Hi all. Following up to report success in getting DB authentication to work with our local algorithm. It turned out I was misreading the lack of log messages. As I reported, I did not see any of the log.debug messages being output to the console. This lead me to believe that my version of the QueryAndEncodeDatabaseAuthenticationHandler class was not being called when in fact it was. By putting System.out.println instead of log.debug into the class I was able to debug the new code I had put into the class and successfully authenticate.
So, to recap, if one needs to modify an auth handler to implement a custom passwordEncoder here are the steps: 1) copy it from the original source, 2) make desired mods 3) follow Dmitriy and Ray's guidance regarding the dependencies and package locations which need to be added to build.gradle file in the dependecies section. There could be some "discovery" at this point to find all the dependent packages. Don't give up. 4)save it to the src/main/java/org/aperos/cas path that matches the package that your source was originally. In my case, the file needed to go in src/main/java/org/aperos/cas/adaptors/jdbc directory. CAS build then picked it up. Note that Ray and Dmitriy both pointed this out. Note, because I misread the situation regarding the "overlayed" class, I did try to use the cas.authn.jdbc.encode[0].passwordEncoder.type to implement the custom Encoder but I was not successful. So there are other possibilities to creating a custom encoder and to be honest the passwordEncoder.type is more elegant and I wished it had worked. It likely would have been more maintainable over the long term. But sometimes life is too short and one has to move on. So the short version is that if I have understood and followed Ray and Dmitiry's lead and not been mislead by the logging issue, I could have saved some time. Thanks again. Tom On Sat, Feb 22, 2020 at 9:52 AM Tom Healey <[email protected]> wrote: > Just an update. > I've gotten past the driver issue and am now querying the DB. > But my auth hander is still not being called. To recap, I just put the > code in src/main/java/org/apereo/cas/adaptors/jdbc and I kept the name > QueryAndEncodeDatabaseAuthenticationHandler. > However, CAS is not calling the modified version.I believe this to be true > because I turned on debug logs and logged out some "milestones" within my > class and they never show in the logs, while other debug messages show up > from other classes. > It is the same class name as the existing Authentication handler > QueryAndEncodeDatabaseAuthenticationHandler.java > <https://github.com/apereo/cas/blob/6.1.x/support/cas-server-support-jdbc-authentication/src/main/java/org/apereo/cas/adaptors/jdbc/QueryAndEncodeDatabaseAuthenticationHandler.java> > I*s there some other step I need to include?* > To be clear, I am not modifying this file within the apereo/cas source > tree but within the cas-overlay-template and I have located the source > within the src/main/java/org/apereo/cas/adaptors/jdbc below the > cas-overlay-template path. > > It is compiled and placed in the > build/classes/java/main/org/apereo/cas/adaptors/jdbc directory. It shows up > in the classes directory of the WAR when I unarchive it. (WEB-INF/classes) > So it appears to be built correctly. > BUT... > It does not appear to be loaded by CAS. There are no log entries that > indicate the JDBC authenticator is loaded. The LDAP one logs an entry to > report that it is, so I am assuming that CAS would indicate the JDBC > authenticator would be loaded. > > Is this a stupid Java problem that my lack of remembering how java/CAS > loads classes and as soon as someone offers the answer that works, I will > reply "Of Course!" > > > > > Should I just punt and go through he process of changing that class name > and registering a custom auth handler? > or Is there a way I can specify this class (like we could in the old days > of CAS, before overlays) in the config like: > cas.authn.jdbc.encode[0].handler= > edu.xx.common.cas.QueryAndEncodeDatabaseAuthenticationHandler > > Thanks again for your time. > > Tom > > On Wed, Feb 19, 2020 at 2:22 PM Tom Healey <[email protected]> > wrote: > >> Ray (sorry I called you Bob....) >> I agree something is not configured. >> If I remove my custom class get the same error. >> I did put logging statements in my classes constructor, nothing was >> output because I don't believe its being called because, as you said, >> something is not configured. >> What other config to I need than this? >> >> cas.authn.jdbc.encode[0].saltFieldName=salt >> cas.authn.jdbc.encode[0].sql=select salt,crypted_password from users >> where login=? >> cas.authn.jdbc.encode[0].algorithmName=SHA-1 >> cas.authn.jdbc.encode[0].passwordFieldName=crypted_password >> cas.authn.jdbc.encode[0].url=jdbc:sqlserver://XX.XX.XX.xx:XXXX;database="SQL >> SERVER DB NAME" >> cas.authn.jdbc.encode[0].dialect=org.hibernate.dialect.SQLServerDialect >> cas.authn.jdbc.encode[0].user=XX >> cas.authn.jdbc.encode[0].password=XX >> cas.authn.jdbc.encode[0].driverClass=net.sourceforge.jtds.jdbc.Driver >> cas.authn.jdbc.encode[0].passwordEncoder.type=DEFAULT >> cas.authn.jdbc.encode[0].passwordEncoder.characterEncoding=UTF-8 >> cas.authn.jdbc.encode[0].passwordEncoder.encodingAlgorithm=SHA-1 >> >> I have put >> >> compile >> "org.apereo.cas:cas-server-support-jdbc-authentication:${casServerVersion}" >> compile >> "org.apereo.cas:cas-server-support-jdbc-drivers:${casServerVersion}" >> >> in the dependencies section of the build.gradle. >> I thought that was all. But I needed compile >> "org.apereo.cas:cas-server-support-jdbc:${casServerVersion}" as well. >> Sorry for that... >> Anyways, its calling the default auth handler not my code, yet,but there >> are a number of issues now dealing with the connection itself an the >> driver. >> Thank you for your help so far. >> Tom >> >> >> On Wednesday, February 19, 2020 at 12:28:24 PM UTC-5, rbon wrote: >>> >>> Tom, >>> >>> It sounds like something is not configured. >>> If you remove your custom class, do you get the same error? If so, then >>> configuration is missing. >>> >>> You could put logging statements in your custom class's constructor(s). >>> >>> Ray >>> >>> On Wed, 2020-02-19 at 10:19 -0500, Tom Healey wrote: >>> >>> Thank you Bob and Dmitriy. >>> I have successfully compiled the file. Thanks again. >>> *New problem:* >>> However, CAS is not calling the modified version.I believe this to be >>> true because I turned on debug logs and logged out some "milestones" within >>> my class and they never show in the logs, while other debug messages show >>> up from other classes. >>> It is the same class name as the existing Authentication handler >>> QueryAndEncodeDatabaseAuthenticationHandler.java >>> <https://github.com/apereo/cas/blob/6.1.x/support/cas-server-support-jdbc-authentication/src/main/java/org/apereo/cas/adaptors/jdbc/QueryAndEncodeDatabaseAuthenticationHandler.java> >>> Is there some other step I need to include? >>> To be clear, I am not modifying this file within the apereo/cas source >>> tree but within the cas-overlay-template and I have located the source >>> within the src/main/java/org/apereo/cas/adaptors/jdbc below the >>> cas-overlay-template path. >>> It is compiled and placed in the >>> build/classes/java/main/org/apereo/cas/adaptors/jdbc directory. It shows up >>> in the classes directory of the WAR when I unarchive it. (WEB-INF/classes) >>> So it appears to be built correctly. >>> BUT... >>> It does not appear to be loaded by CAS. There are no log entries that >>> indicate the JDBC authenticator is loaded. The LDAP one logs an entry to >>> report that it is, so I am assuming that CAS would indicate the JDBC >>> authenticator would be loaded. >>> Here is the cas.properties file entry. >>> >>> cas.authn.jdbc.encode[0].saltFieldName=salt >>> cas.authn.jdbc.encode[0].sql=select salt,crypted_password from users >>> where login=? >>> cas.authn.jdbc.encode[0].algorithmName=SHA-1 >>> cas.authn.jdbc.encode[0].passwordFieldName=crypted_password >>> cas.authn.jdbc.encode[0].url=jdbc:sqlserver://XX.XX.XX.xx:XXXX;database="SQL >>> SERVER DB NAME" >>> cas.authn.jdbc.encode[0].dialect=org.hibernate.dialect.SQLServerDialect >>> cas.authn.jdbc.encode[0].user=XX >>> cas.authn.jdbc.encode[0].password=XX >>> cas.authn.jdbc.encode[0].driverClass=net.sourceforge.jtds.jdbc.Driver >>> cas.authn.jdbc.encode[0].passwordEncoder.type=DEFAULT >>> cas.authn.jdbc.encode[0].passwordEncoder.characterEncoding=UTF-8 >>> cas.authn.jdbc.encode[0].passwordEncoder.encodingAlgorithm=SHA-1 >>> >>> .***LDAP config follows*.** >>> >>> >>> *The error is:* >>> 2020-02-19 10:14:11,488 ERROR >>> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - >>> <Authentication has failed. Credentials may be incorrect or CAS cannot find >>> authentication handler that supports >>> [UsernamePasswordCredential(username=castestuser, source=null, >>> customFields={})] of type [UsernamePasswordCredential]. Examine the >>> configuration to ensure a method of authentication is defined and analyze >>> CAS logs at DEBUG level to trace the authentication event.> >>> >>> Well I have set logs to debug and have no insight from them. >>> >>> Thoughts??? >>> >>> Thanks, >>> Tom >>> >>> On Tue, Feb 18, 2020 at 3:57 PM Dmitriy Kopyleenko <[email protected]> >>> wrote: >>> >>> I just want to add to what Ray said, which is correct - the >>> QueryAndEncodeDatabaseAuthenticationHandler is not a conditional bean, so >>> you must use the same package as in the CAS core to “overlay” it during the >>> build. Also, another technique to find out what compile dependencies you >>> need when modifying CAS code without cloning the whole repo, is to find the >>> class in question in GitHub e.g. >>> https://github.com/apereo/cas/blob/6.1.x/support/cas-server-support-jdbc-authentication/src/main/java/org/apereo/cas/adaptors/jdbc/QueryAndEncodeDatabaseAuthenticationHandler.java >>> >>> >>> <https://github.com/apereo/cas/blob/6.1.x/support/cas-server-support-jdbc-authentication/src/main/java/org/apereo/cas/adaptors/jdbc/QueryAndEncodeDatabaseAuthenticationHandler.java> >>> *And* note the directory name in between ’support’ and ’src’ >>> directories - and that will be your dependent module that you’d need to use >>> - ‘cas-server-support-jdbc-authentication’ in this case. Same applies for >>> all other classes not found during compilation phase. >>> >>> Best, >>> D. >>> >>> On February 18, 2020 at 15:46:57, Ray Bon ([email protected]) wrote: >>> >>> Tom, >>> >>> Do you need a new class, or could you modify QueryAndEncode...? >>> >>> If the latter, copy the class into src and make the change (use the same >>> package structure). >>> If the former, use the same package structure (i.e., not >>> 'edu.xx.common.cas'). >>> >>> Make sure you are including the correct packages in the dependency >>> section of build.gradle (where other feature dependencies go). >>> To find the correct package, clone the CAS repo, >>> https://github.com/apereo/cas. Check out the correct branch, and do a >>> find for the 'does not exist'.java file name. The directory name with '-', >>> e.g., cas-server-core-audit, will be the part to add to the dependency >>> section. >>> >>> It has been a long time since I had to modify a CAS supplied class, so I >>> am not of much help. >>> >>> Ray >>> >>> On Tue, 2020-02-18 at 12:14 -0800, Tom Healey wrote: >>> >>> *Hi all!* >>> >>> *Background:* >>> >>> When the compileJava task is run it fails and I get this error (its the >>> first of many “does not exist" errors) >>> >>> "error: package org.apereo.cas.authentication.credential does not exist” >>> >>> when compiling >>> a modified QueryAndEncodeDatabaseAuthenticationHandler.java file. >>> which is derived from: >>> >>> support/cas-server-support-jdbc-authentication/src/main/java/org/apereo/cas/adaptors/jdbc/QueryAndEncodeDatabaseAuthenticationHandler.java >>> in the apereo/cas git repo. >>> >>> I have a slightly different hashing method that doesn’t allow me to >>> match the password correctly. It’s really unfortunate, because its a two >>> line change. >>> >>> >>> here is the relevant import statements and I have located the file in >>> src/main/java/edu/xx/common/cas directory under the main template >>> directory. >>> >>> package edu.xx.common.cas; <http://edu.darden.common.cas;> >>> >>> import >>> org.apereo.cas.authentication.AuthenticationHandlerExecutionResult; >>> import org.apereo.cas.authentication.PreventedException; >>> import >>> org.apereo.cas.authentication.credential.UsernamePasswordCredential; >>> import org.apereo.cas.authentication.exceptions.AccountDisabledException; >>> import >>> org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException; >>> import org.apereo.cas.authentication.principal.PrincipalFactory; >>> >>> I am following this pages (sparse) directions: >>> >>> >>> https://apereo.github.io/cas/6.1.x/installation/WAR-Overlay-Installation.html#custom-and-third-party-source >>> >>> I agree with author that this should be trivial but it won’t compile. >>> >>> *Problem 1:* >>> >>> I don’t know the correct entries to put in the build file, nor the >>> correct location. >>> I have tried a couple of different values that if I showed you would >>> make the cas even more clear I don’t know what I am doing. >>> But what the heck: >>> classpath >>> "org.apereo.cas:cas-server-core-authentication:${project.'cas.version'}" >>> classpath >>> "org.apereo.cas:cas-server-core-services:${project.'cas.version'}" >>> under the “buildscript” dependencies. I have also put them under the >>> main dependencies section, changing the “directive” to compile. >>> >>> *Question 1:* >>> >>> How do I tell the compileJava task how to find these imports? >>> >>> *Question 2:* >>> >>> Also, if I do successfully compile do I have to create another class >>> that registers this handler and all the joy that entails or Is there a >>> way I can specify this class (like we could in the old days of CAS, before >>> overlays) in the config like: >>> cas.authn.jdbc.encode[0].handler= >>> edu.xx.common.cas.QueryAndEncodeDatabaseAuthenticationHandler >>> >>> >>> Thanks, >>> Tom >>> >>> -- >>> >>> >>> Ray Bon >>> Programmer Analyst >>> Development Services, University Systems >>> 2507218831 | CLE 019 | [email protected] >>> >>> I respectfully acknowledge that my place of work is located within the >>> ancestral, traditional and unceded territory of the Songhees, Esquimalt and >>> WSÁNEĆ Nations. >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/96bb3e4fc672c873c28f64f31e86dc1e869886c3.camel%40uvic.ca >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/96bb3e4fc672c873c28f64f31e86dc1e869886c3.camel%40uvic.ca?utm_medium=email&utm_source=footer> >>> . >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.5e4c4fa8.7c5269a.db0%40unicon.net >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.5e4c4fa8.7c5269a.db0%40unicon.net?utm_medium=email&utm_source=footer> >>> . >>> >>> -- >>> >>> Ray Bon >>> Programmer Analyst >>> Development Services, University Systems >>> 2507218831 | CLE 019 | [email protected] >>> >>> I respectfully acknowledge that my place of work is located within the >>> ancestral, traditional and unceded territory of the Songhees, Esquimalt and >>> WSÁNEĆ Nations. >>> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cf468107-a3bd-452d-b638-7ed6b833fb1d%40apereo.org >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/cf468107-a3bd-452d-b638-7ed6b833fb1d%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEz6wGPjb1%2BfTE_UhnoAtCVye7n4dBKtE9W9WdjtZGH5HS5iMQ%40mail.gmail.com.
