I have CAS 3 Spring 3.2 and Spring Security 3.2 running on tomcat 7 with a MySQL database.
We use the MySQL database with CAS to authenticate users, then we pass attributes after successful, we get those details from a database called say"sso"
<bean id="attributeRepository" class="org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao">
<constructor-arg index="0" ref="dataSource"/>
<constructor-arg index="1" value="select * from user where {0}" />
<property name="queryAttributeMapping">
<map>
<entry key="username" value="user_name" />
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="user_name" value="username" />
<entry key="full_name" value="fullname" />
</map>
</property>
</bean>
After that what we want to do is get the username from those attributes, then go to an application specific database say called "app".
So what we want to do is get the username from CAS after successful authentication, then get its roles from the database.
How can we do that correctly ?
UPDATE
Ok now what I have tried so far and I don't really know is that valid or not.
I have implemented UserDetailsService and I created a UserEntityDetails which extends my UserEntity and Implements UserDetails, Then I used my UserDetailsService to load my custom created class.
Then in my XML I made this
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="casAuthProvider" user-service-ref="DBUserServiceDetails" />
</security:authentication-manager>
Is this the right way to do it ?
Unless I'm misunderstanding your question, what you're asking for is the normal usage pattern - the CasAuthenticationProvider is configured with a UserDetailsService which loads the roles from a local database rather than CAS.
If you take a look at the CAS sample application configuration, you would simply replace the userService bean with your own implementation which loaded the user information from your application-specific database.