How to integrate CAS authentication with spring security?

Question

I have integrated spring security into my project and I was previously authenticating user details using hibernate. Now I have to do it using CAS. This is my current Spring security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:aop="http://www.springframework.org/schema/aop"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="
        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
        http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
        http://www.springframework.org/schema/mvc
        http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
        http://www.springframework.org/schema/beans 
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security 
        http://www.springframework.org/schema/security/spring-security-3.1.xsd
        ">



    <global-method-security pre-post-annotations="enabled" />

    <http pattern="/css/**" security="none"/>
    <http pattern="/images/**" security="none"/>
    <http pattern="/js/**" security="none"/>
    <http pattern="/index.jsp" security="none"/>
    <http pattern="/app/addNewUser.json" security="none"/>
    <http pattern="/dbcomplogin.jsp" security="none"/>
    <http pattern="/loggedout.jsp" security="none"/>

    <http use-expressions="true">
        <!--
             Allow all other requests. In a real application you should
             adopt a whitelisting approach where access is not allowed by default
          -->
        <intercept-url pattern="/**" access="isAuthenticated()" />
        <form-login login-page='/dbcomplogin.jsp'
          authentication-failure-url="/dbcomplogin.jsp?login_error=1"
          default-target-url="/index.jsp" />
        <logout logout-success-url="/loggedout.jsp" delete-cookies="JSESSIONID"/>
        <remember-me />

    </http>

    <beans:bean id="myUserService" class="com.tcs.ceg.services.impl.UserServiceImpl" />
    <authentication-manager>
    <authentication-provider user-service-ref="myUserService" />
    </authentication-manager>

</beans:beans>

in UserServiceImpl class "loadUserByUsername" method I am using Hibernate call to get user details from DB and I was returning the username,password if they exist in DB.

But now I have to do it using CAS server . Please tell me what all I need to change in my spring-security.xml so that, if the user is not authenticated the login page of CAS server will be opened and on click of logout the single logout will take place and logout page of CAS server will open. I am new to CAS and spring security so kindly help me.

Answer 1

Have you had a chance to review this link: http://static.springsource.org/spring-security/site/docs/3.0.x/reference/cas.html ?

The documentation walks you through how to configure the CAS client w/ Spring Security.

Answer 2

Look at the alias you are using for importing beans namespace. If your xml has configuration as xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" use it with the alias name as beans:bean