Ok here you have my configuration.
NOTE however this is for 5.1 version! Version 5.2 changed sligthly :)
@Configuration("MyAuthenticationEventExecutionPlanConfiguration")
@EnableConfigurationProperties(CasConfigurationProperties.class)
public class MyAuthenticationEventExecutionPlanConfiguration
implements AuthenticationEventExecutionPlanConfigurer {
@Autowired
@Qualifier("servicesManager")
private ServicesManager servicesManager;
@Autowired
@Qualifier("personDirectoryPrincipalResolver")
private PrincipalResolver personDirectoryPrincipalResolver;
@Autowired
private CasConfigurationProperties casProperties;
protected PrincipalFactory principalFactory = new
DefaultPrincipalFactory();
@Bean(name = "myUtil")
public MyUtil myUtil() {
QueryJdbcAuthenticationProperties query =
casProperties.getAuthn().getJdbc().getQuery().get(0);
return new CConicetUtil(JpaBeans.newDataSource(query));
}
@Bean
public AuthenticationHandler myAuthenticationHandler() {
/*
Configure the handler by invoking various setter methods.
Note that you also have full access to the collection of
resolved CAS settings.
Note that each authentication handler may optionally qualify
for an 'order`
as well as a unique name.
*/
JdbcAuthenticationProperties.Query query =
casProperties.getAuthn().getJdbc().getQuery().get(0);
return queryDatabaseAuthenticationHandler(query);
}
private AuthenticationHandler queryDatabaseAuthenticationHandler(final
JdbcAuthenticationProperties.Query b) {
final ConicetAuthenticationHandler handler = new
ConicetAuthenticationHandler("MyAuthenticationHandler", servicesManager,
principalFactory, 1);
handler.setDataSource(Beans.newDataSource(b));
handler.setSql(b.getSql());configured
handler.setPasswordEncoder(Beans.newPasswordEncoder(b.getPasswordEncoder()));
handler.setPrincipalNameTransformer(Beans.newPrincipalNameTransformer(b.getPrincipalTransformation()));
/*
*
if (queryPasswordPolicyConfiguration != null) {
h.setPasswordPolicyConfiguration(queryPasswordPolicyConfiguration);
}
*/
handler.setPrincipalNameTransformer(Beans.newPrincipalNameTransformer(b.getPrincipalTransformation()));
if (StringUtils.isNotBlank(b.getCredentialCriteria())) {
handler.setCredentialSelectionPredicate(credential ->
Predicates.containsPattern(b.getCredentialCriteria())
.apply(credential.getId()));
}
return handler;
}
@Override
public void configureAuthenticationExecutionPlan(final
AuthenticationEventExecutionPlan plan) {
plan.registerAuthenticationHandlerWithPrincipalResolver(conicetAuthenticationHandler(),
personDirectoryPrincipalResolver);
}
}
Notes on the above: this is a veri basic handler, if you woul like to
configure webflow for example you could also use this as base.
Here you can also define your own Beans as is the case od MyBean.
Also for AuthenticationHandler I used following class which is usefull
because of using some configuration options such as supports(Credential)
and also have pre and post processing options. Of course you could choose
one that better adjust to your needs
@NotNull
private JdbcTemplate jdbcTemplate;
@NotNull
private DataSource dataSource
public class MyAuthenticationHandler extends
AbstractUsernamePasswordAuthenticationHandler {
public MyAuthenticationHandler(String name, ServicesManager
servicesManager, PrincipalFactory principalFactory,
Integer order) {
super(name, servicesManager, principalFactory, order);
Here you put your code in:
protected final HandlerResult
authenticateUsernamePasswordInternal(final UsernamePasswordCredential
credential, final String originalPassword)
throws GeneralSecurityException {
This all is set up throug META-INF spring.factories ->
org.springframework.boot.autoconfigure.EnableAutoConfiguration=my.apps.cas.MyAuthenticationEventExecutionPlanConfiguration
as stated in docs.
In cas properties you COULD add this:
cas.authn.policy.requiredHandlerAuthenticationPolicyEnabled=true
cas.authn.policy.req.tryAll=false
cas.authn.policy.req.handlerName=MyAuthenticationHandler
cas.authn.policy.req.enabled=true
just to make sure this is the only valid authentication handler.
Also DONT use jdbc support dependency as this is going to use default jdbc
AuthenticationHandler as well as yours.
Hope this helps
2017-12-07 6:43 GMT-03:00 noumann.f <[email protected]>:
> yes, I'm trying to see how things are organized in the cas src support
> jdbc.
>
> But I'm stuck in how to manage having special JDBC properties related to
> the customized handler in the *cas.properties* file, and then what are
> the related classes to be added and modified according to that?
>
> In my trail I'd created the following hierarchy:
> src/
> └── main
> ├── java
> │ └── org
> │ └── custom
> │ └── cas
> │ └── adaptors
> │ └── jdbc
> │ ├── config
> │ │ └── CustomAuthenticationEventExecu
> tionPlanConfiguration.java
> │ └── CustomQueryDatabaseAuthenticat
> ionHandler.java
> │
> └── resources
> └── META-INF
> └── spring.factories
>
> Here is the *CustomAuthenticationEventExecutionPlanConfiguration.java*
> class:
>
> package org.custom.cas.adaptors.jdbc.config;
> import org.custom.cas.adaptors.jdbc.CustomQueryDatabaseAuthenticati
> onHandler;
> .
> .
> @Configuration("CustomAuthenticationEventExecutionPlanConfiguration")
> @EnableConfigurationProperties(CasConfigurationProperties.class)
> public class CustomAuthenticationEventExecutionPlanConfiguration
> implements AuthenticationEventExecutionPlanConfigurer
> {
>
> private static final Logger LOGGER = LoggerFactory.getLogger(Custom
> AuthenticationEventExecutionPlanConfiguration.class);
>
> @Autowired
> private CasConfigurationProperties casProperties;
>
> @Autowired(required = false)
> @Qualifier("customQueryPasswordPolicyConfiguration")
> private PasswordPolicyConfiguration customQueryPasswordPolicyConfi
> guration;
>
> @Autowired
> @Qualifier("servicesManager")
> private ServicesManager servicesManager;
>
> @Bean
> public AuthenticationHandler customQueryDatabaseAuthenticationHandler
> () {
>
> final JdbcAuthenticationProperties.Query b;
>
> final Map<String, String> attributes = Beans.
> transformPrincipalAttributesListIntoMap(b.getPrincipalAttributeList());
> LOGGER.debug("Created and mapped principal attributes [{}] for
> [{}]...", attributes, b.getUrl());
>
> final CustomQueryDatabaseAuthenticationHandler h = new
> CustomQueryDatabaseAuthenticationHandler(b.getName(), servicesManager,
> jdbcPrincipalFactory(), b.getOrder(),
> Beans.newDataSource(b), b.getSql(), b.getFieldPassword(),
> b.getFieldExpired(), b.getFieldDisabled(), attributes);
> ...
> ...
> return h;
> }
>
> @ConditionalOnMissingBean(name = "jdbcPrincipalFactory")
> @Bean
> @RefreshScope
> public PrincipalFactory jdbcPrincipalFactory() {
> return new DefaultPrincipalFactory();
> }
>
> @Override
> public void configureAuthenticationExecutionPlan(final
> AuthenticationEventExecutionPlan plan) {
> plan.registerAuthenticationHandler(customQueryDatabaseAuthen
> ticationHandler());
> }
> }
>
> The code above is mostly copied from the
> *org.apereo.cas.adaptors.jdbc.config.CasJdbcAuthenticationConfiguration.java
> v 5.1.x*
> BUT again how should I handle the:
> final JdbcAuthenticationProperties.Query b
> relatively in my case??!!
>
> Regards,
>
>
> On Thursday, December 7, 2017 at 4:58:19 AM UTC+2, Manfredo Hopp wrote:
>>
>> Hi,
>>
>> I dont have my source at hand at this momemt but it helped looking into
>> cas src support jdbc.
>>
>> Regards
>>
>> El miércoles, 6 de diciembre de 2017, noumann.f <[email protected]>
>> escribió:
>>
>>> Hi,
>>>
>>> I need to create a custom JDBC authentication handler, I'd done this
>>> previously with version 4.x but with new version 5.1.x things have changed
>>> !!
>>>
>>> I'm following the guide in here: https://apereo.github.io
>>> /2017/02/02/cas51-authn-handlers
>>> but I need more details about registering the new handler and how to
>>> create special properties for it in the cas.properties and then reach them
>>> in the code!
>>>
>>> Best regards,
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/4b50d3ab-aef7-4424-87a1-b879d10375
>>> a7%40apereo.org
>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/4b50d3ab-aef7-4424-87a1-b879d10375a7%40apereo.org?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/8a0b7e04-b40f-4508-a5a8-
> 06319bf9d7d6%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a0b7e04-b40f-4508-a5a8-06319bf9d7d6%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5micCedQCPpwWMKK0Sz2Kh_e8UOgau_pGmp_B%3DtLHTiO9oA%40mail.gmail.com.
