in plugin-cas/plugin/src/main/groovy/grails/plugin/springsecurity/cas/SpringSecurityCasGrailsPlugin.groovy [54:149]
Closure doWithSpring() {{ ->
def conf = SpringSecurityUtils.securityConfig
if (!conf || !conf.active) {
return
}
SpringSecurityUtils.loadSecondaryConfig 'DefaultCasSecurityConfig'
// have to get again after overlaying DefaultCasSecurityConfig
conf = SpringSecurityUtils.securityConfig
if (!conf.cas.active) {
return
}
boolean printStatusMessages = (conf.printStatusMessages instanceof Boolean) ? conf.printStatusMessages : true
if (printStatusMessages) {
println '\nConfiguring Spring Security CAS ...'
}
if (conf.cas.useSingleSignout) {
// session fixation prevention breaks single signout because
// the service ticket is mapped to the session id which changes
conf.useSessionFixationPrevention = false
singleSignOutFilter(SingleSignOutFilter) {
ignoreInitConfiguration = true
}
singleSignOutFilterRegistrationBean(FilterRegistrationBean) {
name = 'CAS Single Sign Out Filter'
filter = ref('singleSignOutFilter')
order = Ordered.HIGHEST_PRECEDENCE
}
singleSignOutHttpSessionListener(ServletListenerRegistrationBean, new SingleSignOutHttpSessionListener())
}
SpringSecurityUtils.registerProvider 'casAuthenticationProvider'
SpringSecurityUtils.registerFilter 'casAuthenticationFilter', SecurityFilterPosition.CAS_FILTER
// TODO document NullProxyGrantingTicketStorage
casProxyGrantingTicketStorage(ProxyGrantingTicketStorageImpl)
authenticationEntryPoint(CasAuthenticationEntryPoint) {
serviceProperties = ref('casServiceProperties')
loginUrl = conf.cas.serverUrlPrefix + conf.cas.loginUri
}
casServiceProperties(ServiceProperties) {
service = conf.cas.serviceUrl
sendRenew = conf.cas.sendRenew // false
artifactParameter = conf.cas.artifactParameter // 'ticket'
serviceParameter = conf.cas.serviceParameter // 'service'
}
casAuthenticationFilter(CasAuthenticationFilter) {
authenticationManager = ref('authenticationManager')
sessionAuthenticationStrategy = ref('sessionAuthenticationStrategy')
authenticationSuccessHandler = ref('authenticationSuccessHandler')
authenticationFailureHandler = ref('authenticationFailureHandler')
rememberMeServices = ref('rememberMeServices')
authenticationDetailsSource = ref('authenticationDetailsSource')
serviceProperties = ref('casServiceProperties')
proxyGrantingTicketStorage = ref('casProxyGrantingTicketStorage')
filterProcessesUrl = conf.cas.filterProcessesUrl // '/login/cas'
continueChainBeforeSuccessfulAuthentication = conf.apf.continueChainBeforeSuccessfulAuthentication // false
allowSessionCreation = conf.apf.allowSessionCreation // true
proxyReceptorUrl = conf.cas.proxyReceptorUrl
}
casProxyRetriever(Cas20ProxyRetriever, conf.cas.serverUrlPrefix, conf.cas.serverUrlEncoding /*'UTF-8'*/)
casTicketValidator(Cas20ServiceTicketValidator, conf.cas.serverUrlPrefix) {
proxyRetriever = ref('casProxyRetriever')
proxyGrantingTicketStorage = ref('casProxyGrantingTicketStorage')
proxyCallbackUrl = conf.cas.proxyCallbackUrl
renew = conf.cas.sendRenew // false
}
casStatelessTicketCache(NullStatelessTicketCache)
casAuthenticationProvider(CasAuthenticationProvider) {
authenticationUserDetailsService = ref('authenticationUserDetailsService')
serviceProperties = ref('casServiceProperties')
ticketValidator = ref('casTicketValidator')
statelessTicketCache = ref('casStatelessTicketCache')
key = conf.cas.key // 'grails-spring-security-cas'
}
if (printStatusMessages) {
println '... finished configuring Spring Security CAS\n'
}
}}