tessl/maven-org-springframework-security--spring-security-cas
Spring Security support for Apereo's Central Authentication Service (CAS) enabling Single Sign-On authentication
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='m7.15%205.779.281.877c-.001.502.003.991.124%201.48l.116-.082.229-1.265c.723%201.422%202.78%203.325%202.53%205.008-.022.154-.082.3-.158.435.349-.014.375-.38.578-.56.187%201.005.17%201.975-.22%202.932l1.428%203.159c-.007.07-.626.285-.744.226-.087-.044-.629-1.506-.742-1.754-.103-.224-.457-1.044-.592-1.165-.592-.534-2.033-.183-2.773-.256l.488-.115.148-.109c-.68-.08-1.363-.34-1.85-.815.531.046%201.052.121%201.592.087.1-.006.378-.02.432-.114-1.338-.016-2.398-.569-3.16-1.62-1.03-1.422-1.646-3.215-2.658-4.662-.203-.289-.474-.68-.776-.847-.015-.092.076-.054.137-.049.375.034.778.157%201.148.234l1.26.462c-.404-.737-1.332-.637-1.984-.994-.759-.416-1.2-1.386-1.487-2.149-.258-.68-.536-1.495-.492-2.217.282.262.529.573.896.73.087-.102-.838-1.102-.867-1.323C-.051.673.656-.051%201.328.003c1.128.09%202.44%201.953%202.87%202.886.074.069.145-.23.149-.25.029-.154.01-.306.054-.452.67.932%201.64%201.722%202.122%202.768l.626%201.778V5.78Z'/%3e%3cpath%20d='m10.851%206.733.626-1.778c.483-1.047%201.451-1.836%202.122-2.769.045.147.025.299.054.452.005.021.075.32.149.25.43-.932%201.742-2.796%202.87-2.885.672-.054%201.38.67%201.294%201.31-.03.22-.954%201.221-.867%201.322.367-.156.614-.467.896-.729.044.722-.234%201.536-.49%202.218-.288.763-.73%201.733-1.488%202.149-.652.356-1.58.256-1.984.993l1.26-.461c.37-.077.772-.2%201.148-.234.06-.006.152-.044.136.049-.301.166-.573.557-.775.847-.794%201.135-1.347%202.488-2.049%203.68-.635%201.081-1.285%202.087-2.613%202.432.148-.768.005-1.562-.173-2.316l-.32-.092c-.219-1.088-.84-2.001-1.466-2.908l.919-1.475.229%201.265.116.082c.12-.489.125-.979.123-1.48l.283-.877v.955ZM8.017%2014.984c-.238.57-.531%201.119-.78%201.686-.089.204-.446%201.24-.518%201.295-.145.114-.622-.087-.777-.2l1.207-2.78h.868ZM12.008%2013.75c-.059.174-.949.7-1.04.617l.12-.5.92-.117Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h18v18H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/maven-org-springframework-security--spring-security-cas@6.5.0index.mddocs/
Spring Security CAS
Spring Security CAS provides comprehensive integration with Apereo's Central Authentication Service (CAS) for Spring Security applications. This module enables Single Sign-On (SSO) authentication, allowing users to authenticate once with a CAS server and access multiple applications without re-entering credentials.
Package Information
- Package Name: spring-security-cas
- Package Type: Maven
- Language: Java
- Installation: Add Maven dependency:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
<version>6.5.1</version>
</dependency>For Gradle:
implementation 'org.springframework.security:spring-security-cas:6.5.1'Core Imports
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.cas.ServiceProperties;Basic Usage
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@Configuration
@EnableWebSecurity
public class CasSecurityConfig {
@Bean
public ServiceProperties serviceProperties() {
ServiceProperties serviceProperties = new ServiceProperties();
serviceProperties.setService("http://localhost:8080/login/cas");
serviceProperties.setSendRenew(false);
return serviceProperties;
}
@Bean
public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
CasAuthenticationEntryPoint entryPoint = new CasAuthenticationEntryPoint();
entryPoint.setLoginUrl("https://cas-server.example.com/cas/login");
entryPoint.setServiceProperties(serviceProperties());
return entryPoint;
}
@Bean
public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
CasAuthenticationFilter filter = new CasAuthenticationFilter();
filter.setAuthenticationManager(authenticationManager());
filter.setServiceProperties(serviceProperties());
return filter;
}
@Bean
public CasAuthenticationProvider casAuthenticationProvider() {
CasAuthenticationProvider provider = new CasAuthenticationProvider();
provider.setServiceProperties(serviceProperties());
provider.setTicketValidator(cas20ServiceTicketValidator());
provider.setUserDetailsService(userDetailsService());
provider.setKey("cas-authentication-provider");
return provider;
}
}Architecture
Spring Security CAS integration is built around several key components:
- Authentication Framework:
CasAuthenticationProviderintegrates with Spring Security's authentication architecture to validate CAS tickets and create authenticated principals - Web Filters:
CasAuthenticationFilterprocesses CAS service tickets whileCasAuthenticationEntryPointredirects unauthenticated users to CAS login - Service Configuration:
ServicePropertiesandSamlServicePropertiesdefine service URLs and CAS protocol parameters - Ticket Caching:
StatelessTicketCacheimplementations provide performance optimization for stateless authentication scenarios - User Details Integration: Support for loading user details from CAS assertions via Spring Security's
UserDetailsServiceframework - JSON Serialization: Jackson module enables session serialization in distributed environments
Capabilities
Core Configuration
Service properties and SAML configuration for defining CAS service parameters, authentication behavior, and protocol-specific settings.
public class ServiceProperties implements InitializingBean {
public String getService();
public void setService(String service);
public boolean isSendRenew();
public void setSendRenew(boolean sendRenew);
public String getArtifactParameter();
public void setArtifactParameter(String artifactParameter);
public boolean isAuthenticateAllArtifacts();
public void setAuthenticateAllArtifacts(boolean authenticateAllArtifacts);
}
public final class SamlServiceProperties extends ServiceProperties {
public SamlServiceProperties();
}Authentication Provider and Tokens
CAS authentication provider and token implementations for integrating CAS ticket validation with Spring Security's authentication framework.
public class CasAuthenticationProvider implements AuthenticationProvider, InitializingBean, MessageSourceAware {
public Authentication authenticate(Authentication authentication) throws AuthenticationException;
public boolean supports(Class<?> authentication);
public void setServiceProperties(ServiceProperties serviceProperties);
public void setTicketValidator(TicketValidator ticketValidator);
public void setUserDetailsService(UserDetailsService userDetailsService);
public void setKey(String key);
}
public class CasAuthenticationToken extends AbstractAuthenticationToken implements Serializable {
public CasAuthenticationToken(String key, Object principal, Object credentials,
Collection<? extends GrantedAuthority> authorities,
UserDetails userDetails, Assertion assertion);
public Assertion getAssertion();
public UserDetails getUserDetails();
public int getKeyHash();
}Web Integration
Web filters and entry points for processing CAS authentication flows, handling service ticket validation, and managing gateway authentication.
public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
public CasAuthenticationFilter();
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException, IOException;
public void setServiceProperties(ServiceProperties serviceProperties);
public void setProxyReceptorUrl(String proxyReceptorUrl);
}
public class CasAuthenticationEntryPoint implements AuthenticationEntryPoint, InitializingBean {
public void commence(HttpServletRequest servletRequest, HttpServletResponse response,
AuthenticationException authenticationException) throws IOException;
public void setLoginUrl(String loginUrl);
public void setServiceProperties(ServiceProperties serviceProperties);
}User Details Services
Specialized user details services for extracting user information and authorities from CAS assertions.
public abstract class AbstractCasAssertionUserDetailsService
implements AuthenticationUserDetailsService<CasAssertionAuthenticationToken> {
public final UserDetails loadUserDetails(CasAssertionAuthenticationToken token);
protected abstract UserDetails loadUserDetails(Assertion assertion);
}
public final class GrantedAuthorityFromAssertionAttributesUserDetailsService
extends AbstractCasAssertionUserDetailsService {
public GrantedAuthorityFromAssertionAttributesUserDetailsService(String[] attributes);
public void setConvertToUpperCase(boolean convertToUpperCase);
}Ticket Caching
Stateless ticket caching implementations for performance optimization in clustered and stateless authentication scenarios.
public interface StatelessTicketCache {
CasAuthenticationToken getByTicketId(String serviceTicket);
void putTicketInCache(CasAuthenticationToken token);
void removeTicketFromCache(CasAuthenticationToken token);
void removeTicketFromCache(String serviceTicket);
}
public final class NullStatelessTicketCache implements StatelessTicketCache;
public class SpringCacheBasedTicketCache implements StatelessTicketCache {
public SpringCacheBasedTicketCache(Cache cache);
}JSON Serialization
Jackson module for serializing CAS authentication tokens and related objects in distributed session scenarios.
public class CasJackson2Module extends SimpleModule {
public CasJackson2Module();
public void setupModule(SetupContext context);
}Common Exception Types
AuthenticationException- Base exception for authentication failuresBadCredentialsException- Invalid or expired CAS ticketsTicketValidationException- CAS server ticket validation failuresIllegalArgumentException- Configuration errors and invalid parameters
Dependencies
This module requires:
- Spring Security Core (6.5.1+)
- Spring Framework (6.0+)
- CAS Client for Java (org.jasig.cas.client)
- Jackson Core (for JSON serialization support)
Integration Notes
- Configure CAS server URL in
CasAuthenticationEntryPoint - Set service URL in
ServicePropertiesto match your application's callback URL - Implement or configure
UserDetailsServicefor loading user authorities - Consider ticket caching for high-traffic stateless applications
- Use
CasGatewayAuthenticationRedirectFilterfor optional SSO scenarios