I'm using the StatusNet 0.9.6. The plugin CasAuthentication was installed for 
user authentication. I wan to use the QueryDatabaseAuthenticationHandler. The 
configuration in deployerConfigContext.xml is as following:

1. 
<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="dataSource" />
<property name="sql" value="select password from app_user where username=?" 
/>    
<property name="passwordEncoder" ref="MD5PasswordEncoder" />
</bean>

2.
<bean id="dataSource" 
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver"></property>
<property name="url" value="jdbc:mysql://localhost/casusers"></property>
<property name="username" value="casusers"></property>
<property name="password" value="casusers"></property>  
</bean>

3.
<bean id="MD5PasswordEncoder" 
class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" >
<constructor-arg index="0">
<value>MD5</value>
</constructor-arg>
</bean>

The database for my StatusNet is statusnet. In the table user, there is a user 
who's nickname field is "paijiji" and the password field is  
"19064d6a02a01198228d2f88ab64a550". The original password for the user paijiji 
is "paijiji"

The database for the CAS server is casusers. There is only one table named 
app_user in this database. I insert a record that it's username field is 
"paijiji" and it's password field is "19064d6a02a01198228d2f88ab64a550".

When I try to login my StatusNet site with the username "paijiji" and the 
password "paijiji", the CAS display something like "You supplied the wrong 
credentials". I have test the login function without passwordEncoder, and it 
works.

What's the possible problem? Does the StatusNet don't use MD5 encryption? Where 
is the code for password encryption?

Regards,

Blue



      
_______________________________________________
StatusNet-dev mailing list
StatusNet-dev@lists.status.net
http://lists.status.net/mailman/listinfo/statusnet-dev

Reply via email to