CODEWITHSUNDEEP
springmavencasbcryptjasig
Anton
Anton

Reputation: 121

Configuring Jasig CAS to use BCrypt

I want to configure Jasig CAS to use BCrypt as passwordEncoder.

Searching around I've found that this can be handled entirely by Spring Framework but I'm not familiar with it.

From what I understand I just need to add spring-security-core and spring-security-crypto libraries to war file and change passwordEncoder bean in deployerConfigContext.xml.

But I am getting this as a result:

Tail of tomcat logfile:

Caused by: org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.springframework.security.crypto.password] for bean with name 'passwordEncoder' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]; nested exception is java.lang.ClassNotFoundException: org.springframework.security.crypto.password
        at org.springframework.beans.factory.support.AbstractBeanFactory.resolveBeanClass(AbstractBeanFactory.java:1328)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:453)
        at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
        at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
        ... 66 more
Caused by: java.lang.ClassNotFoundException: org.springframework.security.crypto.password
        at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1720)
        at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1571)
        at org.springframework.util.ClassUtils.forName(ClassUtils.java:249)
        at org.springframework.beans.factory.support.AbstractBeanDefinition.resolveBeanClass(AbstractBeanDefinition.java:395)
        at org.springframework.beans.factory.support.AbstractBeanFactory.doResolveBeanClass(AbstractBeanFactory.java:1349)
        at org.springframework.beans.factory.support.AbstractBeanFactory.resolveBeanClass(AbstractBeanFactory.java:1320)
        ... 72 more

Sep 23, 2015 2:06:30 PM org.apache.catalina.core.ApplicationContext log
INFO: Closing Spring root WebApplicationContext

Part of deployerConfigContext.xml:

<bean id="primaryAuthenticationHandler"
      class="org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler"
      p:dataSource-ref="dataSource"
      p:passwordEncoder-ref="passwordEncoder"
      p:sql="select password from users where username=? and active=1" />

<bean id="passwordEncoder" class="org.springframework.security.crypto.password"/>

ls ~tomcat/webapps/cas/WEB-INF/lib | grep spring-security

spring-security-cas-4.0.1.RELEASE.jar
spring-security-config-4.0.1.RELEASE.jar
spring-security-core-4.0.1.RELEASE.jar
spring-security-core-4.0.2.RELEASE.jar
spring-security-crypto-4.0.2.RELEASE.jar
spring-security-web-4.0.1.RELEASE.jar

Correct me if I'm wrong, but I suppose that I have configured the bean in deployerConfigContext.xml. Can you point me what is wrong?

Upvotes: 5

Views: 683

Answers (1)

Misagh Moayyed
Misagh Moayyed

Reputation: 4318

You have a typo here:

<bean id="passwordEncoder" class="org.springframework.security.crypto.password"/>

That is not a class element; it's a package. The encoder is likely this one:

<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>

See: https://docs.spring.io/spring-security/site/docs/4.2.7.RELEASE/apidocs/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.html

Upvotes: 1

Related Questions