This is a public page that performs a CAS Gateway Authentication
+You are successfully logged in as
+ +diff --git a/docker/cas/docker-compose.yml b/docker/cas/docker-compose.yml index 17bf22d..8e22171 100644 --- a/docker/cas/docker-compose.yml +++ b/docker/cas/docker-compose.yml @@ -17,6 +17,8 @@ services: --server.port=8080 --cas.service-registry.core.init-from-json=true --cas.service-registry.json.location=file:/etc/cas/services + --cas.tgc.secure=false + --cas.tgc.sameSitePolicy=Lax volumes: - ./services/http-1.json:/etc/cas/services/http-1.json networks: diff --git a/servlet/spring-boot/java/cas/login/build.gradle b/servlet/spring-boot/java/cas/login/build.gradle index 15ff3eb..c51553e 100644 --- a/servlet/spring-boot/java/cas/login/build.gradle +++ b/servlet/spring-boot/java/cas/login/build.gradle @@ -5,6 +5,8 @@ plugins { id 'java' } +ext['spring-security.version'] = '6.3.0-SNAPSHOT' + repositories { mavenCentral() maven { url "https://repo.spring.io/milestone" } diff --git a/servlet/spring-boot/java/cas/login/src/main/java/cas/example/IndexController.java b/servlet/spring-boot/java/cas/login/src/main/java/cas/example/IndexController.java index 0f211bc..d960fc1 100644 --- a/servlet/spring-boot/java/cas/login/src/main/java/cas/example/IndexController.java +++ b/servlet/spring-boot/java/cas/login/src/main/java/cas/example/IndexController.java @@ -38,4 +38,9 @@ public class IndexController { return "loggedout"; } + @GetMapping("/public") + String publicPage() { + return "public"; + } + } diff --git a/servlet/spring-boot/java/cas/login/src/main/java/cas/example/SecurityConfig.java b/servlet/spring-boot/java/cas/login/src/main/java/cas/example/SecurityConfig.java index f41beb9..a54c6cd 100644 --- a/servlet/spring-boot/java/cas/login/src/main/java/cas/example/SecurityConfig.java +++ b/servlet/spring-boot/java/cas/login/src/main/java/cas/example/SecurityConfig.java @@ -31,6 +31,8 @@ import org.springframework.security.cas.ServiceProperties; import org.springframework.security.cas.authentication.CasAuthenticationProvider; import org.springframework.security.cas.web.CasAuthenticationEntryPoint; import org.springframework.security.cas.web.CasAuthenticationFilter; +import org.springframework.security.cas.web.CasGatewayAuthenticationRedirectFilter; +import org.springframework.security.cas.web.CasGatewayResolverRequestMatcher; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; @@ -38,6 +40,9 @@ import org.springframework.security.core.userdetails.UserDetailsByNameServiceWra import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher; +import org.springframework.security.web.util.matcher.AndRequestMatcher; +import org.springframework.web.servlet.handler.HandlerMappingIntrospector; @Configuration public class SecurityConfig { @@ -52,14 +57,30 @@ public class SecurityConfig { private ServletWebServerApplicationContext context; @Bean - public SecurityFilterChain filterChain(HttpSecurity http, UserDetailsService userDetailsService) throws Exception { - http.authorizeHttpRequests((authorize) -> authorize.requestMatchers(HttpMethod.GET, "/loggedout").permitAll() - .anyRequest().authenticated()) + public SecurityFilterChain filterChain(HttpSecurity http, UserDetailsService userDetailsService, + MvcRequestMatcher.Builder builder) throws Exception { + // @formatter:off + CasGatewayAuthenticationRedirectFilter casGatewayAuthenticationRedirectFilter = new CasGatewayAuthenticationRedirectFilter(this.casLoginUrl, serviceProperties()); + casGatewayAuthenticationRedirectFilter.setRequestMatcher(new AndRequestMatcher( + builder.pattern("/public"), new CasGatewayResolverRequestMatcher(serviceProperties()))); + http + .authorizeHttpRequests((authorize) -> authorize + .requestMatchers(HttpMethod.GET, "/loggedout").permitAll() + .requestMatchers("/public").permitAll() + .anyRequest().authenticated() + ) .exceptionHandling((exceptions) -> exceptions.authenticationEntryPoint(casAuthenticationEntryPoint())) .logout((logout) -> logout.logoutSuccessUrl("/loggedout")) .addFilter(casAuthenticationFilter(userDetailsService)) - .addFilterBefore(new SingleSignOutFilter(), CasAuthenticationFilter.class); + .addFilterBefore(new SingleSignOutFilter(), CasAuthenticationFilter.class) + .addFilterAfter(casGatewayAuthenticationRedirectFilter, CasAuthenticationFilter.class); return http.build(); + // @formatter:on + } + + @Bean + MvcRequestMatcher.Builder mvcRequestMatcherBuilder(HandlerMappingIntrospector introspector) { + return new MvcRequestMatcher.Builder(introspector); } public CasAuthenticationProvider casAuthenticationProvider(UserDetailsService userDetailsService) { diff --git a/servlet/spring-boot/java/cas/login/src/main/resources/application.properties b/servlet/spring-boot/java/cas/login/src/main/resources/application.properties index 5a355bd..9d09126 100644 --- a/servlet/spring-boot/java/cas/login/src/main/resources/application.properties +++ b/servlet/spring-boot/java/cas/login/src/main/resources/application.properties @@ -1,5 +1,6 @@ -cas.base.url=http://localhost:8090/cas +server.port=8081 +cas.base.url=http://localhost.example:8090/cas cas.login.url=${cas.base.url}/login cas.logout.url=${cas.base.url}/logout -service.base.url=http://localhost:8080 +service.base.url=http://localhost:8081 diff --git a/servlet/spring-boot/java/cas/login/src/main/resources/templates/public.html b/servlet/spring-boot/java/cas/login/src/main/resources/templates/public.html new file mode 100644 index 0000000..e658a71 --- /dev/null +++ b/servlet/spring-boot/java/cas/login/src/main/resources/templates/public.html @@ -0,0 +1,23 @@ + + +
+You are successfully logged in as
+ +