-10-31 11:28:16,518 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <Resolved principal myusername> 2013-10-31 11:28:16,518 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler@4e1e6e1f authenticated myusername with credential [username: myusername].> 2013-10-31 11:28:16,523 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: [username: myusername] WHAT: supplied credentials: [username: myusername] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Thu Oct 31 11:28:16 EDT 2013 CLIENT IP ADDRESS: xxx.xx150.30 SERVER IP ADDRESS: xxx.xx0.79 ============================================================= > 2013-10-31 11:28:16,527 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: [username: myusername] WHAT: TGT-1-76m7jUyKI7pguovcGWmJqKOsbpqp6wW2yj3dTCNOCtb65MKpTH-cas2 ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Thu Oct 31 11:28:16 EDT 2013 CLIENT IP ADDRESS: xxx.xx150.30 SERVER IP ADDRESS: xxx.xx0.79 ============================================================= > 2013-10-31 11:28:16,533 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-1-rvDgqEvGQDeljEeVf5rM-cas2] for service [http://cas2.mydomain.com:8085/rss_03/j_spring_cas_security_check] for user [myusername]> 2013-10-31 11:28:16,533 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: myusername WHAT: ST-1-rvDgqEvGQDeljEeVf5rM-cas2 for http://cas2.mydomain.com:8085/rss_03/j_spring_cas_security_check ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Thu Oct 31 11:28:16 EDT 2013 CLIENT IP ADDRESS: xxx.xx150.30 SERVER IP ADDRESS: xxx.xx0.79 ============================================================= > 2013-10-31 11:28:16,703 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler failed to authenticate [callbackUrl: http://cas2.mydomain.com:8085/rss_03/secure/receptor]> 2013-10-31 11:28:16,704 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: [callbackUrl: http://cas2.mydomain.com:8085/rss_03/secure/receptor] WHAT: supplied credentials: [callbackUrl: http://cas2.mydomain.com:8085/rss_03/secure/receptor] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Thu Oct 31 11:28:16 EDT 2013 CLIENT IP ADDRESS: xxx.xx0.79 SERVER IP ADDRESS: xxx.xx0.79 ============================================================= > 2013-10-31 11:28:16,705 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: myusername WHAT: error.authentication.credentials.bad ACTION: PROXY_GRANTING_TICKET_NOT_CREATED APPLICATION: CAS WHEN: Thu Oct 31 11:28:16 EDT 2013 CLIENT IP ADDRESS: xxx.xx0.79 SERVER IP ADDRESS: xxx.xx0.79 ============================================================= > 2013-10-31 11:28:16,706 ERROR [org.jasig.cas.web.ServiceValidateController] - <TicketException generating ticket for: [callbackUrl: http://cas2.mydomain.com:8085/rss_03/secure/receptor]> org.jasig.cas.ticket.TicketCreationException: error.authentication.credentials.bad at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket_aroundBody6(CentralAuthenticationServiceImpl.java:325) at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket_aroundBody7$advice(CentralAuthenticationServiceImpl.java:57) at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:1) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80) at org.perf4j.aop.AbstractTimingAspect$1.proceed(AbstractTimingAspect.java:47) at org.perf4j.aop.AgnosticTimingAspect.runProfiledMethod(AgnosticTimingAspect.java:53) at org.perf4j.aop.AbstractTimingAspect.doPerfLogging(AbstractTimingAspect.java:45) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621) at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610) at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161) at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:80) at com.github.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:126) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621) at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610) at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:65) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:90) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at com.sun.proxy.$Proxy49.delegateTicketGrantingTicket(Unknown Source) at org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:138) at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153) at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778) at javax.servlet.http.HttpServlet.service(HttpServlet.java:621) at javax.servlet.http.HttpServlet.service(HttpServlet.java:728) at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:128) at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:57) at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:947) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1009) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:1810) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:722) </code></pre> <p>This bit:</p> <pre><code>2013-10-31 11:28:16,703 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler failed to authenticate [callbackUrl: http://cas2.mydomain.com:8085/rss_03/secure/receptor]> </code></pre> <p>seems to be the issue...my credentials are good so it looks like something is still missing in config...any ideas...?</p> <p><strong>UPDATE:</strong></p> <p>Put the app under SSL, and to Config.groovy, to the interceptUrlMap Added:</p> <pre><code>'/secure/receptor': ['IS_AUTHENTICATED_ANONYMOUSLY'], </code></pre> <p>Now the cas.log shows what looks to be similar looping (back and forth between cas and the app) to what I was getting before, except no errors...eventually it stops and the browser again shows:</p> <pre><code>Firefox has detected that the server is redirecting the request for this address in a way that will never complete. </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload