Configure a CAS with Spring (Boot) without web.xml

Question

I'm porting a WebApp from Spring 3 to Spring 4 with Boot.

The original web.xml below

<listener>
 <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>

<filter>
 <filter-name>CAS Authentication Filter</filter-name>
 <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
 <init-param>
    <param-name>casServerLoginUrl</param-name>
    <param-value>https://casserver/login</param-value>
 </init-param>
 <init-param>
    <param-name>serverName</param-name>
    <param-value>http://myapp</param-value>
 </init-param>
</filter>

<filter>
 <filter-name>CAS Validation Filter</filter-name>
 <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
 <init-param>
    <param-name>casServerUrlPrefix</param-name>
    <param-value>https://casserver/login</param-value>
 </init-param>
 <init-param>
    <param-name>serverName</param-name>
    <param-value>http://myapp</param-value>
 </init-param>
 <init-param>
    <param-name>encoding</param-name>
    <param-value>UTF-8</param-value>
 </init-param>
</filter>

<filter>
 <filter-name>CAS Single Sign Out Filter</filter-name>
 <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>

<filter-mapping>
 <filter-name>CAS Single Sign Out Filter</filter-name>
 <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
 <filter-name>CAS Authentication Filter</filter-name>
 <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
 <filter-name>CAS Validation Filter</filter-name>
 <url-pattern>/*</url-pattern>
</filter-mapping>

<session-config>
 <session-timeout>90</session-timeout>
</session-config>

<context-param>
 <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
 <param-value>messages</param-value>
</context-param>

I'm trying to register all filters, listeners and mappings inside my AppConfic class (below and NOT complete since it's already not working...)

@Configuration
public class MyWebApplicationInitializer implements ServletContextInitializer  {

    @Override
    public void onStartup(ServletContext servletContext) {
        servletContext.addListener(new SingleSignOutHttpSessionListener());

        Cas20ProxyReceivingTicketValidationFilter cas20 = new Cas20ProxyReceivingTicketValidationFilter();
        cas20.setServerName("http://myapp");

        AuthenticationFilter authenticationFilter = new AuthenticationFilter();
        authenticationFilter.setCasServerLoginUrl("https://casserver");
        authenticationFilter.setServerName("http://myapp");

        servletContext.addFilter("CAS Authentication Filter", authenticationFilter);
        servletContext.addFilter("CAS Validation Filter", cas20);
        servletContext.addFilter("CAS Single Sign Out Filter", new SingleSignOutFilter());
    }
}

1/ CAS20 instanciation problem

I can't define cas20 casServerUrlPrefix... There's no setter ?!

2/ AuthenticationFilter problem

Even with serverName defined, during startup, the following error occurs :

java.lang.IllegalArgumentException: serverName or service must be set.
    at org.jasig.cas.client.util.CommonUtils.assertTrue(CommonUtils.java:116) ~[cas-client-core-3.2.1.jar:3.2.1]
    at org.jasig.cas.client.util.AbstractCasFilter.init(AbstractCasFilter.java:103) ~[cas-client-core-3.2.1.jar:3.2.1]
    at org.jasig.cas.client.authentication.AuthenticationFilter.init(AuthenticationFilter.java:96) ~[cas-client-core-3.2.1.jar:3.2.1]
    at org.jasig.cas.client.util.AbstractCasFilter.init(AbstractCasFilter.java:84) ~[cas-client-core-3.2.1.jar:3.2.1]
    at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:279) ~[tomcat-embed-core-8.0.28.jar:8.0.28]
    at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:109) ~[tomcat-embed-core-8.0.28.jar:8.0.28]

Is it possible to define inside a ServletContextInitializer this kind of filters ? Do I have to load a xml (dispatcher-servlet.xml like ?)

Answer 1

I strongly suggest a read on the Servlet 3.0 spec and how that works that web.xml can be ported perfectly fine if you know what you are doing. You just need to specify the init parameters on the registration instead.

<filter>
 <filter-name>CAS Validation Filter</filter-name>
 <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
 <init-param>
    <param-name>casServerUrlPrefix</param-name>
    <param-value>https://casserver/login</param-value>
 </init-param>
 <init-param>
    <param-name>serverName</param-name>
    <param-value>http://myapp</param-value>
 </init-param>
 <init-param>
    <param-name>encoding</param-name>
    <param-value>UTF-8</param-value>
 </init-param>
</filter>

with this

<filter-mapping>
 <filter-name>CAS Validation Filter</filter-name>
 <url-pattern>/*</url-pattern>
</filter-mapping>

Would lead to roughly the following in Java and using a WebApplicationInitializer .

@Configuration
public class MyWebApplicationInitializer implements ServletContextInitializer  {

    @Override
    public void onStartup(ServletContext sc) {
        FilterRegistration.Dynamic cas20Registration = sc.addFilter("CAS Validation Filter", Cas20ProxyReceivingTicketValidationFilter.class);
        cas20Registration.setInitParameter("casServerUrlPrefix casServerUrlPrefix", "https://casserver/login");
        cas20Registration.setInitParameter("serverName", "http://myapp");
        cas20Registration.setInitParameter("encoding", "UTF-8");
        cas20Registration.addMappingForUrlPatterns(null, false, "/*");
    }
}

The above is a 1-on-1 translation of the xml to java. Which should give you an idea of the other filters.

However you are using Spring Boot which makes it easier. Just create a @Bean method which returns a FilterRegistrationBean for the desired filters. See also the appropriate section in the Spring Boot Reference Guide.

@Bean
public FilterRegistrationBean cas20Registration() {
    FilterRegistrationBean cas20 = new FilterRegistrationBean();
    cas20.setFilter(new Cas20ProxyReceivingTicketValidationFilter());
    cas20.addUrlPatterns("/*");
    cas20.addInitParameter("casServerUrlPrefix casServerUrlPrefix", "https://casserver/login");
    cas20.addInitParameter("serverName", "http://myapp");
    cas20.addInitParameter("encoding", "UTF-8");        
    return cas20;
}

You can do the same for the other filters, listeners and needed components.

There is one thing however you cannot do with java based configuration and that is setting the session timeout value. However you can simply move that to the application.properties and add the server.session.timeout property. You will need to multiple the value with 60 as in web.xml it is in minutes and in the properties file it is expected to be in seconds.

server.session.timeout=5400 # 90 minutes