Using MySQL database for authentication in Ja-sig CAS

Question

I'm trying to hook my Ja-sig CAS server (v3.5 running on Tomcat7) up to a MySQL database for user authentication. I basically have a table 'users' in the database storing username/password pairs that I want CAS to check against. However, I'm having difficulty even getting my current configuration to deploy.

This is an excerpt from pom.xml as it relates to database connectivity:

<dependency>
   <groupId>org.jasig.cas</groupId>
   <artifactId>cas-server-support-jdbc</artifactId>
   <version>${cas.version}</version>
</dependency>

<dependency>
   <groupId>commons-dbcp</groupId>
   <artifactId>commons-dbcp</artifactId>
   <version>1.4</version>
   <scope>runtime</scope>
</dependency>

<dependency>
   <groupId>mysql</groupId>
   <artifactId>mysql-connector-java</artifactId>
   <version>5.1.22-bin</version>
   <scope>provided</scope>
</dependency>

And here is where I try to setup the database connection in WEB-INF/deployerConfigContext.xml:

<bean
class="org.jasig.cas.adaptors.jdbc.SearchModeSearchDatabaseAuthenticationHandler">
   <property name="tableUsers">
       <value>users</value>
   </property>
   <property name="fieldUser">
       <value>username</value>
   </property>
   <property name="fieldPassword">
       <value>password</value>
   </property>
   <property name="passwordEncoder">
       <bean
             class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder">
        <constructor-arg value="MD5" />
       </bean>
   </property>
   <property name="dataSource" ref="dataSource" />
</bean>

<bean id="datasource"
      class="org.apache.commons.dbcp.BasicDataSource">
    <property name="driverClassName">
        <value>com.mysql.jdbc.Driver</value>
    </property>
    <property name="url">
        <value>jdbc:mysql://localhost:3306/cas_db</value>
    </property>
    <property name="username">
        <value>cas_server</value>
    </property>
    <property name="password">
        <value>pass</value>
    </property>
</bean>

It builds perfectly fine with Maven, but when I try to deploy it with Tomcat it doesn't work. I haven't been able to find anything particularly informative in any of the tomcat logs. I'm wondering if there might be a problem with 'commons-dbcp', since when I comment that out and use a simple authentication handler in deployerConfigContext.xml, I'm able to deploy.

There seems to be little/poor documentation of this from my current web research. If anyone has any good resources they could recommend as well, it would be greatly appreciated.

Answer 1

On one of the official guides for CAS + JDBC Authentication (https://wiki.jasig.org/display/CASUM/Using+JDBC+for+Authentication), they comment on that:

Note: It is recommended commons-dbcp 1.2.1 is used with MySQL instead of the newer version. I found that new version (1.2.2) will cause a Socket write error in MySQL, after your CAS is idle for more that 8 hours, which is the time that MySQL will clean up all idle connections.

Your problem might be related to the version of the commons-dbcp. In my case, I have a configuration similar to yours with the difference on the commons-dbcp version, I'm using 1.4 (no problems)

Answer 2

I finally found a trace of errors in the tomcat log localhost.YYYY-MM-DD.log. As it turns out, I needed to add commons-pool:

<dependency>
   <groupId>commons-pool</groupId>
   <artifactId>commons-pool</artifactId>
   <version>1.6</version>
   <scope>provided</scope>
</dependency>

which commons-dbcp is dependent upon. Installing this with Maven did away with the missing class exception I was getting.

My next problem was that I had mistakenly defined my datasource bean in the list of authenticationHandlers in deployerConfigContext.xml, which led to a type conversion exception. Moving the bean out of the list tag did the trick.