You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Fix java 11 build error due to incompatibility between lombok and javadoc ([#146](https://github.com/kakawait/cas-security-spring-boot-starter/issues/146))
@@ -111,12 +111,12 @@ The supported properties are:
111
111
| `security.cas.proxy-validation.chains` | | Defines proxy chains. Each acceptable proxy chain should include a comma-separated list of URLs (for exact match) or regular expressions of URLs (starting by the ^ character) |
112
112
| `security.cas.server.protocol-version` | `3` | Determine which CAS protocol version to be used, only protocol version 1, 2 or 3 is supported. |
113
113
| `security.cas.server.base-url` | | The start of the CAS server url, i.e. https://localhost:8443/cas |
114
-
| `security.cas.server.validation-base-url` | | Optional, `security.cas.server.base-url` is used if missing. The start of the CAS server url (similar to `security.cas.server.base-url`) used during ticket validation flow. Could be useful when server (your service) to server (CAS server) network is different from your external/browser network (i.e. docker environment, see [docker profile properties](https://github.com/kakawait/cas-security-spring-boot-starter/blob/master/cas-security-spring-boot-sample/src/main/resources/application.yml)). |
114
+
| `security.cas.server.validation-base-url` | | Optional, `security.cas.server.base-url` is used if missing. The start of the CAS server url (similar to `security.cas.server.base-url`) used during ticket validation flow. Could be useful when server (your service) to server (CAS server) network is different from your external/browser network (i.e. docker environment, see [docker profile properties](https://github.com/kakawait/cas-security-spring-boot-starter/blob/master/cas-security-spring-boot-sample/src/main/resources/application.yml)). |
115
115
| `security.cas.server.paths.login` | `/login` | Defines the location of the CAS server login path that will be append to the existing `security.cas.server.base-url` url |
116
116
| `security.cas.server.paths.logout` | `/logout` | Defines the location of the CAS server logout path that will be append to the existing `security.cas.server.base-url` url |
117
117
| `security.cas.service.resolution-mode` | `static` | Resolution modes can be `static` or `dynamic`, by default is `static` and you must fill `security.cas.service.base-url` whereas in `dynamic` mode service url will be generated from receiving `HttpServletRequest`. **Attention** will not override `security.cas.server.validation-base-url` and `security.cas.service.callback-base-url` if defined, see [docker profile properties](https://github.com/kakawait/cas-security-spring-boot-starter/blob/master/cas-security-spring-boot-sample/src/main/resources/application.yml) to get an example. |
118
118
| `security.cas.service.base-url` | | The name of the server this application is hosted on. Service URL will be dynamically constructed using this, i.e. https://localhost:8443 (you must include the protocol, but port is optional if it's a standard port). Skipped if resolution mode is `dynamic`. |
119
-
| `security.cas.service.callback-base-url` | | Optional, `security.cas.service.base-url` is used if missing. Represents the base url that will be used to compute _Proxy granting ticket callback_ (see `security.cas.service.paths.proxy-callback`). It could be useful to be different from `security.cas.service.base-url` when server (CAS server) to server (your service) network is different from your external/browser network (i.e. docker environment, see see [docker profile properties](https://github.com/kakawait/cas-security-spring-boot-starter/blob/master/cas-security-spring-boot-sample/src/main/resources/application.yml)). |
119
+
| `security.cas.service.callback-base-url` | | Optional, `security.cas.service.base-url` is used if missing. Represents the base url that will be used to compute _Proxy granting ticket callback_ (see `security.cas.service.paths.proxy-callback`). It could be useful to be different from `security.cas.service.base-url` when server (CAS server) to server (your service) network is different from your external/browser network (i.e. docker environment, see see [docker profile properties](https://github.com/kakawait/cas-security-spring-boot-starter/blob/master/cas-security-spring-boot-sample/src/main/resources/application.yml)). |
120
120
| `security.cas.service.paths.login` | `/login` | Defines the application login path that will be append to the existing `security.cas.service.base-url` url |
121
121
| `security.cas.service.paths.logout` | `/logout` | Defines the application logout path that will be append to the existing `security.cas.service.base-url` url |
122
122
| `security.cas.service.paths.proxy-callback` | | The callback path that will be, if present, append to the `security.cas.service.callback-base-url` or `security.cas.service.base-url` and add to as parameter inside request validation. **It must be set if you want to receive _Proxy Granting Ticket_ `PGT`**. |
@@ -134,7 +134,7 @@ class CustomCasSecurityConfiguration extends CasSecurityConfigurerAdapter {
134
134
public void configure(CasAuthenticationFilterConfigurer filter) {
135
135
// Here you can configure CasAuthenticationFilter
136
136
}
137
-
137
+
138
138
@Override
139
139
public void configure(CasSingleSignOutFilterConfigurer filter) {
140
140
// Here you can configure SingleSignOutFilter
@@ -144,12 +144,12 @@ class CustomCasSecurityConfiguration extends CasSecurityConfigurerAdapter {
144
144
public void configure(CasAuthenticationProviderSecurityBuilder provider) {
145
145
// Here you can configure CasAuthenticationProvider
146
146
}
147
-
147
+
148
148
@Override
149
149
public void configure(HttpSecurity http) throws Exception {
150
150
// Here you can configure Spring Security HttpSecurity object during init configure
151
151
}
152
-
152
+
153
153
@Override
154
154
public void configure(CasTicketValidatorBuilder ticketValidator) {
155
155
// Here you can configure CasTicketValidator
@@ -181,7 +181,7 @@ class CustomCasSecurityConfiguration extends CasSecurityConfigurerAdapter {
181
181
public void configure(CasAuthenticationFilterConfigurer filter) {
@@ -194,9 +194,9 @@ class CustomCasSecurityConfiguration extends CasSecurityConfigurerAdapter {
194
194
By default starter will configure both _logout_ and _single logout (SLO)_.
195
195
196
196
**ATTENTION** default _logout_ (on `/logout`) behavior will:
197
-
197
+
198
198
1. Logout from application and also logout from CAS server that will logout any other applications.
199
-
2. Keep default Spring security behavior concerning _CSRF_ and _logging out_ to summarize if _CSRF_ is enabled logout will only mapped on `POST`, see https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#csrf-logout for more details
199
+
2. Keep default Spring security behavior concerning _CSRF_ and _logging out_ to summarize if _CSRF_ is enabled logout will only mapped on `POST`, see https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#csrf-logout for more details
200
200
201
201
If you want to change those behaviors, for example by adding a logout page that will propose user to logout from other application, you may configure like following:
202
202
@@ -206,7 +206,7 @@ class CasCustomLogoutConfiguration extends CasSecurityConfigurerAdapter {
206
206
private final CasSecurityProperties casSecurityProperties;
207
207
208
208
private final LogoutSuccessHandler casLogoutSuccessHandler;
209
-
209
+
210
210
public CustomLogoutConfiguration(LogoutSuccessHandler casLogoutSuccessHandler) {
0 commit comments