Getting a Loop Redirect with Spring Security + CAS, but should be working
pom.xml
<spring.version>4.3.2.RELEASE</spring.version>
<spring.security.version>4.1.3.RELEASE</spring.security.version>
spring-security.xml
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<!-- spring security 3.x -->
<!--
<property name="service" value="http://localhost:8080/j_spring_cas_security_check"/>
-->
<property name="service" value="http://localhost:8080/login/cas"/>
<property name="sendRenew" value="false"/>
</bean>
Reference:
Migrating from Spring Security 3.x to 4.x (XML Configuration)
Migrating from Spring Security 3.x to 4.x (Java Configuration)
The CasAuthenticationFilter filterProcessesUrl property default value changed from "/j_spring_cas_security_check" to "/login/cas". This means if the filterProcessesUrl property is not explicitly specified, then the configuration will need updated. For example, if an application using Spring Security 3.2.x contains a configuration similar to the following:
CasAuthenticationFilter filter = new CasAuthenticationFilter();
filter.setAuthenticationManager(authenticationManager);
The configuration will need to be updated to something similar to the following when Spring Security 4.x:
xml config:
<bean id="casFilter"
class="org.springframework.security.cas.web.CasAuthenticationFilter">
<b:property name="authenticationManager" ref="authenticationManager"/>
<b:property name="filterProcessesUrl" value="/j_spring_cas_security_check"/>
</bean>
java config:
CasAuthenticationFilter filter = new CasAuthenticationFilter();
filter.setFilterProcessesUrl("/j_spring_cas_security_check");
filter.setAuthenticationManager(authenticationManager);
Alternatively, the ServiceProperties can be updated to use the new default:
xml config:
<bean id="serviceProperties"
class="org.springframework.security.cas.ServiceProperties">
<property name="service"
value="https://example.com/cas-sample/login/cas"/>
</bean>
java config:
ServiceProperties properties = new ServiceProperties();
properties.setService("https://example.com/cas-sample/login/cas");
Since Spring Security 4.x, the endpoint for CAS changed from /j_spring_cas_security_check
to /login/cas
(cf. https://stackoverflow.com/a/35136587/3585320)