2012/3/29 Федорищев Игорь Николаевич <[email protected]>
> > > ----- Исходное сообщение ----- > От: "Marvin S. Addison" <[email protected]> > Кому: [email protected] > Отправленные: Среда, 28 Март 2012 г 18:37:56 > Тема: Re: [cas-dev] needs custom PasswordEncoder > > > So i need encode() interface that receives on input two parameters: > > user password and salt. Salt may be obtained from database by > > splitting user password hash and take first 8 characters. I was > > confused that DefaultPasswordEncoder.encode() had only one argument: > > user password. So where do i start to develop this extension? > > We simply don't support salted password hashes at present, but we ought > to. You'll have to roll your own solution if you want this immediately, > but I'd be willing to consider out-of-the-box support for this for the > 3.5 release. Not saying it will happen since it might be too disruptive > or take too much effort for the time remaining for that release, but I > think it's an important feature that should be a high priority. If > you're interested in out-of-box support, open a Jira issue, > https://issues.jasig.org/browse/CAS, and assign it to me and I'll > consider whether we could make this happen for 3.5. > We already have one that was considered out of scope: https://github.com/Jasig/cas/blob/feature-cas4api/cas-server-api/src/main/java/org/jasig/cas/server/authentication/PasswordEncoder.java > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > > Thanks for the reply. Today I implemented what i want. My work based on > QueryDatabaseAuthenticationHandler implementation. Unfortunately I'm not a > java programmer but system administrator only. So my code may not be > entirely correct in terms of architecture CAS but it really works. Thanks > to all, I'll see at the JIRA. And may be the code would be useful to > someone. > > Using cas 3.4.11 > File > cas-server-support-jdbc/src/main/java/org/jasig/cas/adaptors/jdbc/BitrixDatabaseAuthenticationHandler.java > > > /* > * Copyright 2007 The JA-SIG Collaborative. All rights reserved. See > license > * distributed with this file and available online at > * http://www.ja-sig.org/products/cas/overview/license/ > */ > package org.jasig.cas.adaptors.jdbc; > > import org.jasig.cas.authentication.handler.AuthenticationException; > import org.jasig.cas.authentication.principal.UsernamePasswordCredentials; > import org.springframework.dao.IncorrectResultSizeDataAccessException; > > import javax.validation.constraints.NotNull; > > public final class BitrixDatabaseAuthenticationHandler extends > AbstractJdbcUsernamePasswordAuthenticationHandler { > > @NotNull > private String sql; > > protected final boolean authenticateUsernamePasswordInternal(final > UsernamePasswordCredentials credentials) throws AuthenticationException { > final String username = > getPrincipalNameTransformer().transform(credentials.getUsername()); > String password = credentials.getPassword(); > //??? > String bitrixPassword = "0"; > String salt = "0"; > > try { > bitrixPassword = getJdbcTemplate().queryForObject( > this.sql, String.class, username); > } catch (final IncorrectResultSizeDataAccessException e) { > // this means the username was not found. > return false; > } > > //If hash is 40byte long, salt is present and using salted hashing, > otherwise treat hash as simple MD5-hash > if (bitrixPassword.length() == 40) { > salt = bitrixPassword.substring(0, 8); > password = salt + password; > } > > String encryptedPassword = this.getPasswordEncoder().encode( > password); > > if (bitrixPassword.length() == 40) { > encryptedPassword = salt + encryptedPassword; > } > > return bitrixPassword.equals(encryptedPassword); > } > > /** > * @param sql The sql to set. > */ > public void setSql(final String sql) { > this.sql = sql; > } > } > > And I configured BitrixDatabaseAuthenticationHandler instead of > QueryDatabaseAuthenticationHandler in deployerConfigContext.xml > > > Regards, Igor Fedorischev. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
