You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@kylin.apache.org by Wu XIANG <w....@gmail.com> on 2016/02/03 12:44:47 UTC
Kylin LDAP encryption
Hi all,
I'm configuring LDAP integration for Kylin. However, I got the following
error when I start Kylin server:
*"Invalid bean definition with name 'ldapSource' defined in class path
resource [kylinSecurity.xml]: Input length must be multiple of 16 when
decrypting with padded cipher"*
After a little bit of digging, I found this was due to "
*PasswordPlaceholderConfigurer*", which tries to decrypt passwords in
kylin.properties file. Does this mean passwords like "ldap.password" in
kylin.properties should be encrypted ? If so, I hope it's documented in
tutorial.
// PasswordPlaceholderConfigurer.java:Line71
protected String resolvePlaceholder(String placeholder, Properties props) {
if (placeholder.toLowerCase().contains("password")) {
return decrypt(props.getProperty(placeholder));
} else {
return props.getProperty(placeholder);
}
}
p.s.
Kylin Branch: v1.2-release
thanks
*wu*
Re: Kylin LDAP encryption
Posted by Jian Zhong <he...@gmail.com>.
PasswordPlaceholderConfigurer#encrypt will get right password.
from PasswordPlaceholderConfigure#resolvePlaceholder you can see any
placeholder will 'password' need encrypt.
On Wed, Feb 3, 2016 at 10:01 PM, Wu XIANG <w....@gmail.com> wrote:
> thanks jian,
>
> I managed to integrate LDAP by invoke "PasswordPlaceholderConfigurer#
> encrypt" to encrypt my passwords. I'm not sure if it's the correct way.
>
> If encryption is needed, is it possible to expose "
> PasswordPlaceholderConfigurer#encrypt" as a CLI tool or just make "
> PasswordPlaceholderConfigurer#key" configurable ?
>
> thanks
> wu
>
>
> On Wed, Feb 3, 2016 at 8:38 PM, Jian Zhong <he...@gmail.com> wrote:
>
>> Will update to doc,thank you
>>
>>
>> On Wednesday, February 3, 2016, Jian Zhong <he...@gmail.com>
>> wrote:
>>
>>> Yes, encrypted is required.
>>>
>>>
>>>
>>> On Wednesday, February 3, 2016, Wu XIANG <w....@gmail.com> wrote:
>>>
>>>> Hi all,
>>>>
>>>> I'm configuring LDAP integration for Kylin. However, I got the
>>>> following error when I start Kylin server:
>>>>
>>>> *"Invalid bean definition with name 'ldapSource' defined in class path
>>>> resource [kylinSecurity.xml]: Input length must be multiple of 16 when
>>>> decrypting with padded cipher"*
>>>>
>>>> After a little bit of digging, I found this was due to "
>>>> *PasswordPlaceholderConfigurer*", which tries to decrypt passwords in
>>>> kylin.properties file. Does this mean passwords like "ldap.password"
>>>> in kylin.properties should be encrypted ? If so, I hope it's documented in
>>>> tutorial.
>>>>
>>>> // PasswordPlaceholderConfigurer.java:Line71
>>>>
>>>> protected String resolvePlaceholder(String placeholder, Properties
>>>> props) {
>>>>
>>>> if (placeholder.toLowerCase().contains("password")) {
>>>>
>>>> return decrypt(props.getProperty(placeholder));
>>>>
>>>> } else {
>>>>
>>>> return props.getProperty(placeholder);
>>>>
>>>> }
>>>>
>>>> }
>>>>
>>>>
>>>> p.s.
>>>>
>>>> Kylin Branch: v1.2-release
>>>>
>>>>
>>>> thanks
>>>> *wu*
>>>>
>>>
>
>
> --
>
> *wu*
>
Re: Kylin LDAP encryption
Posted by Wu XIANG <w....@gmail.com>.
Hi Jian, I already filed KYLIN-1401
<https://issues.apache.org/jira/browse/KYLIN-1401> on jira, and will submit
a patch later.
thanks
wu
On Thu, Feb 4, 2016 at 9:11 AM, ShaoFeng Shi <sh...@apache.org> wrote:
> Hi Xiang, thanks for reporting this, and your suggestion is good, we
> should improve it in both document and the tool.
>
> 2016-02-04 0:51 GMT+08:00 Jian Zhong <he...@gmail.com>:
>
>> user can use this to generate encoded password, would appreciate it if
>> you can create a jira and contribute any cli tool to improve this, thanks
>>
>> On Thu, Feb 4, 2016 at 12:49 AM, Jian Zhong <he...@gmail.com>
>> wrote:
>>
>>> PasswordPlaceholderConfigurer#encrypt will get right password.
>>>
>>> from PasswordPlaceholderConfigure#resolvePlaceholder you can see any
>>> placeholder with 'password' need encrypt.
>>>
>>> On Wed, Feb 3, 2016 at 10:01 PM, Wu XIANG <w....@gmail.com> wrote:
>>>
>>>> thanks jian,
>>>>
>>>> I managed to integrate LDAP by invoke "PasswordPlaceholderConfigurer#
>>>> encrypt" to encrypt my passwords. I'm not sure if it's the correct way.
>>>>
>>>> If encryption is needed, is it possible to expose "
>>>> PasswordPlaceholderConfigurer#encrypt" as a CLI tool or just make "
>>>> PasswordPlaceholderConfigurer#key" configurable ?
>>>>
>>>> thanks
>>>> wu
>>>>
>>>>
>>>> On Wed, Feb 3, 2016 at 8:38 PM, Jian Zhong <he...@gmail.com>
>>>> wrote:
>>>>
>>>>> Will update to doc,thank you
>>>>>
>>>>>
>>>>> On Wednesday, February 3, 2016, Jian Zhong <he...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Yes, encrypted is required.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wednesday, February 3, 2016, Wu XIANG <w....@gmail.com> wrote:
>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>> I'm configuring LDAP integration for Kylin. However, I got the
>>>>>>> following error when I start Kylin server:
>>>>>>>
>>>>>>> *"Invalid bean definition with name 'ldapSource' defined in class
>>>>>>> path resource [kylinSecurity.xml]: Input length must be multiple of 16 when
>>>>>>> decrypting with padded cipher"*
>>>>>>>
>>>>>>> After a little bit of digging, I found this was due to "
>>>>>>> *PasswordPlaceholderConfigurer*", which tries to decrypt passwords
>>>>>>> in kylin.properties file. Does this mean passwords like "
>>>>>>> ldap.password" in kylin.properties should be encrypted ? If so, I
>>>>>>> hope it's documented in tutorial.
>>>>>>>
>>>>>>> // PasswordPlaceholderConfigurer.java:Line71
>>>>>>>
>>>>>>> protected String resolvePlaceholder(String placeholder, Properties
>>>>>>> props) {
>>>>>>>
>>>>>>> if (placeholder.toLowerCase().contains("password")) {
>>>>>>>
>>>>>>> return decrypt(props.getProperty(placeholder));
>>>>>>>
>>>>>>> } else {
>>>>>>>
>>>>>>> return props.getProperty(placeholder);
>>>>>>>
>>>>>>> }
>>>>>>>
>>>>>>> }
>>>>>>>
>>>>>>>
>>>>>>> p.s.
>>>>>>>
>>>>>>> Kylin Branch: v1.2-release
>>>>>>>
>>>>>>>
>>>>>>> thanks
>>>>>>> *wu*
>>>>>>>
>>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *wu*
>>>>
>>>
>>>
>>
>
>
> --
> Best regards,
>
> Shaofeng Shi
>
>
--
*wu*
Re: Kylin LDAP encryption
Posted by ShaoFeng Shi <sh...@apache.org>.
Hi Xiang, thanks for reporting this, and your suggestion is good, we should
improve it in both document and the tool.
2016-02-04 0:51 GMT+08:00 Jian Zhong <he...@gmail.com>:
> user can use this to generate encoded password, would appreciate it if you
> can create a jira and contribute any cli tool to improve this, thanks
>
> On Thu, Feb 4, 2016 at 12:49 AM, Jian Zhong <he...@gmail.com>
> wrote:
>
>> PasswordPlaceholderConfigurer#encrypt will get right password.
>>
>> from PasswordPlaceholderConfigure#resolvePlaceholder you can see any
>> placeholder with 'password' need encrypt.
>>
>> On Wed, Feb 3, 2016 at 10:01 PM, Wu XIANG <w....@gmail.com> wrote:
>>
>>> thanks jian,
>>>
>>> I managed to integrate LDAP by invoke "PasswordPlaceholderConfigurer#
>>> encrypt" to encrypt my passwords. I'm not sure if it's the correct way.
>>>
>>> If encryption is needed, is it possible to expose "
>>> PasswordPlaceholderConfigurer#encrypt" as a CLI tool or just make "
>>> PasswordPlaceholderConfigurer#key" configurable ?
>>>
>>> thanks
>>> wu
>>>
>>>
>>> On Wed, Feb 3, 2016 at 8:38 PM, Jian Zhong <he...@gmail.com>
>>> wrote:
>>>
>>>> Will update to doc,thank you
>>>>
>>>>
>>>> On Wednesday, February 3, 2016, Jian Zhong <he...@gmail.com>
>>>> wrote:
>>>>
>>>>> Yes, encrypted is required.
>>>>>
>>>>>
>>>>>
>>>>> On Wednesday, February 3, 2016, Wu XIANG <w....@gmail.com> wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> I'm configuring LDAP integration for Kylin. However, I got the
>>>>>> following error when I start Kylin server:
>>>>>>
>>>>>> *"Invalid bean definition with name 'ldapSource' defined in class
>>>>>> path resource [kylinSecurity.xml]: Input length must be multiple of 16 when
>>>>>> decrypting with padded cipher"*
>>>>>>
>>>>>> After a little bit of digging, I found this was due to "
>>>>>> *PasswordPlaceholderConfigurer*", which tries to decrypt passwords
>>>>>> in kylin.properties file. Does this mean passwords like "
>>>>>> ldap.password" in kylin.properties should be encrypted ? If so, I
>>>>>> hope it's documented in tutorial.
>>>>>>
>>>>>> // PasswordPlaceholderConfigurer.java:Line71
>>>>>>
>>>>>> protected String resolvePlaceholder(String placeholder, Properties
>>>>>> props) {
>>>>>>
>>>>>> if (placeholder.toLowerCase().contains("password")) {
>>>>>>
>>>>>> return decrypt(props.getProperty(placeholder));
>>>>>>
>>>>>> } else {
>>>>>>
>>>>>> return props.getProperty(placeholder);
>>>>>>
>>>>>> }
>>>>>>
>>>>>> }
>>>>>>
>>>>>>
>>>>>> p.s.
>>>>>>
>>>>>> Kylin Branch: v1.2-release
>>>>>>
>>>>>>
>>>>>> thanks
>>>>>> *wu*
>>>>>>
>>>>>
>>>
>>>
>>> --
>>>
>>> *wu*
>>>
>>
>>
>
--
Best regards,
Shaofeng Shi
Re: Kylin LDAP encryption
Posted by Jian Zhong <he...@gmail.com>.
user can use this to generate encoded password, would appreciate it if you
can create a jira and contribute any cli tool to improve this, thanks
On Thu, Feb 4, 2016 at 12:49 AM, Jian Zhong <he...@gmail.com> wrote:
> PasswordPlaceholderConfigurer#encrypt will get right password.
>
> from PasswordPlaceholderConfigure#resolvePlaceholder you can see any
> placeholder with 'password' need encrypt.
>
> On Wed, Feb 3, 2016 at 10:01 PM, Wu XIANG <w....@gmail.com> wrote:
>
>> thanks jian,
>>
>> I managed to integrate LDAP by invoke "PasswordPlaceholderConfigurer#
>> encrypt" to encrypt my passwords. I'm not sure if it's the correct way.
>>
>> If encryption is needed, is it possible to expose "
>> PasswordPlaceholderConfigurer#encrypt" as a CLI tool or just make "
>> PasswordPlaceholderConfigurer#key" configurable ?
>>
>> thanks
>> wu
>>
>>
>> On Wed, Feb 3, 2016 at 8:38 PM, Jian Zhong <he...@gmail.com>
>> wrote:
>>
>>> Will update to doc,thank you
>>>
>>>
>>> On Wednesday, February 3, 2016, Jian Zhong <he...@gmail.com>
>>> wrote:
>>>
>>>> Yes, encrypted is required.
>>>>
>>>>
>>>>
>>>> On Wednesday, February 3, 2016, Wu XIANG <w....@gmail.com> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> I'm configuring LDAP integration for Kylin. However, I got the
>>>>> following error when I start Kylin server:
>>>>>
>>>>> *"Invalid bean definition with name 'ldapSource' defined in class path
>>>>> resource [kylinSecurity.xml]: Input length must be multiple of 16 when
>>>>> decrypting with padded cipher"*
>>>>>
>>>>> After a little bit of digging, I found this was due to "
>>>>> *PasswordPlaceholderConfigurer*", which tries to decrypt passwords in
>>>>> kylin.properties file. Does this mean passwords like "ldap.password"
>>>>> in kylin.properties should be encrypted ? If so, I hope it's documented in
>>>>> tutorial.
>>>>>
>>>>> // PasswordPlaceholderConfigurer.java:Line71
>>>>>
>>>>> protected String resolvePlaceholder(String placeholder, Properties
>>>>> props) {
>>>>>
>>>>> if (placeholder.toLowerCase().contains("password")) {
>>>>>
>>>>> return decrypt(props.getProperty(placeholder));
>>>>>
>>>>> } else {
>>>>>
>>>>> return props.getProperty(placeholder);
>>>>>
>>>>> }
>>>>>
>>>>> }
>>>>>
>>>>>
>>>>> p.s.
>>>>>
>>>>> Kylin Branch: v1.2-release
>>>>>
>>>>>
>>>>> thanks
>>>>> *wu*
>>>>>
>>>>
>>
>>
>> --
>>
>> *wu*
>>
>
>
Re: Kylin LDAP encryption
Posted by Jian Zhong <he...@gmail.com>.
PasswordPlaceholderConfigurer#encrypt will get right password.
from PasswordPlaceholderConfigure#resolvePlaceholder you can see any
placeholder with 'password' need encrypt.
On Wed, Feb 3, 2016 at 10:01 PM, Wu XIANG <w....@gmail.com> wrote:
> thanks jian,
>
> I managed to integrate LDAP by invoke "PasswordPlaceholderConfigurer#
> encrypt" to encrypt my passwords. I'm not sure if it's the correct way.
>
> If encryption is needed, is it possible to expose "
> PasswordPlaceholderConfigurer#encrypt" as a CLI tool or just make "
> PasswordPlaceholderConfigurer#key" configurable ?
>
> thanks
> wu
>
>
> On Wed, Feb 3, 2016 at 8:38 PM, Jian Zhong <he...@gmail.com> wrote:
>
>> Will update to doc,thank you
>>
>>
>> On Wednesday, February 3, 2016, Jian Zhong <he...@gmail.com>
>> wrote:
>>
>>> Yes, encrypted is required.
>>>
>>>
>>>
>>> On Wednesday, February 3, 2016, Wu XIANG <w....@gmail.com> wrote:
>>>
>>>> Hi all,
>>>>
>>>> I'm configuring LDAP integration for Kylin. However, I got the
>>>> following error when I start Kylin server:
>>>>
>>>> *"Invalid bean definition with name 'ldapSource' defined in class path
>>>> resource [kylinSecurity.xml]: Input length must be multiple of 16 when
>>>> decrypting with padded cipher"*
>>>>
>>>> After a little bit of digging, I found this was due to "
>>>> *PasswordPlaceholderConfigurer*", which tries to decrypt passwords in
>>>> kylin.properties file. Does this mean passwords like "ldap.password"
>>>> in kylin.properties should be encrypted ? If so, I hope it's documented in
>>>> tutorial.
>>>>
>>>> // PasswordPlaceholderConfigurer.java:Line71
>>>>
>>>> protected String resolvePlaceholder(String placeholder, Properties
>>>> props) {
>>>>
>>>> if (placeholder.toLowerCase().contains("password")) {
>>>>
>>>> return decrypt(props.getProperty(placeholder));
>>>>
>>>> } else {
>>>>
>>>> return props.getProperty(placeholder);
>>>>
>>>> }
>>>>
>>>> }
>>>>
>>>>
>>>> p.s.
>>>>
>>>> Kylin Branch: v1.2-release
>>>>
>>>>
>>>> thanks
>>>> *wu*
>>>>
>>>
>
>
> --
>
> *wu*
>
Re: Kylin LDAP encryption
Posted by Wu XIANG <w....@gmail.com>.
thanks jian,
I managed to integrate LDAP by invoke "PasswordPlaceholderConfigurer#
encrypt" to encrypt my passwords. I'm not sure if it's the correct way.
If encryption is needed, is it possible to expose "
PasswordPlaceholderConfigurer#encrypt" as a CLI tool or just make "
PasswordPlaceholderConfigurer#key" configurable ?
thanks
wu
On Wed, Feb 3, 2016 at 8:38 PM, Jian Zhong <he...@gmail.com> wrote:
> Will update to doc,thank you
>
>
> On Wednesday, February 3, 2016, Jian Zhong <he...@gmail.com> wrote:
>
>> Yes, encrypted is required.
>>
>>
>>
>> On Wednesday, February 3, 2016, Wu XIANG <w....@gmail.com> wrote:
>>
>>> Hi all,
>>>
>>> I'm configuring LDAP integration for Kylin. However, I got the
>>> following error when I start Kylin server:
>>>
>>> *"Invalid bean definition with name 'ldapSource' defined in class path
>>> resource [kylinSecurity.xml]: Input length must be multiple of 16 when
>>> decrypting with padded cipher"*
>>>
>>> After a little bit of digging, I found this was due to "
>>> *PasswordPlaceholderConfigurer*", which tries to decrypt passwords in
>>> kylin.properties file. Does this mean passwords like "ldap.password" in
>>> kylin.properties should be encrypted ? If so, I hope it's documented in
>>> tutorial.
>>>
>>> // PasswordPlaceholderConfigurer.java:Line71
>>>
>>> protected String resolvePlaceholder(String placeholder, Properties
>>> props) {
>>>
>>> if (placeholder.toLowerCase().contains("password")) {
>>>
>>> return decrypt(props.getProperty(placeholder));
>>>
>>> } else {
>>>
>>> return props.getProperty(placeholder);
>>>
>>> }
>>>
>>> }
>>>
>>>
>>> p.s.
>>>
>>> Kylin Branch: v1.2-release
>>>
>>>
>>> thanks
>>> *wu*
>>>
>>
--
*wu*
Re: Kylin LDAP encryption
Posted by Jian Zhong <he...@gmail.com>.
Will update to doc,thank you
On Wednesday, February 3, 2016, Jian Zhong <he...@gmail.com> wrote:
> Yes, encrypted is required.
>
>
>
> On Wednesday, February 3, 2016, Wu XIANG <w.xiang7@gmail.com
> <javascript:_e(%7B%7D,'cvml','w.xiang7@gmail.com');>> wrote:
>
>> Hi all,
>>
>> I'm configuring LDAP integration for Kylin. However, I got the
>> following error when I start Kylin server:
>>
>> *"Invalid bean definition with name 'ldapSource' defined in class path
>> resource [kylinSecurity.xml]: Input length must be multiple of 16 when
>> decrypting with padded cipher"*
>>
>> After a little bit of digging, I found this was due to "
>> *PasswordPlaceholderConfigurer*", which tries to decrypt passwords in
>> kylin.properties file. Does this mean passwords like "ldap.password" in
>> kylin.properties should be encrypted ? If so, I hope it's documented in
>> tutorial.
>>
>> // PasswordPlaceholderConfigurer.java:Line71
>>
>> protected String resolvePlaceholder(String placeholder, Properties props)
>> {
>>
>> if (placeholder.toLowerCase().contains("password")) {
>>
>> return decrypt(props.getProperty(placeholder));
>>
>> } else {
>>
>> return props.getProperty(placeholder);
>>
>> }
>>
>> }
>>
>>
>> p.s.
>>
>> Kylin Branch: v1.2-release
>>
>>
>> thanks
>> *wu*
>>
>
Re: Kylin LDAP encryption
Posted by Jian Zhong <he...@gmail.com>.
Yes, encrypted is required.
On Wednesday, February 3, 2016, Wu XIANG <w....@gmail.com> wrote:
> Hi all,
>
> I'm configuring LDAP integration for Kylin. However, I got the
> following error when I start Kylin server:
>
> *"Invalid bean definition with name 'ldapSource' defined in class path
> resource [kylinSecurity.xml]: Input length must be multiple of 16 when
> decrypting with padded cipher"*
>
> After a little bit of digging, I found this was due to "
> *PasswordPlaceholderConfigurer*", which tries to decrypt passwords in
> kylin.properties file. Does this mean passwords like "ldap.password" in
> kylin.properties should be encrypted ? If so, I hope it's documented in
> tutorial.
>
> // PasswordPlaceholderConfigurer.java:Line71
>
> protected String resolvePlaceholder(String placeholder, Properties props) {
>
> if (placeholder.toLowerCase().contains("password")) {
>
> return decrypt(props.getProperty(placeholder));
>
> } else {
>
> return props.getProperty(placeholder);
>
> }
>
> }
>
>
> p.s.
>
> Kylin Branch: v1.2-release
>
>
> thanks
> *wu*
>