The CAS documentation for Spring Security is vague and contains a few errors.
First, the <bean id="casAuthenticationProvider"> element contains the tag <security:custom-authentication-provider /> which is not allowed by the spring-security-3.0.xsd.
I have configured the authentication provider accordingly:
Second, the <security:http> section can be more specific IMHO. I have configured it like shown below. I don`t know if this is 'the' way to configure it, but it works.
<security:http entry-point-ref="casAuthenticationEntryPoint" auto-config="true">
<security:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></security:custom-filter>
Third, the <bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter"> contains the properties <property name="authenticationFailureUrl" value="/casfailed.jsp"/> and <property name="defaultTargetUrl" value="/"/> which do not exist anymore.
Once you have figured this out, it works really great