tessl/maven-org-springframework-security--spring-security-cas
Spring Security support for Apereo's Central Authentication Service (CAS) enabling Single Sign-On authentication
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Securityby
Pending
The risk profile of this skill
Spring Security CAS
Spring Security CAS provides comprehensive integration with Apereo's Central Authentication Service (CAS) for Spring Security applications. This module enables Single Sign-On (SSO) authentication, allowing users to authenticate once with a CAS server and access multiple applications without re-entering credentials.
Package Information
- Package Name: spring-security-cas
- Package Type: Maven
- Language: Java
- Installation: Add Maven dependency:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
<version>6.5.1</version>
</dependency>For Gradle:
implementation 'org.springframework.security:spring-security-cas:6.5.1'Core Imports
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.cas.ServiceProperties;Basic Usage
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@Configuration
@EnableWebSecurity
public class CasSecurityConfig {
@Bean
public ServiceProperties serviceProperties() {
ServiceProperties serviceProperties = new ServiceProperties();
serviceProperties.setService("http://localhost:8080/login/cas");
serviceProperties.setSendRenew(false);
return serviceProperties;
}
@Bean
public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
CasAuthenticationEntryPoint entryPoint = new CasAuthenticationEntryPoint();
entryPoint.setLoginUrl("https://cas-server.example.com/cas/login");
entryPoint.setServiceProperties(serviceProperties());
return entryPoint;
}
@Bean
public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
CasAuthenticationFilter filter = new CasAuthenticationFilter();
filter.setAuthenticationManager(authenticationManager());
filter.setServiceProperties(serviceProperties());
return filter;
}
@Bean
public CasAuthenticationProvider casAuthenticationProvider() {
CasAuthenticationProvider provider = new CasAuthenticationProvider();
provider.setServiceProperties(serviceProperties());
provider.setTicketValidator(cas20ServiceTicketValidator());
provider.setUserDetailsService(userDetailsService());
provider.setKey("cas-authentication-provider");
return provider;
}
}Architecture
Spring Security CAS integration is built around several key components:
- Authentication Framework:
CasAuthenticationProviderintegrates with Spring Security's authentication architecture to validate CAS tickets and create authenticated principals - Web Filters:
CasAuthenticationFilterprocesses CAS service tickets whileCasAuthenticationEntryPointredirects unauthenticated users to CAS login - Service Configuration:
ServicePropertiesandSamlServicePropertiesdefine service URLs and CAS protocol parameters - Ticket Caching:
StatelessTicketCacheimplementations provide performance optimization for stateless authentication scenarios - User Details Integration: Support for loading user details from CAS assertions via Spring Security's
UserDetailsServiceframework - JSON Serialization: Jackson module enables session serialization in distributed environments
Capabilities
Core Configuration
Service properties and SAML configuration for defining CAS service parameters, authentication behavior, and protocol-specific settings.
public class ServiceProperties implements InitializingBean {
public String getService();
public void setService(String service);
public boolean isSendRenew();
public void setSendRenew(boolean sendRenew);
public String getArtifactParameter();
public void setArtifactParameter(String artifactParameter);
public boolean isAuthenticateAllArtifacts();
public void setAuthenticateAllArtifacts(boolean authenticateAllArtifacts);
}
public final class SamlServiceProperties extends ServiceProperties {
public SamlServiceProperties();
}Authentication Provider and Tokens
CAS authentication provider and token implementations for integrating CAS ticket validation with Spring Security's authentication framework.
public class CasAuthenticationProvider implements AuthenticationProvider, InitializingBean, MessageSourceAware {
public Authentication authenticate(Authentication authentication) throws AuthenticationException;
public boolean supports(Class<?> authentication);
public void setServiceProperties(ServiceProperties serviceProperties);
public void setTicketValidator(TicketValidator ticketValidator);
public void setUserDetailsService(UserDetailsService userDetailsService);
public void setKey(String key);
}
public class CasAuthenticationToken extends AbstractAuthenticationToken implements Serializable {
public CasAuthenticationToken(String key, Object principal, Object credentials,
Collection<? extends GrantedAuthority> authorities,
UserDetails userDetails, Assertion assertion);
public Assertion getAssertion();
public UserDetails getUserDetails();
public int getKeyHash();
}Web Integration
Web filters and entry points for processing CAS authentication flows, handling service ticket validation, and managing gateway authentication.
public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
public CasAuthenticationFilter();
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException, IOException;
public void setServiceProperties(ServiceProperties serviceProperties);
public void setProxyReceptorUrl(String proxyReceptorUrl);
}
public class CasAuthenticationEntryPoint implements AuthenticationEntryPoint, InitializingBean {
public void commence(HttpServletRequest servletRequest, HttpServletResponse response,
AuthenticationException authenticationException) throws IOException;
public void setLoginUrl(String loginUrl);
public void setServiceProperties(ServiceProperties serviceProperties);
}User Details Services
Specialized user details services for extracting user information and authorities from CAS assertions.
public abstract class AbstractCasAssertionUserDetailsService
implements AuthenticationUserDetailsService<CasAssertionAuthenticationToken> {
public final UserDetails loadUserDetails(CasAssertionAuthenticationToken token);
protected abstract UserDetails loadUserDetails(Assertion assertion);
}
public final class GrantedAuthorityFromAssertionAttributesUserDetailsService
extends AbstractCasAssertionUserDetailsService {
public GrantedAuthorityFromAssertionAttributesUserDetailsService(String[] attributes);
public void setConvertToUpperCase(boolean convertToUpperCase);
}Ticket Caching
Stateless ticket caching implementations for performance optimization in clustered and stateless authentication scenarios.
public interface StatelessTicketCache {
CasAuthenticationToken getByTicketId(String serviceTicket);
void putTicketInCache(CasAuthenticationToken token);
void removeTicketFromCache(CasAuthenticationToken token);
void removeTicketFromCache(String serviceTicket);
}
public final class NullStatelessTicketCache implements StatelessTicketCache;
public class SpringCacheBasedTicketCache implements StatelessTicketCache {
public SpringCacheBasedTicketCache(Cache cache);
}JSON Serialization
Jackson module for serializing CAS authentication tokens and related objects in distributed session scenarios.
public class CasJackson2Module extends SimpleModule {
public CasJackson2Module();
public void setupModule(SetupContext context);
}Common Exception Types
AuthenticationException- Base exception for authentication failuresBadCredentialsException- Invalid or expired CAS ticketsTicketValidationException- CAS server ticket validation failuresIllegalArgumentException- Configuration errors and invalid parameters
Dependencies
This module requires:
- Spring Security Core (6.5.1+)
- Spring Framework (6.0+)
- CAS Client for Java (org.jasig.cas.client)
- Jackson Core (for JSON serialization support)
Integration Notes
- Configure CAS server URL in
CasAuthenticationEntryPoint - Set service URL in
ServicePropertiesto match your application's callback URL - Implement or configure
UserDetailsServicefor loading user authorities - Consider ticket caching for high-traffic stateless applications
- Use
CasGatewayAuthenticationRedirectFilterfor optional SSO scenarios
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Publish Source
- CLI
- Badge
'%3e%3cpath%20d='m7.15%205.779.281.877c-.001.502.003.991.124%201.48l.116-.082.229-1.265c.723%201.422%202.78%203.325%202.53%205.008-.022.154-.082.3-.158.435.349-.014.375-.38.578-.56.187%201.005.17%201.975-.22%202.932l1.428%203.159c-.007.07-.626.285-.744.226-.087-.044-.629-1.506-.742-1.754-.103-.224-.457-1.044-.592-1.165-.592-.534-2.033-.183-2.773-.256l.488-.115.148-.109c-.68-.08-1.363-.34-1.85-.815.531.046%201.052.121%201.592.087.1-.006.378-.02.432-.114-1.338-.016-2.398-.569-3.16-1.62-1.03-1.422-1.646-3.215-2.658-4.662-.203-.289-.474-.68-.776-.847-.015-.092.076-.054.137-.049.375.034.778.157%201.148.234l1.26.462c-.404-.737-1.332-.637-1.984-.994-.759-.416-1.2-1.386-1.487-2.149-.258-.68-.536-1.495-.492-2.217.282.262.529.573.896.73.087-.102-.838-1.102-.867-1.323C-.051.673.656-.051%201.328.003c1.128.09%202.44%201.953%202.87%202.886.074.069.145-.23.149-.25.029-.154.01-.306.054-.452.67.932%201.64%201.722%202.122%202.768l.626%201.778V5.78Z'/%3e%3cpath%20d='m10.851%206.733.626-1.778c.483-1.047%201.451-1.836%202.122-2.769.045.147.025.299.054.452.005.021.075.32.149.25.43-.932%201.742-2.796%202.87-2.885.672-.054%201.38.67%201.294%201.31-.03.22-.954%201.221-.867%201.322.367-.156.614-.467.896-.729.044.722-.234%201.536-.49%202.218-.288.763-.73%201.733-1.488%202.149-.652.356-1.58.256-1.984.993l1.26-.461c.37-.077.772-.2%201.148-.234.06-.006.152-.044.136.049-.301.166-.573.557-.775.847-.794%201.135-1.347%202.488-2.049%203.68-.635%201.081-1.285%202.087-2.613%202.432.148-.768.005-1.562-.173-2.316l-.32-.092c-.219-1.088-.84-2.001-1.466-2.908l.919-1.475.229%201.265.116.082c.12-.489.125-.979.123-1.48l.283-.877v.955ZM8.017%2014.984c-.238.57-.531%201.119-.78%201.686-.089.204-.446%201.24-.518%201.295-.145.114-.622-.087-.777-.2l1.207-2.78h.868ZM12.008%2013.75c-.059.174-.949.7-1.04.617l.12-.5.92-.117Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h18v18H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
