I'm in the process of moving my application from Spring Security's CAS client to JASIG's Java CAS client. This was due to our security group adding some custom functionality to the JASIG version.
I've seen on JASIG's website the examples of how to configure the CAS client using Spring's configuration. I've used this example:
https://wiki.jasig.org/display/CASC/Using+the+CAS+Client+3.1+with+Spring+Security
I'm using STS and it complains about numerous lines being incorrect or deprecated. Also, when using the spring security CAS client I configured my roles as part of the <sec:http> block using intercept-url tags like this:
<sec:intercept-url pattern="/api/**" access="hasAnyRole('ROLE_OPERATOR', 'ROLE_ADMINISTRATOR')" method="GET" />
However, in the example the roles are configured in the FilterSecurityInterceptor bean and while it uses the sec:intercept-url tags the expressions don't work.
I believe the issue is that the example is from an earlier version of spring security but I'm using a newer version.
Does anyone know of an updated version of the configuration for the above sample? I know I need to upgrade my config from what the example shows but I'm not a full time security guy, just a developer tasked with doing this move, so I don't live an breath this stuff every day. Any help would be greatly appreciated.
My env: Spring Source Framework v3.2.2 Spring Security v3.1.4 JASIG CAS Client v3.2.1
-Richard Ward
