New CAS documentation site
CAS documentation has moved over to apereo.github.io/cas, starting with CAS version 4.x. The wiki will no longer be maintained. For the most recent version of the documentation, please refer to the aforementioned link.
JDBC Authentication Handler
Including the Handler
In the pom.xml file for your CAS Maven2 WAR Overlay, add the following dependency:
Note that all JDBC AuthenticationHandlers have the requirement for a DataSource. Each handler's section will only list additional properties beyond the DataSource.
This authentication handler attempts to take the provided credentials and open a connection with them.
This authentication handler takes a database query (who's value is a password and one parameter is a username). It will then compare the password from the database with the password provided by the user (after encoding via the PasswordEncoder).
The DefaultPasswordEncoder class supports use cases where a message digest function (hash) needs to be applied to the password for comparison with the stored value in the database. This behavior is best security practice and the default on most modern database platforms. The following example demonstrates how to configure DefaultPasswordEncoder for the MD5 hash function.
See the MAC section of http://download.oracle.com/javase/1.5.0/docs/guide/security/jce/JCERefGuide.html#AppA for a list of supported message digest functions in the default Sun cryptography provider (JCE).
(note : on cas-3.4.8, I had to change the previous sample with the following :
Given a table, username field and password field, this will query a database table with the provided encryption technique to see if the user exists.