portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From DavidSeanTaylor <da...@bluesunrise.com>
Subject Re: How to decode stored passwords
Date Wed, 01 Feb 2017 03:17:32 GMT
Additionally, you need to first commend out the current CredentialPasswordEncode around line
27 of security-spi-atn.xml:

 <!-- MessageDigest encode passwords using SHA-1 -->
  <!--
  <bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
    class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
    <meta key="j2:cat" value="default or security" />
    <constructor-arg index="0">
      <value>SHA-1</value>
    </constructor-arg>
  </bean>
  —>

And then uncomment the replacement encoder further down in the same file. You have two choices,
I went with the backward compatibility one (line 79, not line 67:

Make sure you enter a PBE key for constructor index 0, and a timestamp (see below) for constructor
index 2:

<!-- A Two-way encoding password service which also implements CredentialPasswordEncoder
    Furthermore, this extension of the PBEPasswordService supports lazy upgrading from an
old CredentialPasswordEncoder
    like the default provided MessageDigestCredentialPasswordEncoder
    -->
    <bean id="org.apache.jetspeed.security.PasswordEncodingService"
    name="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
    class="org.apache.jetspeed.security.spi.impl.AlgorithmUpgradePBEPasswordService">
    <constructor-arg index="0">
    <!-- secret PBE key password -->
    <value>jetspeed</value>
    </constructor-arg>
    <constructor-arg index="1">
    <!-- old MessageDigestCredentialPasswordEncoder to be upgrading from, using SHA-1 -->
    <bean class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
    <constructor-arg index="0"><value>SHA-1</value></constructor-arg>
      
    </bean>       
    </constructor-arg>
    <constructor-arg index="2">
    <!-- startPBEPasswordEncodingService: date before which old encoded passwords need
to be recoded (on authentication)
    (SimpleDateFormat) format: yyyy-MM-dd HH:mm:ss
    -->
    <value>2017-01-30 15:00:00</value>
    </constructor-arg>
    </bean>
  
This seems to work for me and was backward compatible (tested on 2.3.2. trunk)

> On Jan 30, 2017, at 8:00 AM, Giacomo Morri <giacomo.morri@cone.it> wrote:
> 
> Hi, i'm trying to implement a function that permit to login in jetspeed "as a user".
> I've tried to decode users password using the "PasswordEncodingService", but trying to
enable it i retrieve an error in jetspeed log:
> 
> "Error creating bean with name 'PortalServices' defined in ServletContext resource [/WEB-INF/assembly/jetspeed-services.xml]:
Cannot resolve reference to bean 'org.apache.jetspeed.security.PasswordEncodingService' while
setting constructor argument with key [TypedStringValue: value [PasswordEncodingService],
target type [null]]; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException:
No bean named 'org.apache.jetspeed.security.PasswordEncodingService' is defined"
> 
> How can i enable the api PasswordEncodingService?
> 
> Best regards,
> Giacomo Morri


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message