How does the CAS 4.X.X client loop redirect find the cause and the solution?

< H1 > problem description < / H1 >

CAS Server (supports https) there are client1 , client2 , client3 multiple applications, among which client1 and client2 can normally support single sign-on, but client3 is not. The problem is that when CAS Server logs in, The page will be redirected in a loop between https://cas-server/login?service=https://localhost:8443/cas-client3/login and https://localhost:8443/cas-client3/login?ticket=ST-1645-XXXXXXX-cas01.example.org, causing the page not to be accessed properly

< H1 > screenshot of the question < / H1 >

clipboard.png

clipboard.png

< H1 > the configuration of spring security and CAS is as follows < / H1 > < H2 > configuration file < / H2 >
-sharp CAS 
app:
  login:
    url: /login
  logout:
    url: /logout
  server:
    host:
      url: https://localhost:8443/cas-client3

cas:
  server:
    host:
      url: https://cas-server
      login_url: ${cas.server.host.url}/login
      logout_url: ${cas.server.host.url}/logout?service=${app.server.host.url}
< H2 > configuration class < / H2 >
import com.cloume.mooc.security.MyPermissionEvaluator;
import com.cloume.mooc.security.SpringContextUtil;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;

import javax.annotation.Resource;
import java.util.Map;

/**
 * spring security
 * 

* Created by surpass.wei@gmail.com on 2017/7/26. */ @Configuration @EnableWebSecurity // webspring boot @EnableGlobalMethodSecurity(prePostEnabled = true) // @Profile("cas") public class SecurityConfig extends WebSecurityConfigurerAdapter { @Resource private CasProperties casProperties; /** * */ @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { super.configure(auth); auth.authenticationProvider(casAuthenticationProvider()); } /** * */ @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() // .antMatchers("/html/**") .permitAll() .expressionHandler(httpSecurityExpressionHandler()) .anyRequest() .authenticated() .and() .formLogin() .loginProcessingUrl("/login") .permitAll() .and() .rememberMe() .tokenValiditySeconds(31536000) .and() .csrf() .disable() .logout() .permitAll(); http.exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint()) .and() .addFilter(casAuthenticationFilter()) .addFilterBefore(casLogoutFilter(), LogoutFilter.class) .addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class); http.csrf().disable(); //CSRF } /** * service */ @Bean public ServiceProperties serviceProperties() { ServiceProperties serviceProperties = new ServiceProperties(); serviceProperties.setService(casProperties.getAppServerUrl() + casProperties.getAppLoginUrl()); serviceProperties.setAuthenticateAllArtifacts(true); return serviceProperties; } @Bean public SessionRegistry getSessionRegistry() { return new SessionRegistryImpl(); } @Bean public DefaultWebSecurityExpressionHandler httpSecurityExpressionHandler() { DefaultWebSecurityExpressionHandler expressionHandler = new DefaultWebSecurityExpressionHandler(); expressionHandler.setPermissionEvaluator(new MyPermissionEvaluator()); return expressionHandler; } @Bean public DefaultWebSecurityExpressionHandler webSecurityExpressionHandler() { final Map<String, DefaultWebSecurityExpressionHandler> expressionHandlers = SpringContextUtil.getApplicationContext().getBeansOfType(DefaultWebSecurityExpressionHandler.class); if (expressionHandlers.values().toArray()[0] != null) { ((DefaultWebSecurityExpressionHandler) expressionHandlers.values().toArray()[0]).setPermissionEvaluator(new MyPermissionEvaluator()); } return (DefaultWebSecurityExpressionHandler) expressionHandlers.values().toArray()[0]; } /** * CAS */ @Bean public CasAuthenticationFilter casAuthenticationFilter() throws Exception { CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter(); casAuthenticationFilter.setAuthenticationManager(authenticationManager()); casAuthenticationFilter.setFilterProcessesUrl(casProperties.getAppLoginUrl()); // //casAuthenticationFilter.setAuthenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/html/user.html")); return casAuthenticationFilter; } /** * cas Provider */ @Bean public CasAuthenticationProvider casAuthenticationProvider() { CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider(); casAuthenticationProvider.setAuthenticationUserDetailsService(customUserDetailsService()); //casAuthenticationProvider.setUserDetailsService(customUserDetailsService()); // casAuthenticationProvider.setServiceProperties(serviceProperties()); casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator()); casAuthenticationProvider.setKey("casAuthenticationProviderKey"); return casAuthenticationProvider; } /** * AuthenticationUserDetailsService */ @Bean public AuthenticationUserDetailsService<CasAssertionAuthenticationToken> customUserDetailsService() { return new CustomUserDetailsService(); } @Bean public Cas20ServiceTicketValidator cas20ServiceTicketValidator() { return new Cas20ServiceTicketValidator(casProperties.getCasServerUrl()); } /** * CAS */ @Bean public CasAuthenticationEntryPoint casAuthenticationEntryPoint() { CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint(); casAuthenticationEntryPoint.setLoginUrl(casProperties.getCasServerLoginUrl()); casAuthenticationEntryPoint.setServiceProperties(serviceProperties()); return casAuthenticationEntryPoint; } /** * CAS */ @Bean public LogoutFilter casLogoutFilter() { LogoutFilter logoutFilter = new LogoutFilter(casProperties.getCasServerLogoutUrl(), new SecurityContextLogoutHandler()); logoutFilter.setFilterProcessesUrl(casProperties.getAppLogoutUrl()); // return logoutFilter; } /** * CAS */ @Bean public SingleSignOutFilter singleSignOutFilter() { SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter(); singleSignOutFilter.setCasServerUrlPrefix(casProperties.getCasServerUrl()); singleSignOutFilter.setIgnoreInitConfiguration(true); return singleSignOutFilter; } }

Mar.03,2021

is it lucky that every time you submit a problem, you can always find a solution on your own? The problem that has tormented me for three days is finally solved, and the cause of this problem is actually caused by the incompatibility between spring boot (1.3.x) and cas (4.2.x). The solution is very simple: upgrade spring boot version to 1.5.x, cas does not need to specify the version number (will automatically adapt according to spring-boot-starter-parent)

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e84849-ce5.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e84849-ce5.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?