SPRING Configuring BOOT with Jasig CAS
I am doing a test project to try boot spring for our future projects.
We are using jasig CAS and I am trying to setup using spring boot and embedded tomcat server.
So, I add spring-boot-starter-security to pom.xml
After that I am trying to configure WebSecurityConfig -> spring provides classes to configure using cas, for example I need to configure an entry point:
@Bean
public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
casAuthenticationEntryPoint.setLoginUrl("https://localhost:9443/cas/login");
casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
return casAuthenticationEntryPoint;
}
Here's the first problem: the org.springframework.security.cas.web.CasAuthenticationEntryPoint class is not reverse engineered by the application.
The dosen't class seems to be imported using spring-boot-starter-security.
What's the best practice? Do I have to manually add the dependency to my pump like I did before?
example:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
<version>${spring-security.version}</version>
<type>jar</type>
<scope>compile</scope>
</dependency>
If so, which version should I use to match the download package and avoid conflicts?
Second, how do I configure embedded tomcat to include ssl with a certificate?
Here is my classic server.xml for CAS:
Connector emptySessionPath="true" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" URIEncoding="UTF-8"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:\***\***\***\.keystore" keystorePass="***"
truststoreFile="C:\Program Files\Java\jdk1.7.0_67\jre\lib\security\cacerts"
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript"/>
Is it possible to customize keystorefile / truststorefile with embedded tomcat?
thank
source to share
Assuming you are spring-boot-starter-parent
parenting your project (or importing it into your own section <dependencyManagement>
), you don't need to declare a version for the dependency spring-security-cas
, since Boot already provides dependency management for It. You can simply do this:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
</dependency>
See the reference documents for SSL configuration . You just need to specify a few properties to set up your keystore, etc. For example:
server.port = 8443
server.ssl.key-store = keystore.jks
server.ssl.key-store-password = secret
server.ssl.key-password = another-secret
source to share
I am a little confused, I am trying to complete the SSL setup, but I still have a problem.
Here is my tomcat config with spring boot:
server.port = 8080
server.ssl.key-store = C:\\dev\\web\\tomcat\\.keystore
server.ssl.key-store-password = changeit
server.ssl.key-password = changeit
server.ssl.trustStore = C:\\Program Files\\Java\\jdk1.7.0_67\\jre\\lib\\security\\cacerts
server.ssl.trustStorePassword = changeit
I run the application, no problem, I am redirected to my CAS server, I enter the login / logout password, then I get the error:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I like it if my certificate doesn't work, but when I use tomcat in the classic way (not inline, my config is in my first post) it works fine.
Did I miss something?
source to share