----- Исходное сообщение ----- От: "Marvin S. Addison" <[email protected]> Кому: [email protected] Отправленные: Среда, 28 Март 2012 г 18:37:56 Тема: Re: [cas-dev] needs custom PasswordEncoder
> So i need encode() interface that receives on input two parameters: > user password and salt. Salt may be obtained from database by > splitting user password hash and take first 8 characters. I was > confused that DefaultPasswordEncoder.encode() had only one argument: > user password. So where do i start to develop this extension? We simply don't support salted password hashes at present, but we ought to. You'll have to roll your own solution if you want this immediately, but I'd be willing to consider out-of-the-box support for this for the 3.5 release. Not saying it will happen since it might be too disruptive or take too much effort for the time remaining for that release, but I think it's an important feature that should be a high priority. If you're interested in out-of-box support, open a Jira issue, https://issues.jasig.org/browse/CAS, and assign it to me and I'll consider whether we could make this happen for 3.5. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev Thanks for the reply. Today I implemented what i want. My work based on QueryDatabaseAuthenticationHandler implementation. Unfortunately I'm not a java programmer but system administrator only. So my code may not be entirely correct in terms of architecture CAS but it really works. Thanks to all, I'll see at the JIRA. And may be the code would be useful to someone. Using cas 3.4.11 File cas-server-support-jdbc/src/main/java/org/jasig/cas/adaptors/jdbc/BitrixDatabaseAuthenticationHandler.java /* * Copyright 2007 The JA-SIG Collaborative. All rights reserved. See license * distributed with this file and available online at * http://www.ja-sig.org/products/cas/overview/license/ */ package org.jasig.cas.adaptors.jdbc; import org.jasig.cas.authentication.handler.AuthenticationException; import org.jasig.cas.authentication.principal.UsernamePasswordCredentials; import org.springframework.dao.IncorrectResultSizeDataAccessException; import javax.validation.constraints.NotNull; public final class BitrixDatabaseAuthenticationHandler extends AbstractJdbcUsernamePasswordAuthenticationHandler { @NotNull private String sql; protected final boolean authenticateUsernamePasswordInternal(final UsernamePasswordCredentials credentials) throws AuthenticationException { final String username = getPrincipalNameTransformer().transform(credentials.getUsername()); String password = credentials.getPassword(); //??? String bitrixPassword = "0"; String salt = "0"; try { bitrixPassword = getJdbcTemplate().queryForObject( this.sql, String.class, username); } catch (final IncorrectResultSizeDataAccessException e) { // this means the username was not found. return false; } //If hash is 40byte long, salt is present and using salted hashing, otherwise treat hash as simple MD5-hash if (bitrixPassword.length() == 40) { salt = bitrixPassword.substring(0, 8); password = salt + password; } String encryptedPassword = this.getPasswordEncoder().encode( password); if (bitrixPassword.length() == 40) { encryptedPassword = salt + encryptedPassword; } return bitrixPassword.equals(encryptedPassword); } /** * @param sql The sql to set. */ public void setSql(final String sql) { this.sql = sql; } } And I configured BitrixDatabaseAuthenticationHandler instead of QueryDatabaseAuthenticationHandler in deployerConfigContext.xml Regards, Igor Fedorischev. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
