[cas-dev] Using QueryDatabaseAuthenticationHandler

David Whitehurst dlwhitehurst at gmail.com
Fri Jun 13 07:48:36 EDT 2008 

The simple answer would be YES.  This handler is pulling the password
based on the username ,decrypting and then comparing with the input on
the login form.  A query is performed to get this information.

You could modify the query by using other methods on the Spring
jdbcTemplate.  An example might be ...

protected final boolean authenticateUsernamePasswordInternal(
        final UsernamePasswordCredentials credentials)
        throws AuthenticationException {
        final String username = credentials.getUsername();
        final String password = credentials.getPassword();
        final String encryptedPassword = this.getPasswordEncoder().encode(
            password);

        try {

            final String dbPassword = getJdbcTemplate().queryForObject(
                this.sql, String.class, username);
            List extras = getJdbcTemplate().queryForList("select
extra1, extra2 from data where primary_key = 1");

            return dbPassword.equals(encryptedPassword);
        } catch (final IncorrectResultSizeDataAccessException e) {
            // this means the username was not found.
            return false;
        }
    }

Now, you have a list of "extras" that you can stick in the session.
That may not be the best place to do that structurally, but you should
get the point.

Your requirement should not be too difficult.  Also, remember that you
have the source.  You can modify or add what you need, build it with
Maven, and then test it.

Hope this helps,


David

On Fri, Jun 13, 2008 at 3:54 AM, Smita Vithal Kharkar
<Smita_Kharkar at infosys.com> wrote:
> Hi,
>
>
>
> I want to select few other fields from the same table that contains User
> name & password, while doing authentication.
>
> Can I use the QueryDatabaseAuthenticationHandler class to select those extra
> fields and put them in the session for further use?
>
> I am using CAS for doing a CCOW POC using J2EE & .NET applications.
>
>
>
> ---
>
> Regards,
>
> Smita
>
> In matters of conscience, the law of majority has no place.
>
>
>
> **************** CAUTION - Disclaimer *****************
> This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely
> for the use of the addressee(s). If you are not the intended recipient,
> please
> notify the sender by e-mail and delete the original message. Further, you
> are not
> to copy, disclose, or distribute this e-mail or its contents to any other
> person and
> any such actions are unlawful. This e-mail may contain viruses. Infosys has
> taken
> every reasonable precaution to minimize this risk, but is not liable for any
> damage
> you may sustain as a result of any virus in this e-mail. You should carry
> out your
> own virus checks before opening the e-mail or attachment. Infosys reserves
> the
> right to monitor and review the content of all messages sent to or from this
> e-mail
> address. Messages sent to or from this e-mail address may be stored on the
> Infosys e-mail system.
> ***INFOSYS******** End of Disclaimer ********INFOSYS***
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>

More information about the cas-dev mailing list