You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@turbine.apache.org by an...@haertel-net.de on 2004/02/25 13:52:01 UTC
Problem with encrypted password in turbine 2.3
Hallo,
I'm using turbine 2.3 with the Torque Security Service.
I've created an extended user table, have made the changes in
TR.properties, took from file
http://jakarta.apache.org/turbine/turbine-2.3/services/torque-security-service.html.
----snip----
services.SecurityService.classname =
org.apache.turbine.services.security.torque.TorqueSecurityService
services.SecurityService.user.manager =
org.apache.turbine.services.security.torque.TorqueUserManager
# Class for User. Default: org.apache.turbine.om.security.TurbineUser
services.SecurityService.user.class =
de.soltics.falconBase.modules.util.ExtendedUser
# This is the Peer class used to access the user peer
(org.apache.turbine.services.security.torque.om.TurbineUserPeer)
services.SecurityService.torque.userPeer.class =
de.soltics.falconBase.om.CustomUserPeer
# Class for Group. Default: org.apache.turbine.om.security.TurbineGroup
#services.SecurityService.group.class=org.apache.turbine.om.security.TurbineGroup
services.SecurityService.group.class=org.apache.turbine.services.security.torque.TorqueGroup
# Class for Role. Default: org.apache.turbine.om.security.TurbineRole
#services.SecurityService.role.class=org.apache.turbine.om.security.TurbineRole
services.SecurityService.role.class=org.apache.turbine.services.security.torque.TorqueRole
# Class for Permission. Default:
org.apache.turbine.om.security.TurbinePermission
#services.SecurityService.permission.class=org.apache.turbine.om.security.TurbinePermission
services.SecurityService.permission.class=org.apache.turbine.services.security.torque.TorquePermission
#
# This is the class that implements the ACL interface.
# You want to override this setting only if you want your ACL
# implementation to provide application specific addtional
# functionality.
#
# Default: org.apache.turbine.util.security.TurbineAccessControlList
services.SecurityService.acl.class =
org.apache.turbine.util.security.TurbineAccessControlList
----snip----
This works fine with unsafe passwords.
When I'm setting secure password to true, an new user 'll be created
with an encrypted password.
However, when I try login to my application, the
TorqueUserManager.authenticate fails with an
Exception.
Exception: org.apache.turbine.util.security.PasswordMismatchException:
The passwords do not match
org.apache.turbine.util.security.PasswordMismatchException: The
passwords do not match
at
org.apache.turbine.services.security.torque.TorqueUserManager.authenticate(TorqueUserManager.java:387)
What is wrong?
Help, Please
Andreas
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org
RE: Problem with encrypted password in turbine 2.3
Posted by Eric Pugh <ep...@upstate.com>.
I would try and write a unit test that isolates as much as possible just the
passwords, to make sure the encryption is properly working. There are unit
tests in Turbine CVS that demonstrate that encryption is working properly.
Eric
> -----Original Message-----
> From: andreas@haertel-net.de [mailto:andreas@haertel-net.de]
> Sent: Wednesday, February 25, 2004 1:52 PM
> To: turbine-user@jakarta.apache.org
> Subject: Problem with encrypted password in turbine 2.3
>
>
>
> Hallo,
>
>
> I'm using turbine 2.3 with the Torque Security Service.
> I've created an extended user table, have made the changes in
> TR.properties, took from file
> http://jakarta.apache.org/turbine/turbine-2.3/services/torque-
> security-service.html.
>
> ----snip----
> services.SecurityService.classname =
> org.apache.turbine.services.security.torque.TorqueSecurityService
> services.SecurityService.user.manager =
> org.apache.turbine.services.security.torque.TorqueUserManager
>
> # Class for User. Default: org.apache.turbine.om.security.TurbineUser
> services.SecurityService.user.class =
> de.soltics.falconBase.modules.util.ExtendedUser
>
> # This is the Peer class used to access the user peer
> (org.apache.turbine.services.security.torque.om.TurbineUserPeer)
> services.SecurityService.torque.userPeer.class =
> de.soltics.falconBase.om.CustomUserPeer
>
> # Class for Group. Default:
> org.apache.turbine.om.security.TurbineGroup
> #services.SecurityService.group.class=org.apache.turbine.om.se
> curity.TurbineGroup
> services.SecurityService.group.class=org.apache.turbine.servic
> es.security.torque.TorqueGroup
>
> # Class for Role. Default: org.apache.turbine.om.security.TurbineRole
> #services.SecurityService.role.class=org.apache.turbine.om.sec
> urity.TurbineRole
> services.SecurityService.role.class=org.apache.turbine.service
> s.security.torque.TorqueRole
>
> # Class for Permission. Default:
> org.apache.turbine.om.security.TurbinePermission
> #services.SecurityService.permission.class=org.apache.turbine.
> om.security.TurbinePermission
> services.SecurityService.permission.class=org.apache.turbine.s
> ervices.security.torque.TorquePermission
>
> #
> # This is the class that implements the ACL interface.
> # You want to override this setting only if you want your ACL
> # implementation to provide application specific addtional
> # functionality.
> #
>
> # Default: org.apache.turbine.util.security.TurbineAccessControlList
> services.SecurityService.acl.class =
> org.apache.turbine.util.security.TurbineAccessControlList
>
> ----snip----
>
> This works fine with unsafe passwords.
>
> When I'm setting secure password to true, an new user 'll be created
> with an encrypted password.
> However, when I try login to my application, the
> TorqueUserManager.authenticate fails with an
> Exception.
>
> Exception: org.apache.turbine.util.security.PasswordMismatchException:
> The passwords do not match
> org.apache.turbine.util.security.PasswordMismatchException: The
> passwords do not match
> at
> org.apache.turbine.services.security.torque.TorqueUserManager.
> authenticate(TorqueUserManager.java:387)
>
>
> What is wrong?
>
>
> Help, Please
>
>
> Andreas
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: turbine-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org