[cas-dev] cas-dev Digest, Vol 43, Issue 7

Smita Vithal Kharkar Smita_Kharkar at infosys.com
Wed Jun 18 12:12:03 EDT 2008 

Hey thanks for your reply!

This was really helpful.



Now, how can I put these 'extra's in the session?

Can you please tell me what is the exact place to do it?



---

Regards,

Smita

In matters of conscience, the law of majority has no place.



-----Original Message-----
From: cas-dev-bounces at tp.its.yale.edu [mailto:cas-dev-bounces at tp.its.yale.edu] On Behalf Of cas-dev-request at tp.its.yale.edu
Sent: Friday, June 13, 2008 9:30 PM
To: cas-dev at tp.its.yale.edu
Subject: cas-dev Digest, Vol 43, Issue 7



Send cas-dev mailing list submissions to

        cas-dev at tp.its.yale.edu



To subscribe or unsubscribe via the World Wide Web, visit

        http://tp.its.yale.edu/mailman/listinfo/cas-dev

or, via email, send a message with subject or body 'help' to

        cas-dev-request at tp.its.yale.edu



You can reach the person managing the list at

        cas-dev-owner at tp.its.yale.edu



When replying, please edit your Subject line so it is more specific

than "Re: Contents of cas-dev digest..."





Today's Topics:



   1. Using QueryDatabaseAuthenticationHandler (Smita Vithal Kharkar)

   2. Re: Using QueryDatabaseAuthenticationHandler (David Whitehurst)





----------------------------------------------------------------------



Message: 1

Date: Fri, 13 Jun 2008 13:24:00 +0530

From: Smita Vithal Kharkar <Smita_Kharkar at infosys.com>

Subject: [cas-dev] Using QueryDatabaseAuthenticationHandler

To: "cas-dev at tp.its.yale.edu" <cas-dev at tp.its.yale.edu>

Message-ID:

        <F8725CD0D3BF7248BA8FD91AA4727E9D05F6425328 at PUNITPMBX01.ad.infosys.com>



Content-Type: text/plain; charset="us-ascii"



Hi,



I want to select few other fields from the same table that contains User name & password, while doing authentication.

Can I use the QueryDatabaseAuthenticationHandler class to select those extra fields and put them in the session for further use?

I am using CAS for doing a CCOW POC using J2EE & .NET applications.



---

Regards,

Smita

In matters of conscience, the law of majority has no place.





**************** CAUTION - Disclaimer *****************

This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely

for the use of the addressee(s). If you are not the intended recipient, please

notify the sender by e-mail and delete the original message. Further, you are not

to copy, disclose, or distribute this e-mail or its contents to any other person and

any such actions are unlawful. This e-mail may contain viruses. Infosys has taken

every reasonable precaution to minimize this risk, but is not liable for any damage

you may sustain as a result of any virus in this e-mail. You should carry out your

own virus checks before opening the e-mail or attachment. Infosys reserves the

right to monitor and review the content of all messages sent to or from this e-mail

address. Messages sent to or from this e-mail address may be stored on the

Infosys e-mail system.

***INFOSYS******** End of Disclaimer ********INFOSYS***

-------------- next part --------------

An HTML attachment was scrubbed...

URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20080613/b6537ff5/attachment-0001.html



------------------------------



Message: 2

Date: Fri, 13 Jun 2008 07:48:36 -0400

From: "David Whitehurst" <dlwhitehurst at gmail.com>

Subject: Re: [cas-dev] Using QueryDatabaseAuthenticationHandler

To: "Mailing list for CAS developers" <cas-dev at tp.its.yale.edu>

Message-ID:

        <d90fe1d60806130448l1722be3fpd671dba4fe8ac8f3 at mail.gmail.com>

Content-Type: text/plain; charset=UTF-8



The simple answer would be YES.  This handler is pulling the password

based on the username ,decrypting and then comparing with the input on

the login form.  A query is performed to get this information.



You could modify the query by using other methods on the Spring

jdbcTemplate.  An example might be ...



protected final boolean authenticateUsernamePasswordInternal(

        final UsernamePasswordCredentials credentials)

        throws AuthenticationException {

        final String username = credentials.getUsername();

        final String password = credentials.getPassword();

        final String encryptedPassword = this.getPasswordEncoder().encode(

            password);



        try {



            final String dbPassword = getJdbcTemplate().queryForObject(

                this.sql, String.class, username);

            List extras = getJdbcTemplate().queryForList("select

extra1, extra2 from data where primary_key = 1");



            return dbPassword.equals(encryptedPassword);

        } catch (final IncorrectResultSizeDataAccessException e) {

            // this means the username was not found.

            return false;

        }

    }



Now, you have a list of "extras" that you can stick in the session.

That may not be the best place to do that structurally, but you should

get the point.



Your requirement should not be too difficult.  Also, remember that you

have the source.  You can modify or add what you need, build it with

Maven, and then test it.



Hope this helps,





David



On Fri, Jun 13, 2008 at 3:54 AM, Smita Vithal Kharkar

<Smita_Kharkar at infosys.com> wrote:

> Hi,

>

>

>

> I want to select few other fields from the same table that contains User

> name & password, while doing authentication.

>

> Can I use the QueryDatabaseAuthenticationHandler class to select those extra

> fields and put them in the session for further use?

>

> I am using CAS for doing a CCOW POC using J2EE & .NET applications.

>

>

>

> ---

>

> Regards,

>

> Smita

>

> In matters of conscience, the law of majority has no place.

>

>

>

> **************** CAUTION - Disclaimer *****************

> This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely

> for the use of the addressee(s). If you are not the intended recipient,

> please

> notify the sender by e-mail and delete the original message. Further, you

> are not

> to copy, disclose, or distribute this e-mail or its contents to any other

> person and

> any such actions are unlawful. This e-mail may contain viruses. Infosys has

> taken

> every reasonable precaution to minimize this risk, but is not liable for any

> damage

> you may sustain as a result of any virus in this e-mail. You should carry

> out your

> own virus checks before opening the e-mail or attachment. Infosys reserves

> the

> right to monitor and review the content of all messages sent to or from this

> e-mail

> address. Messages sent to or from this e-mail address may be stored on the

> Infosys e-mail system.

> ***INFOSYS******** End of Disclaimer ********INFOSYS***

>

> _______________________________________________

> cas-dev mailing list

> cas-dev at tp.its.yale.edu

> http://tp.its.yale.edu/mailman/listinfo/cas-dev

>

>





------------------------------



_______________________________________________

cas-dev mailing list

cas-dev at tp.its.yale.edu

http://tp.its.yale.edu/mailman/listinfo/cas-dev





End of cas-dev Digest, Vol 43, Issue 7

**************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20080618/89d320ee/attachment-0001.html

More information about the cas-dev mailing list