CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/maven-org-springframework-security--spring-security-cas

Spring Security support for Apereo's Central Authentication Service (CAS) enabling Single Sign-On authentication

Pending
Overview
Eval results
Files

configuration.mddocs/

Configuration

Service properties and SAML configuration for defining CAS service parameters, authentication behavior, and protocol-specific settings. These classes provide the foundational configuration needed to integrate with CAS servers.

Capabilities

Service Properties

Core configuration properties for CAS service integration, defining service URLs, parameter names, and authentication behavior.

/**
 * Stores properties related to the service URL and other CAS-related configuration.
 * Must be configured with the service URL that CAS will redirect back to after authentication.
 */
public class ServiceProperties implements InitializingBean {
    
    /** Default parameter name for CAS artifact/ticket (value: "ticket") */
    public static final String DEFAULT_CAS_ARTIFACT_PARAMETER = "ticket";
    
    /** Default parameter name for service URL (value: "service") */
    public static final String DEFAULT_CAS_SERVICE_PARAMETER = "service";
    
    /**
     * Gets the service URL that CAS will redirect to after authentication.
     * @return the service URL
     */
    public String getService();
    
    /**
     * Sets the service URL that CAS will redirect to after authentication.
     * Must be accessible by both the user's browser and the CAS server.
     * @param service the service URL (required)
     */
    public void setService(String service);
    
    /**
     * Indicates whether renew=true should be sent to the CAS login URL.
     * @return true if renew should be sent
     */
    public boolean isSendRenew();
    
    /**
     * Sets whether renew=true should be sent to the CAS login URL.
     * When true, forces fresh authentication even if user has valid CAS session.
     * @param sendRenew true to force fresh authentication
     */
    public void setSendRenew(boolean sendRenew);
    
    /**
     * Gets the artifact parameter name (defaults to "ticket").
     * @return the artifact parameter name
     */
    public String getArtifactParameter();
    
    /**
     * Sets the artifact parameter name used in requests.
     * @param artifactParameter the parameter name for CAS tickets
     */
    public void setArtifactParameter(String artifactParameter);
    
    /**
     * Gets the service parameter name (defaults to "service").
     * @return the service parameter name
     */
    public String getServiceParameter();
    
    /**
     * Sets the service parameter name used in requests.
     * @param serviceParameter the parameter name for service URL
     */
    public void setServiceParameter(String serviceParameter);
    
    /**
     * Indicates if all artifacts should be authenticated, not just stateful ones.
     * @return true if all artifacts should be authenticated
     */
    public boolean isAuthenticateAllArtifacts();
    
    /**
     * Sets whether all artifacts should be authenticated.
     * When false, only stateful artifacts are authenticated.
     * @param authenticateAllArtifacts true to authenticate all artifacts
     */
    public void setAuthenticateAllArtifacts(boolean authenticateAllArtifacts);
    
    /**
     * Validates that required properties are set.
     * @throws IllegalArgumentException if service URL is not set
     */
    public void afterPropertiesSet() throws IllegalArgumentException;
}

Usage Example:

@Bean
public ServiceProperties serviceProperties() {
    ServiceProperties serviceProperties = new ServiceProperties();
    serviceProperties.setService("https://myapp.example.com/login/cas");
    serviceProperties.setSendRenew(false);
    serviceProperties.setAuthenticateAllArtifacts(true);
    return serviceProperties;
}

SAML Service Properties

SAML-specific configuration extending ServiceProperties with SAML protocol parameter defaults.

/**
 * SAML-specific service properties with different default parameter names.
 * Used when integrating with CAS servers that support SAML protocol.
 */
public final class SamlServiceProperties extends ServiceProperties {
    
    /** Default SAML artifact parameter name (value: "SAMLart") */
    public static final String DEFAULT_SAML_ARTIFACT_PARAMETER = "SAMLart";
    
    /** Default SAML service parameter name (value: "TARGET") */
    public static final String DEFAULT_SAML_SERVICE_PARAMETER = "TARGET";
    
    /**
     * Creates SAML service properties with SAML-specific parameter defaults.
     * Sets artifact parameter to "SAMLart" and service parameter to "TARGET".
     */
    public SamlServiceProperties();
}

Usage Example:

@Bean
public ServiceProperties samlServiceProperties() {
    SamlServiceProperties serviceProperties = new SamlServiceProperties();
    serviceProperties.setService("https://myapp.example.com/saml/cas");
    return serviceProperties;
}

Configuration Examples

Basic CAS Configuration

@Configuration
public class CasConfig {
    
    @Bean
    public ServiceProperties serviceProperties() {
        ServiceProperties props = new ServiceProperties();
        props.setService("https://localhost:8080/login/cas");
        props.setSendRenew(false);
        props.setAuthenticateAllArtifacts(false); // Only authenticate stateful tickets
        return props;
    }
}

SAML CAS Configuration

@Configuration  
public class SamlCasConfig {
    
    @Bean
    public ServiceProperties samlServiceProperties() {
        SamlServiceProperties props = new SamlServiceProperties();
        props.setService("https://localhost:8080/saml/login");
        props.setSendRenew(true); // Force fresh authentication
        return props;
    }
}

Custom Parameter Names

@Configuration
public class CustomCasConfig {
    
    @Bean
    public ServiceProperties customServiceProperties() {
        ServiceProperties props = new ServiceProperties();
        props.setService("https://localhost:8080/custom/cas");
        props.setArtifactParameter("casticket"); // Custom ticket parameter
        props.setServiceParameter("returnto");   // Custom service parameter
        return props;
    }
}

Configuration Validation

The ServiceProperties.afterPropertiesSet() method validates configuration:

  • Service URL Required: The service URL must be set and non-empty
  • URL Format: Service URL should be a valid HTTP/HTTPS URL
  • Accessibility: Service URL must be accessible by both user browsers and CAS server

Integration Notes

  • Service URL must match the URL pattern configured in CAS server's service registry
  • For load-balanced applications, use consistent service URLs across all instances
  • HTTPS is strongly recommended for production service URLs
  • Consider using context-relative URLs for flexibility across environments

Install with Tessl CLI

npx tessl i tessl/maven-org-springframework-security--spring-security-cas

docs

authentication.md

configuration.md

index.md

json-serialization.md

ticket-caching.md

user-details.md

web-integration.md

tile.json