Edit the spring-security.xml file found in the EDX_HOME\config\security\ebilling
\. Update the following:
- Add a CAS entry point to the security:http statement:
<security:http entry-point-ref="casEntryPoint" access-decision-manager-ref="accessDecisionManager">
- Add a CAS custom filter to the security:http statement:
<security:custom-filter position="CAS_FILTER" ref="casFilter" />
- Add beans
serviceProperties
, casFilter
, and casEntryPoint
:
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service">
<value>
https://your_server_name:7062/ebilling/j_spring_cas_security_check
</value>
</property>
<property name="sendRenew" value="false"/>
</bean>
<bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
</bean>
<bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="https://your_server_name:8443/cas-server-webapp-3.4.11/login"/>
<property name="serviceProperties" ref="serviceProperties"/>
</bean>
- Set the service value to the URL of your Oracle Self-Service E-Billing application. Set the login URL value to the URL of your CAS server login.
- Update the authentication provider:
<security:authentication-provider ref="casAuthenticationProvider" />
- Add the bean
casAuthenticationProvider
:
<bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="authenticationUserDetailsService">
<bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<constructor-arg ref="userDetailsService" />
</bean>
</property>
<property name="serviceProperties" ref="serviceProperties" />
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Saml11TicketValidator">
<constructor-arg index="0" value="https://your_server_name:8443/cas-server-webapp-3.4.11" />
</bean>
</property>
<property name="key" value="an_id_for_this_auth_provider_only"/>
</bean>
- Add a custom filter for single logout:
<security:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/>
<security:custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
<security:logout logout-success-url="/nonAuth/logout.action"/>
<security:form-login login-page="/nonAuth/login.action" default-target-url="/reporting/reportStart.action" authentication-failure-url="/nonAuth/login.action?login_error=1"/>
- Add the filter definitions:
<!-- This filter handles a Single Logout Request from the CAS Server -->
<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
<bean id="requestSingleLogoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<constructor-arg value="https://your_server_name:8443/cas-server-webapp-3.4.11/logout?service=https://your_server_name:7062/ebilling"/>
<constructor-arg>
<bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
</constructor-arg>
<property name="filterProcessesUrl" value="/j_spring_cas_security_logout"/>
</bean>
- Set the URL of your CAS server.