-
Notifications
You must be signed in to change notification settings - Fork 6.1k
Restore CAS module and update it for cas-client-core 4.0.0 #12362
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
I did test this with an app updated to spring-security 6.x. After dealing with some deprecated spring-security stuff that I was using I was getting into a redirect loop b/c my
Once I set that on my I also noticed that when it was in a redirect loop, the |
Let me know if there is anything I can do to help this get merged. It would be nice to get it in the snapshots so people could try it out before the release. |
Thanks @hdeadman, we'll look into that as soon as we get the priorities sorted out for the release. |
Hello, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, @hdeadman for your work on this. I have some considerations before merging it:
- The copyright notice that contains Acegi we leave them as-it-is, so please drop this commit
- Please ensure that the other copyright notices are updated to the current year
- Can you ensure that we are using the latest dependency version? I see that there was a release on Jan 16th.
- We need to improve the documentation by adding code snippets using Java Configuration, are you able to do that? If not, I can create a ticket and we can work on that later on.
If the class is CasServiceTicketAuthenticationToken then the enum forces the agent type to be one of two things this if is checking
I dropped the commit with the Acegi copyright changes, plus removed one Acegi copyright change that was in another commit, and I updated the java cas-client-core dependency to 4.0.1. I updated all the non-Acegi copyright years under cas module to include 2023, not sure if that was what you meant but it's in one commit so I can drop that if its wrong. I will try to work on documentation updates this weekend. I might have to add a cas client app to spring-security-samples so I put in examples that work. |
This is a quick attempt at addressing #11674 and #12304. It reverts the CAS module deletion in one commit, then adjusts the packages to the new package structure in the
cas-client-core
module and changes Jasig references to Apereo, and then in another commit it changes CAS module to use its own AuthenticationToken for processing the service ticket rather than storing it onUsernamePasswordAuthenticationToken
.I copied
UsernamePasswordAuthenticationToken
and called itCasServiceTicketAuthenticationToken
and then change the principal which was repurposed as a user agent type (stateless or stateful) to use an enum with the constant values used to tell spring security whether to cache the validated service ticket or not.I haven't tested this in an actual webapp yet.