0

Zkoss + CAS, expiration tickets

asked 2012-06-22 10:00:33 +0800

fjulbe gravatar image fjulbe
30 1

updated 2012-06-22 10:01:08 +0800

Hello all, I've implemened a zk web service which requires authentication through a CAS service (we using Spring security framework). The problem we are facing is that CAS doesn't seem to detect any activity in the web page ionce a user is logged it. As soon as the expiration time is reached, a timeout window is displayed asking for re-authenticate.

The policy we use in CAS is the default:
<bean id="grantingTicketExpirationPolicy"
class="org.jasig.cas.ticket.support.TimeoutExpirationPolicy">

But it is behaving like
<bean id="grantingTicketExpirationPolicy"
class="org.jasig.cas.ticket.support.HardTimeoutExpirationPolicy">


My spring security file looks like this:

<!--+
**********************************************************
**********************************************************
Customize: The application need to manage roles here
**********************************************************
**********************************************************
+-->
<sec:http auto-config='true' entry-point-ref="casProcessingFilterEntryPoint">
<sec:intercept-url pattern="/zkau/**" access="ROLE_TEST" ></sec:intercept>
<sec:intercept-url pattern="/*.zul" access="ROLE_TEST"></sec:intercept>

<!-- Invoked when the user clicks the standard logout URL, -->
<!-- that is, "j_spring_security_logout" -->
<sec:logout logout-success-url="${cas.url}/logout" invalidate-session="true"></sec:logout>
</sec:http>

<!-- Handles a logout request from the CAS server -->
<bean id="casSingleSignOutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter" >
<sec:custom-filter before="CAS_PROCESSING_FILTER"></sec:custom>
</bean>

<!-- Declare an authentication manager; it will look for authentication
providers -->
<sec:authentication-manager alias="authenticationManager" ></sec:authentication>

<!-- CAS processing filter, does the bulk of the work -->
<bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter">
<sec:custom-filter after="FIRST"></sec:custom>
<property name="authenticationManager" ref="authenticationManager" ></property>
<property name="authenticationFailureUrl" value="/" ></property>
<property name="defaultTargetUrl" value="/" ></property>
</bean>

<!-- Where do we go when we need authentication -->
<bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint">
<property name="loginUrl"
value="${cas.url}/login" ></property>
<property name="serviceProperties" ref="serviceProperties" ></property>
</bean>

<!-- Which service (application) we are authenticating -->
<bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties">
<!-- "j_spring_cas_security_check" is a standard URL -->
<!-- Note that interaction goes through HTTPS -->
<property name="service" value="${service.url}/j_spring_cas_security_check" ></property>
<!-- set "sendRenew" to false for single sign on, -->
<!-- to true if login should be mandatory -->
<property name="sendRenew" value="false" ></property>
</bean>

<!-- Provides authentication services to the CAS processing filter -->
<bean id="casAuthenticationProvider"
class="org.springframework.security.providers.cas.CasAuthenticationProvider">
<sec:custom-authentication-provider ></sec:custom>
<property name="userDetailsService" ref="userDetailsService" ></property>
<property name="serviceProperties" ref="serviceProperties" ></property>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0"
value="${cas.url}" ></constructor>
</bean>
</property>
<property name="key" value="0xFFF-1" ></property>
</bean>

<!-- Log failed authentication attempts to commons-logging -->
<bean id="loggerListener"
class="org.springframework.security.event.authentication.LoggerListener" ></bean>

<!-- User details service implementation -->
<bean id="userDetailsService" class="my.UserDetailsService">
<constructor-arg index="0" type="java.lang.String" value="${system}"></constructor>
</bean>

My main doubt is focused in the use of the "zkau" url interception.

Any ideas?

Thanks!

delete flag offensive retag edit

1 Reply

Sort by ยป oldest newest

answered 2012-06-29 10:23:27 +0800

paowang gravatar image paowang
140 6

What versions of ZK and Spring security you use?
Can you provide any other code for reproducing?

link publish delete flag offensive edit
Your reply
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Question tools

Follow

RSS

Stats

Asked: 2012-06-22 10:00:33 +0800

Seen: 313 times

Last updated: Jun 29 '12

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More