Hello.
Please advise me in problem. I need to develop custom
PasswordEncoder to authenticate users via mysql database by
QueryDatabaseAuthenticationHandler.
It's uses passwords hashing algorithm (pseudocode):
1. Generates 8byte random salt
2. temp_result = concat($salt AND $password)
3. result = concat($salt AND md5($temp_result));
4. Wrote database: user login and his $result.
So i need encode() interface that receives on input two parameters: user
password and salt. Salt may be obtained from database by splitting user
password hash and take first 8 characters. I was confused that
DefaultPasswordEncoder.encode() had only one argument: user password. So where
do i start to develop this extension? Thanks.
Below parts of my deployerConfigContext.xml, setup with
DefaultPasswordEncoder(md5 only) now:
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="bitrixDataSource" />
<property name="sql" value="select password from b_user where login=?"
/>
<property name="passwordEncoder" ref="defltPasswordEncoder" />
</bean>
<bean id="bitrixDataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName"
value="com.mysql.jdbc.Driver"></property>
<property name="url"
value="jdbc:mysql://bsu-bitrix.bsu.edu.ru/bitrix"></property>
<property name="username" value="marenov"> </property>
<property name="password" value="bitrix123"> </property>
</bean>
<bean id="defltPasswordEncoder"
class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" >
<constructor-arg index="0">
<value>MD5</value>
</constructor-arg>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev
