Configuring Jasig CAS to use BCrypt
Question
I want to configure Jasig CAS to use BCrypt as passwordEncoder.
Searching around I've found that this can be handled entirely by Spring Framework but I'm not familiar with it.
From what I understand I just need to add spring-security-core and spring-security-crypto libraries to war file and change passwordEncoder bean in deployerConfigContext.xml.
But I am getting this as a result:
Tail of tomcat logfile:
Caused by: org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.springframework.security.crypto.password] for bean with name 'passwordEncoder' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]; nested exception is java.lang.ClassNotFoundException: org.springframework.security.crypto.password
at org.springframework.beans.factory.support.AbstractBeanFactory.resolveBeanClass(AbstractBeanFactory.java:1328)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:453)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
... 66 more
Caused by: java.lang.ClassNotFoundException: org.springframework.security.crypto.password
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1720)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1571)
at org.springframework.util.ClassUtils.forName(ClassUtils.java:249)
at org.springframework.beans.factory.support.AbstractBeanDefinition.resolveBeanClass(AbstractBeanDefinition.java:395)
at org.springframework.beans.factory.support.AbstractBeanFactory.doResolveBeanClass(AbstractBeanFactory.java:1349)
at org.springframework.beans.factory.support.AbstractBeanFactory.resolveBeanClass(AbstractBeanFactory.java:1320)
... 72 more
Sep 23, 2015 2:06:30 PM org.apache.catalina.core.ApplicationContext log
INFO: Closing Spring root WebApplicationContext
Part of deployerConfigContext.xml:
<bean id="primaryAuthenticationHandler"
class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
p:dataSource-ref="dataSource"
p:passwordEncoder-ref="passwordEncoder"
p:sql="select password from users where username=? and active=1" />
<bean id="passwordEncoder" class="org.springframework.security.crypto.password"/>
ls ~tomcat/webapps/cas/WEB-INF/lib | grep spring-security
spring-security-cas-4.0.1.RELEASE.jar
spring-security-config-4.0.1.RELEASE.jar
spring-security-core-4.0.1.RELEASE.jar
spring-security-core-4.0.2.RELEASE.jar
spring-security-crypto-4.0.2.RELEASE.jar
spring-security-web-4.0.1.RELEASE.jar
Correct me if I'm wrong, but I suppose that I have configured the bean in deployerConfigContext.xml. Can you point me what is wrong?
1 answers
solution1
1 2018-10-19 18:19:02
You have a typo here:
<bean id="passwordEncoder" class="org.springframework.security.crypto.password"/>
That is not a class element; it's a package. The encoder is likely this one:
<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.