Using JDBC for Authentication

PRECONDITIONS

1.  Successfully tested cas.war out-of-the-box using the default username=password type of login. (See Quick Start Demo)

2.  You would now like to hook-up login to a user table, say, USERS, already in Oracle Database with the clear-text columns called (say) USER_ID and PASSWORD.

DETAILED STEPS

1.  Open the file %CATALINA_HOME%/webapps/cas/WEB-INF/deployerConfigContext.xml with you favorite XML editor.

2.  At the bottom of this file you will see the following xml that supports the simplistic username=password in CAS login out of the box:

<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />

3.  Replace the above bean tag with *one* of the following bean tags (BTW, these are two of at least three known ways you can hook-up to a JDBC source of user/passwords.) For all other ways, please refer JDBC):

<bean id="SearchModeSearchDatabaseAuthenticationHandler"
      class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler"
      abstract="false" singleton="true" lazy-init="default" autowire="default" dependency-check="default">
  <property  name="tableUsers">
   <value>users</value>
  </property>
  <property name="fieldUser">
   <value>user_id</value>
  </property>
  <property name="fieldPassword">
   <value>password</value>
  </property>
  <property name="dataSource" ref="dataSource" />
</bean>

<bean class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler">
  <property name="dataSource" ref="dataSource" />
  <property name="sql" value="select password from some_table where lower(username) = lower(?)" />
</bean>

4.  Move your text editor cursor downward beyond the following (this is a really dumb step, but was critical for me...the technical point being that the datasource bean in the NEXT step needs to be a standalone bean tag in the file deployerConfigContext.xml instead of a sibling tag of the authentication handler tag)

</list>
</property>
</bean>

5.  Add one of the following bean definitions after the </bean> tag but before the last </beans> tag.  Make sure you change the url property below to whatever your database url connect string really is.  Ditto for username, password tags.

<!-- Oracle connector -->
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
 <property name="driverClassName">
  <value>oracle.jdbc.driver.OracleDriver</value>
 </property>
 <property name="url">
  <value>jdbc:oracle:thin:@database-server-name:1521:SID</value>
 </property>
 <property name="username">
  <value>admusr</value>
 </property>
 <property name="password">
  <value>admpwd</value>
 </property>
</bean>

<!-- MySQL connector -->
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
 <property name="driverClassName">
  <value>com.mysql.jdbc.Driver</value>
 </property>
 <property name="url">
  <value>jdbc:mysql://database-server-name:3306/db-name</value>
 </property>
 <property name="username">
  <value>admusr</value>
 </property>
 <property name="password">
  <value>admpwd</value>
 </property>
</bean>

 
<!-- PostgreSQL connector -->
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
 <property name="driverClassName">
  <value>org.postgresql.Driver</value>
 </property>
 <property name="url">
  <value>jdbc:postgresql://database-server-name:5432/db-name</value>
 </property>
 <property name="username">
  <value>admusr</value>
 </property>
 <property name="password">
  <value>admpwd</value>
 </property>
</bean>

6.  For CAS 3.1.x, Added the required jars through the use of Maven pom.xml file

<dependency>
	<groupId>org.jasig.cas</groupId>
	<artifactId>cas-server-support-jdbc</artifactId>
	<version>${project.version}</version>
</dependency>
<dependency>
	<groupId>commons-dbcp</groupId>
	<artifactId>commons-dbcp</artifactId>
	<version>1.2.1</version>
	<scope>runtime</scope>
</dependency>
<dependency>
	<groupId>mysql</groupId>
	<artifactId>mysql-connector-java</artifactId>
	<version>5.1.5-bin</version>
	<scope>provided</scope>
</dependency>

    For CAS 3.0.x, Drop the following jars (or latest-and-greatest-equivalent-specific-to-your-database-vendor) into %CATALINA_HOME%/webapps/cas/WEB-INF/lib

  • older releases might use cas-server-jdbc-3.0.5.jar from http://developer.ja-sig.org/maven/cas/jars/
  • ojdbc14.jar (Oracle JDBC Driver), mysql-connector-java-5.1.5-bin.jar (MySQL JDBC driver), or postgresql-9.1-901.[jdbcversion].jar (PostgreSQL JDBC driver)

You will also need the following, but they are already present in a default RHEL5 tomcat install.

  • commons-collections-3.2.jar
  • commons-dbcp-1.2.1.jar
  • commons-pool-1.3.jar

Note: It is recommended commons-dbcp 1.2.1 is used with MySQL instead of the newer version. I found that new version (1.2.2) will cause a Socket write error in MySQL, after your CAS is idle for more that 8 hours, which is the time that MySQL will clean up all idle connections.

7.  Bounce the cas context.  (Done).   CAS should be using the user/password in your database now (instead of the simplistic user=password that ships with the Demo).