Re: [StatusNet-dev] A question on QueryDatabaseAuthenticationHandler of CAS

Mon, 22 Nov 2010 01:21:50 -0800 

On Mon, Nov 22, 2010 at 5:04 AM, 橡树 <wwwteach...@yahoo.com.cn> wrote:
>
> I'm using the StatusNet 0.9.6. The plugin CasAuthentication was installed for 
> user authentication. I wan to use the QueryDatabaseAuthenticationHandler. The 
> configuration in deployerConfigContext.xml is as following:
>
[..]

Hi Blue,
Statusnet uses user id as salt in md5 [1]. I looked at
QueryDatabaseAuthenticationHandler and it can't do it, you need to
implement your AbstractJdbcUsernamePasswordAuthenticationHandler.
This should work

package your.package;


import org.jasig.cas.authentication.handler.AuthenticationException;
import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;
import org.springframework.dao.IncorrectResultSizeDataAccessException;

import javax.validation.constraints.NotNull;

public final class StatusNetQueryDatabaseAuthenticationHandler extends
    AbstractJdbcUsernamePasswordAuthenticationHandler {

    @NotNull
    private String sql;

    protected final boolean authenticateUsernamePasswordInternal(final
UsernamePasswordCredentials credentials) throws
AuthenticationException {
        final String username =
getPrincipalNameTransformer().transform(credentials.getUsername());
        final String password = credentials.getPassword();


        try {
            final List<Map<String, Object>> rs =
getJdbcTemplate().queryForObject(
                this.sql, username);
            if(rs.size()<1)
                return false;
            final String userid = (String)rs.get(0).get("id");
            final String dbPassword = (String)rs.get(0).get("password");
            final String encryptedPassword = this.getPasswordEncoder().encode(
                password + userid);

            return dbPassword.equals(encryptedPassword);
        } catch (final IncorrectResultSizeDataAccessException e) {
            // this means the username was not found.
            return false;
        }
    }
    /**
     * @param sql The sql to set.
     */
    public void setSql(final String sql) {
        this.sql = sql;
    }
}


1.
<bean class="your.package.StatusNetQueryDatabaseAuthenticationHandler">
<property name="dataSource" ref="dataSource" />
<property name="sql" value="select id,password from app_user where
username=?" />
<property name="passwordEncoder" ref="MD5PasswordEncoder" />
</bean>

Michele

[1] http://lists.status.net/pipermail/statusnet-dev/2010-November/003707.html
_______________________________________________
StatusNet-dev mailing list
StatusNet-dev@lists.status.net
http://lists.status.net/mailman/listinfo/statusnet-dev

Reply via email to