3

I tried to get Spring Boot + Spring Security work with CAS and ran into some troubles. After some time researching I found a good example project https://github.com/jgribonvald/demo-spring-security-cas It is very good, I only had to change the CAS URLs to mine and it started to work perfectly.

It uses spring boot 1.2.1.RELEASE and I wanted to upgrade it to latest version (1.5.2.RELEASE). In order to do that I had to do some modifications (fix compile errors, because some classes were removed in newer versions).

When compile errors were fixed I tested it with older version and it still worked, but it failed with latest version. It throws error that casServerUrlPrefix is null in SingleSignOutFilter

@Bean
public SingleSignOutFilter singleSignOutFilter() {
    SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
    singleSignOutFilter.setCasServerUrlPrefix(env.getRequiredProperty(CAS_URL_PREFIX));
//      singleSignOutFilter.setIgnoreInitConfiguration(true);
    return singleSignOutFilter;
}

Exception

java.lang.IllegalArgumentException: casServerUrlPrefix cannot be null.
    at org.jasig.cas.client.util.CommonUtils.assertNotNull(CommonUtils.java:86)
    at org.jasig.cas.client.session.SingleSignOutHandler.init(SingleSignOutHandler.java:140)
    at org.jasig.cas.client.session.SingleSignOutFilter.init(SingleSignOutFilter.java:55)
    at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:279)
    at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:109)
    at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4572)
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5215)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1419)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1409)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)

Even though casServerUrlPrefix is set and it works with older version. Therefore my question is, whether this is some common bug/error when upgrading spring security and how should one fix it?

EDIT:

I tried doing smaller upgrades and it works with spring boot 1.2.8.RELEASE, but fails with 1.3.0.RELEASE. I also tried to change spring security version lower while upgrading spring boot, but that did not help.

Then I create my own SingleSignOutFilter to hard-code casServerUrlPrefix and I got rid of that error and I could see, that casServerUrlPrefix was indeed set. Unfortunately that did not fix the problem, I still can't use my web app, but now it just doesn't throw exceptions in log.

modorono
  • 41
  • 1
  • 6

4 Answers4

1

So I finally managed to solve this issue.

In SecurityConfiguration class one must remove @Bean annotations from SingleSignOutFilter and CasAuthenticationEntryPoint. This seemed to be the main issue and was pretty hard to track down.

Also, one must make changes in application.properties:

  • replace app.service.security value from ../j_spring_cas_security_check to ../login/cas
  • replace spring.view.prefix with spring.mvc.view.prefix
  • replace suffix as well`

That is all.

modorono
  • 41
  • 1
  • 6
1

Per https://github.com/grails-plugins/grails-spring-security-cas/commit/347217482b16be85d775016d10b6b4ccc2f5825f , if you also set the property ignoreInitConfiguration to true, then it should fix the problem, or at least it did for me.

<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter">
    <property name="casServerUrlPrefix" value="${cas.casServerUrlPrefix}"/>
    <property name="ignoreInitConfiguration" value="true" />
</bean>
Tim
  • 1,605
  • 6
  • 31
  • 47
1
    @Bean
    open fun singleSignOutFilter(): SingleSignOutFilter {
        val singleSignOutFilter = SingleSignOutFilter()
        singleSignOutFilter.setIgnoreInitConfiguration(true)
        singleSignOutFilter.setCasServerUrlPrefix(CAS_URL_PREFIX)
        return singleSignOutFilter
    }
cui cui
  • 71
  • 5
0

I resolved this issue by upgrading the cas-client-core jar to 3.6.1. Hope this helps someone facing this issue.

chiranth
  • 136
  • 1
  • 4