Configuring Spring Security CAS Providers with Java Config
Configuring Spring Security to use CAS as a provider is pretty easy following the example in the documentation. However, once it’s time to start a new Boot project or move the old XML configuration to Java, it can take a little digging to get it running.
Below is the (nearly) equivalent Java configuration to the documentation:
Notice I said “nearly equivalent”. The documentation uses an in-memory version of UserDetailsService to provide simple login with this markup:
This is usually handled in Java config easily by calling the inMemoryAuthentication() method on the AuthenticationManagerBuilder (in the last configure() method from the gist above). However, the CasAuthenticationProvider deprecated the use of UserDetailsService in favor of AuthenticationUserDetailsService, so we will just create an implementation. The implementation below hardcodes the same user from the old user-service element that will be logged in after successful CAS authentication:
This bean is defined on line 24 and injected into the CasAuthenticationProvider on line 16. This is obviously just a toy implementation to get up and running, but this class is what you can use to do the lookup on users to load their authorities for the application.