CAS DB身份验证“编码";密码加密与使用Spring Security的ShaPasswordEncoder加密的数据库密码不匹配 [英] CAS DB Authentication "encode" password encryption can't match with database password encrypted using Spring Security's ShaPasswordEncoder
问题描述
我目前正在将CAS Server v5.0.2配置为使用CAS身份文件来使用数据库身份验证,尤其是使用Encode方法.以下是属性文件中的相关属性配置:
I am currently configuring my CAS Server v5.0.2 to use Database Authentication, particularly using the Encode method, using the CAS properties file. Below are the relevant property configurations from the properties file:
cas.authn.jdbc.encode[0].sql=SELECT * FROM public.vt_user WHERE email=?
cas.authn.jdbc.encode[0].driverClass=org.postgresql.Driver
cas.authn.jdbc.encode[0].url=jdbc:postgresql://localhost:5432/tracking
cas.authn.jdbc.encode[0].user=postgres
cas.authn.jdbc.encode[0].password=postgres
cas.authn.jdbc.encode[0].saltFieldName=salt
cas.authn.jdbc.encode[0].passwordFieldName=password
cas.authn.jdbc.encode[0].healthQuery=SELECT 1 FROM INFORMATION_SCHEMA.TABLES
cas.authn.jdbc.encode[0].numberOfIterations=1
cas.authn.jdbc.encode[0].numberOfIterationsFieldName=
cas.authn.jdbc.encode[0].staticSalt=
cas.authn.jdbc.encode[0].algorithmName=SHA-1
cas.authn.jdbc.encode[0].dialect=org.hibernate.dialect.PostgreSQLDialect
cas.authn.jdbc.encode[0].passwordEncoder.type=DEFAULT
cas.authn.jdbc.encode[0].passwordEncoder.characterEncoding=UTF-8
cas.authn.jdbc.encode[0].passwordEncoder.encodingAlgorithm=SHA-1
我要连接的数据库是PostgreSQL DB.密码以前是使用Spring Security的3.2.5 ShaPasswordEncoder编码的,默认强度为SHA-1加一个盐值.我已经通过在CAS服务器的默认登录页面中输入有效凭据来测试了CAS DB身份验证配置,但是身份验证始终失败并返回无效凭据".此外,我已经知道不建议使用3.2.5 ShaPasswordEncoder,但是我不打算更改其实现.日志显示可以从用户表中成功查询用户名,但是表中的密码和输入的密码不匹配.
The database I am connecting with is a PostgreSQL DB. The passwords were previously encoded using Spring Security's 3.2.5 ShaPasswordEncoder with the default strength which is SHA-1 plus a salt value. I have tested the CAS DB Authentication configuration by entering valid credentials in the CAS Server's default login page, but authentication always fail and return "Invalid credentials." Additionally, I am already aware that the 3.2.5 ShaPasswordEncoder is deprecated, but I am not planning to change it's implementation. The logs show that the username can be successfully queried from the user table, but the passwords from the table and the input don't match.
目前,我正在寻找解决此问题的任何方法.我对CAS还是比较陌生,我非常感谢急需的帮助.谢谢!
Right now I am looking for any approach on resolving this issue. I am still relatively new to CAS, and I really appreciate the much needed help. Thanks!
推荐答案
我通过修改cas-server-upport-jdbc依赖项(具有相同的CAS版本)中的QueryAndEncodeDatabaseAuthenticationHandler.java文件来使用Spring Security的ShaPasswordEncoder,解决了此问题而不是由CAS Shiro的默认哈希服务使用的CAS. 具体来说,我所做的是在src/main/java/org/apereo/cas/adaptors/jdbc目录内使用的CAS Maven覆盖内添加修改后的Java文件(以及AbstractJdbcUsernamePasswordAuthenticationHandler.java).我在Java文件中修改的相关函数名为digestEncodedPassword.我注释掉了原始代码行,并将其替换为我对ShaPasswordEncoder的实现.构建CAS时,应在编译时同时编译自定义源代码.
I resolved this issue by modifying the QueryAndEncodeDatabaseAuthenticationHandler.java file from the cas-server-upport-jdbc dependency (of the same CAS version) to use Spring Security's ShaPasswordEncoder instead of the one used by CAS which is Apache Shiro's default hash service. Specifically, what I did was to add the modified java file (plus the AbstractJdbcUsernamePasswordAuthenticationHandler.java) inside the CAS maven overlay that I'm using inside the src/main/java/org/apereo/cas/adaptors/jdbc directory. The relevant function that I modified inside the java file is named digestEncodedPassword. I commented out the original lines of code and replaced it with my implementation of the ShaPasswordEncoder. The custom source code should be compiled alongside when building CAS.
这篇关于CAS DB身份验证“编码";密码加密与使用Spring Security的ShaPasswordEncoder加密的数据库密码不匹配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
