Getting a Loop Redirect with Spring Security + CAS, but should be working

pom.xml

<spring.version>4.3.2.RELEASE</spring.version>
<spring.security.version>4.1.3.RELEASE</spring.security.version>

spring-security.xml

<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
    <!-- spring security 3.x -->
    <!--
    <property name="service" value="http://localhost:8080/j_spring_cas_security_check"/>
    -->
    <property name="service" value="http://localhost:8080/login/cas"/>
    <property name="sendRenew" value="false"/>
</bean>

Reference:

Migrating from Spring Security 3.x to 4.x (XML Configuration)

Migrating from Spring Security 3.x to 4.x (Java Configuration)

The CasAuthenticationFilter filterProcessesUrl property default value changed from "/j_spring_cas_security_check" to "/login/cas". This means if the filterProcessesUrl property is not explicitly specified, then the configuration will need updated. For example, if an application using Spring Security 3.2.x contains a configuration similar to the following:

CasAuthenticationFilter filter = new CasAuthenticationFilter();
filter.setAuthenticationManager(authenticationManager);

The configuration will need to be updated to something similar to the following when Spring Security 4.x:

xml config:

<bean id="casFilter"
        class="org.springframework.security.cas.web.CasAuthenticationFilter">
    <b:property name="authenticationManager" ref="authenticationManager"/>
    <b:property name="filterProcessesUrl" value="/j_spring_cas_security_check"/>
</bean>

java config:

CasAuthenticationFilter filter = new CasAuthenticationFilter();
filter.setFilterProcessesUrl("/j_spring_cas_security_check");
filter.setAuthenticationManager(authenticationManager);

Alternatively, the ServiceProperties can be updated to use the new default:

xml config:

<bean id="serviceProperties"
        class="org.springframework.security.cas.ServiceProperties">
    <property name="service"
            value="https://example.com/cas-sample/login/cas"/>
</bean>

java config:

ServiceProperties properties = new ServiceProperties();
properties.setService("https://example.com/cas-sample/login/cas");

Since Spring Security 4.x, the endpoint for CAS changed from /j_spring_cas_security_check to /login/cas (cf. https://stackoverflow.com/a/35136587/3585320)