Running Spring Security's CAS and PreAuth Samples in STS

Introduction
In the previous blog I wrote about how to setup a Spring Security workspace with Spring Tool Suite. Most of the sample applications can now run just by right clicking the sample application and selecting Run As -> Run on Server. Thanks to AJDT all the aspects are even woven automatically for you. There are a few things that need to be done in order to run spring-security-samples-cassample and spring-security-samples-preauth within Spring Tool Suite. In this post I will discuss each of them in turn.

Setting Up Tomcat in STS
First you need to integrate STS with Tomcat.

• Download an instance of Tomcat. In the example we use Tomcat 7.0.12
• Open the Servers view (i.e. Window -> Show Views -> Other..., Server->Servers)
• In the Servers view right click and select New -> Server
• Select Apache->Tomcat 7
• Select Next
• Fill out the Tomcat location and if you are using Tomcat 7 ensure you are using JDK 1.6 (Eclipse will display an error if you do not meet this requirement)
• Click Finish

Spring Security CAS Sample
In this section I will discuss how to run the CAS Sample using STS on Tomcat. I will not cover how to deploy the CAS Server in STS. Instead, we will use gradle to run the CAS Server on Jetty.

Setting Up HTTPS
CAS uses SSL handshakes for authentication; thus it requires HTTPS to be setup. To setup HTTPS you will need to update the Tomcat server.xml file.

• Within the Package Explorer, navigate to Servers -> Server Name (i.e. Tomcat v7.0 Server at localhost-config) -> server.xml
• Find scheme="https" with the server.xml. You should see something that looks like the following:

  <!--
      <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                 maxThreads="150" scheme="https" secure="true"
                 clientAuth="false" sslProtocol="TLS" />
      -->

• Uncomment the Connector
• Add the keystoreFile to point to the Spring Security's samples/certficates/server.jks
• Specify the keystorePass as password
• The result should look something like this:

  <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" 
      maxThreads="150" scheme="https" secure="true"
      clientAuth="false" sslProtocol="TLS" 
      keystoreFile="/home/rwinch/spring-security/samples/certificates/server.jks"
      keystorePass="password"/> 

Setting Up Trusted Certificates
Tomcat can now accept SSL connections on port 8443, but if you try and make an SSL connection to the CAS Server to validate a Service Ticket, the SSL handshake will fail. In this section, we will modify the System Properties of the Tomcat instance, so that the CAS Service will be able to validate Service Tickets. Please keep in mind if your CAS Server is using a certificate that is different than the one provided with Spring Security, you will need to point to that certificate and use its password instead.

• If the Servers view is not open, open it (i.e. Window -> Show View -> Other, Server-> Servers)
• Double click on the Server (i.e. Tomcat v7.0 Server at localhost)
• Click the Open Launch Configuration link within the Overview tab
• Select the Arguments tab
• In the VM arguments section specify system arguments to specify the trust store and its password. Note that the arguments are separated by a space. An example is -Djavax.net.ssl.trustStore=/home/rwinch/spring-security/samples/certificates/server.jks -Djavax.net.ssl.trustStorePassword=password

Starting the CAS Server
The next step is to start the CAS Server using the gradle wraper.

• Open a command prompt and navigate to where you downloaded Spring Security.
• Execute .\gradlew.bat casServer for Windows or ./gradlew casServer for other Operating System  

Running the CAS Sample
Now you should be able to run the CAS sample application on the server.

• Click the spring-security-samples-cassample and drag it to the Server you setup (i.e. Tomcat v7.0 Server at localhost)
• Select the spring-security-samples-cassample project and perform a clean on it (i.e. Project->Clean..., Clean projects selected below, OK). This ensures that the updated server configuration gets published. You should also double check that the Server's status is Republish.
• Select the Server and click the Run or Debug button
• Navigate to https://localhost:8443/cas-sample/ 
• Enter in a username / password (i.e. rod/rod)
• You should be able to navigate the CAS application.

Spring Security PreAuth Sample
In this section I will discuss how to setup Tomcat to run the Spring Security PreAuth Sample and then run it within STS.
Update the tomcat-users.xml
Tomcat has other methods for managing users, but we will stick to the most basic...modifying tomcat-users.xml

• Open tomcat-users.xml by navigating to Servers -> Server Name (i.e. Tomcat v7.0 Server at localhost-config) -> tomcat-users.xml
• Paste the following into tomcat-users.xml
  

  <tomcat-users>
    <role rolename="ROLE_SUPERVISOR"/>
    <role rolename="ROLE_USER"/>
    <user username="rod" password="koala" roles="ROLE_SUPERVISOR,ROLE_USER"/>
    <user username="scott" password="wombat" roles="ROLE_USER"/>
    <user username="username" password="password" roles="role1"/>
  </tomcat-users>  

Running the PreAuth Sample

• Click the spring-security-samples-preauth and drag it to the Server you setup (i.e. Tomcat v7.0 Server at localhost)
• Select the spring-security-samples-preauth project and perform a clean on it (i.e. Project->Clean..., Clean projects selected below, OK). This ensures that the updated server configuration gets published. You should also double check that the Server's status is Republish.
• Select the Server and click the Run or Debug button
• Navigate to https://localhost:8443/preauth/ 
• Enter in a username / password (i.e. rod/koala)
• You should be able to navigate the PreAuth application.