Let's bring in the bean references that we have done in the previous step to the Spring Security configuration file. Create a new Java file called SpringSecurityConfig and add member variables. After that, create a constructor with @Autowired annotation as follows:
private AuthenticationProvider authenticationProvider;
private AuthenticationEntryPoint authenticationEntryPoint;
@Autowired
public SpringSecurityConfig(CasAuthenticationProvider casAuthenticationProvider,
AuthenticationEntryPoint authenticationEntryPoint) {
this.authenticationProvider = casAuthenticationProvider;
this.authenticationEntryPoint = authenticationEntryPoint;
}
When a user accesses a client application that is secured by a CAS server, the configured bean AuthenticationEntryPoint is triggered, and the user is taken to the CAS server URL that is configured in this bean. Once the user enters credentials and submits the page, the CAS server authenticates the user and creates a service ticket. This ticket is now appended to the URL and the user is taken to the requested client application. The client application uses the TicketValidator bean to validate the ticket with the CAS server and, if valid, allows user to access the requested page.
We need to override a couple of important methods before we configure our HTTP security. The first method uses AuthenticationManagerBuilder, in which we tell it to use our AuthenticationProvider. Please create the method as follows:
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider);
}
We now override another method that indicates to the AuthenticationManager to put our created AuthenticationProvider in it:
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return new ProviderManager(Arrays.asList(authenticationProvider));
}
We are now ready to create a filter named CasAuthenticationFilter (as a bean), which actually intercepts the requests and does CAS ticket validation.