Class: CASServer::Authenticators::SQL
- Defined in:
- lib/casserver/authenticators/sql.rb
Overview
Authenticates against a plain SQL table.
This assumes that all of your users are stored in a table that has a ‘username’ column and a ‘password’ column. When the user logs in, CAS conects to the database and looks for a matching username/password in the users table. If a matching username and password is found, authentication is successful.
Any database backend supported by ActiveRecord can be used.
Config example:
authenticator:
class: CASServer::Authenticators::SQL
database:
adapter: mysql
database: some_database_with_users_table
username: root
password:
server: localhost
user_table: users
username_column: username
password_column: password
When replying to a CAS client’s validation request, the server will normally provide the client with the authenticated user’s username. However it is now possible for the server to provide the client with additional attributes. You can configure the SQL authenticator to provide data from additional columns in the users table by listing the names of the columns under the ‘extra_attributes’ option. Note though that this functionality is experimental. It should work with RubyCAS-Client, but may or may not work with other CAS clients.
For example, with this configuration, the ‘full_name’ and ‘access_level’ columns will be provided to your CAS clients along with the username:
authenticator:
class: CASServer::Authenticators::SQL
database:
adapter: mysql
database: some_database_with_users_table
user_table: users
username_column: username
password_column: password
ignore_type_column: true # indicates if you want to ignore Single Table Inheritance 'type' field
extra_attributes: full_name, access_level
Direct Known Subclasses
Instance Attribute Summary
Attributes inherited from Base
Class Method Summary collapse
Instance Method Summary collapse
Methods inherited from Base
Class Method Details
.setup(options) ⇒ Object
57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 |
# File 'lib/casserver/authenticators/sql.rb', line 57 def self.setup() raise CASServer::AuthenticatorError, "Invalid authenticator configuration!" unless [:database] user_model_name = "CASUser_#{[:auth_index]}" $LOG.debug "CREATING USER MODEL #{user_model_name}" class_eval %{ class #{user_model_name} < ActiveRecord::Base end } @user_model = const_get(user_model_name) @user_model.establish_connection([:database]) @user_model.table_name = [:user_table] || 'users' @user_model.inheritance_column = 'no_inheritance_column' if [:ignore_type_column] end |
.user_model ⇒ Object
74 75 76 |
# File 'lib/casserver/authenticators/sql.rb', line 74 def self.user_model @user_model end |
Instance Method Details
#validate(credentials) ⇒ Object
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
# File 'lib/casserver/authenticators/sql.rb', line 78 def validate(credentials) read_standard_credentials(credentials) raise_if_not_configured user_model = self.class.user_model username_column = @options[:username_column] || 'username' password_column = @options[:password_column] || 'password' $LOG.debug "#{self.class}: [#{user_model}] " + "Connection pool size: #{user_model.connection_pool.instance_variable_get(:@checked_out).length}/#{user_model.connection_pool.instance_variable_get(:@connections).length}" results = user_model.find(:all, :conditions => ["#{username_column} = ? AND #{password_column} = ?", @username, @password]) user_model.connection_pool.checkin(user_model.connection) if results.size > 0 $LOG.warn("#{self.class}: Multiple matches found for user #{@username.inspect}") if results.size > 1 unless @options[:extra_attributes].blank? if results.size > 1 $LOG.warn("#{self.class}: Unable to extract extra_attributes because multiple matches were found for #{@username.inspect}") else user = results.first extract_extra(user) log_extra end end return true else return false end end |