Announcement Announcement Module
Collapse
No announcement yet.
CAS Jdbc provider Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • CAS Jdbc provider

    Hi all,

    I seem to be running into a wall trying to get CAS to make use of my existing tables which contain the required user information.

    Below is the tale of my attempts at glory

    Using the default configs provided in the CAS 3.3.1 distribution, I replaced

    Code:
    <bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
       <property name="userMap">
    	<value>
    		sysadmin=123456,ROLE_USER,ROLE_ADMIN
    		user=user,ROLE_USER
    	</value>
      </property>
    </bean>
    with

    Code:
    <bean id="jdbcDaoImpl"  class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
      <property name="dataSource">
    	<ref bean="myDS" />
      </property>
      <property name="authoritiesByUsernameQuery">
    	<value>
    <![CDATA[SELECT username, authority FROM GRANTED_AUTHORITIES WHERE username = ? ORDER BY authority]]>
    	</value>
      </property>
      <property name="usersByUsernameQuery">
           <value>
    <![CDATA[SELECT username, password, enabled FROM USERS WHERE username = ? ORDER BY username]]>
    	</value>
      </property>
    </bean>
    I also added the datasource and password encoder as required and changed the daoAuthenticationProvider to look like so

    Code:
    <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
    <property name="userDetailsService"><ref local="jdbcDaoImpl"/></property>
    	<property name="passwordEncoder"><ref bean="passwordEncoder"/> </property>
    </bean>
    These changes were made in the /WEB-INF/applicationContext.xml file.

    In order to appease the demands of /WEB-INF/spring-configuration/securityContext.xml, I needed to add the following bean to /WEB-INF/deployerConfigContext.xml

    Code:
    <bean id="userDetailsService" class="org.springframework.security.userdetails.jdbc.JdbcDaoImpl">
    ....
    </bean>
    Its the same as before except that I needed to change it from Acegi Security to Spring Security.

    And after all that, when attempting to log in I get the following words of advice

    HTML Code:
    The credentials you provided cannot be determined to be authentic.
    SO.. I'm fresh out of ideas. My kungfu doesnt appear to be very strong today and that leaves me with only all you guys and gals to help me out ;-)

  • #2
    Hey reegz,

    It seems like you might be confusing the acegi/spring-security classes with CAS's own authentication handlers. CAS server doesn't use UserDetails; the CAS client in your secured web-apps certainly does, as that's where authorization checks will happen.

    We've configured the cas-server-webapp (currently we use version 3.1.1) to use our custome tables by changing the authenticationHandlers configuration in deployerConfigContext.xml, for example:

    Code:
    <property name="authenticationHandlers">
      <list>
        <!--
            | This is the authentication handler that authenticates services by means of callback via SSL, thereby validating
            | a server side SSL certificate.
    	+-->
        <bean
            class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
            p:httpClient-ref="httpClient" />
    
        <bean
            class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler"
            p:dataSource-ref="authnDatasource"
            p:tableUsers="OurCustomTableName"
            p:fieldUser="username"
            p:fieldPassword="password">
            <property name="passwordEncoder">...</property>
        </bean>
      </list>
    </property>
    I don't recall that we had to modify anything in the WEB-INF/spring-configuration directory.

    HTH,
    Doug

    Comment

    Working...
    X