HI!
I'm trying to implement an Authentication Handler which calls a stored
procedure (with PostgresQL) for validating the password. With a stored
procedure there's no need for CAS to have read access to the password
column which is a required security measure in this project.
I just naively copied QueryDatabaseAuthenticationHandler.java and
renamed it to StoredProcDatabaseAuthenticationHandler.java mainly
tweaking two lines of code. Since I'd like to contribute this to CAS I
used namespace org.jasig.cas.adaptors.jdbc.
Since I'm not a Java programmer (I personally prefer Python for my work)
I'd like to get advice whether this is the right approach:
---------------------- deployerConfigContext.xml ----------------------
[..]
<bean
class="org.jasig.cas.adaptors.jdbc.StoredProcDatabaseAuthenticationHandler">
<property name="dataSource" ref="dataSource" />
<property name="sql" value="select check_password_for_ud ('?','?');" />
<property name="resultSuccess" value="t" />
</bean>
[..]
------------- StoredProcDatabaseAuthenticationHandler.java -------------
[..]
try {
final String storedProcResult =
getJdbcTemplate().queryForObject(this.sql, String.class, username,
password);
return storedProcResult.equals(this.resultSuccess);
} catch (final IncorrectResultSizeDataAccessException e) {
// this means the username was not found.
return false;
}
[..]
------------------------------------------------------------------------
Can this work?
Property "sql" is meant to contain a SQL template taking username and
password to be passed as arguments to the stored procedure. I've read
that there is a different approach in Spring to invoke stored procedure
but I'm somewhat lost with all this Java stuff...
Ciao, Michael.
_______________________________________________
Yale CAS mailing list
cas@...
http://tp.its.yale.edu/mailman/listinfo/cas
