You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openmeetings.apache.org by Peter Dähn <da...@vcrp.de> on 2017/06/12 11:40:00 UTC
Re: Error while import backup
so.. now it is time I think...
Congratulations! I hope you had a nice wedding and a few relaxing days...
Greetings Peter
Am 24.05.2017 um 12:03 schrieb Peter Dähn:
> ok.. then good luck...
>
> and best wishes when you are back... ;-)
>
>
>
> Am 24.05.2017 um 11:57 schrieb Maxim Solodovnik:
>> Thanks :)
>>
>> I'll be on vacation for the next 2 weeks, with rare access to the email
>> from my phone, so no rush :)
>>
>> On Wed, May 24, 2017 at 4:55 PM, Peter Dähn <da...@vcrp.de> wrote:
>>
>>> ok.. need to think about it... ;-)
>>>
>>> I will be back in office next week... maybe with "THE IDEA".. or maybe
>>> not... ;-)
>>>
>>> Greetings Peter
>>>
>>> Am 24.05.2017 um 11:21 schrieb Maxim Solodovnik:
>>>
>>>> It is all discussible :)
>>>>
>>>> 3.0.7 still uses MD5CryptImplementation
>>>> <https://github.com/apache/openmeetings/blob/3.0.x/src/util/
>>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java>
>>>> which
>>>> is not secure at all :(((
>>>> We can add back SHA256Implementation
>>>> <https://github.com/apache/openmeetings/blob/3.1.x/openmeeti
>>>> ngs-util/src/main/java/org/apache/openmeetings/util/
>>>> crypt/SHA256Implementation.java>
>>>>
>>>> (
>>>> available since 3.1.x) for compatibility reasons, but I'm afraid
>>>> there is
>>>> no clean way to perform backup and preserve passwords .....
>>>>
>>>> I thought maybe we can add "Reset All passwords" admin function, but
>>>> it is
>>>> totally insecure :(
>>>> Any ideas are appreciated :)
>>>>
>>>> On Wed, May 24, 2017 at 4:15 PM, Peter Dähn <da...@vcrp.de> wrote:
>>>>
>>>> Hi,
>>>>> I think further investigation is not needed. I just didn't see it
>>>>> before...
>>>>>
>>>>> Is this behavior the final state? Then it will be difficult to
>>>>> update my
>>>>> installation (3.0.7). This also should the problem with any
>>>>> installation
>>>>> before 3.3.0. Isn't it?
>>>>>
>>>>> Greetings Peter
>>>>>
>>>>> Am 24.05.2017 um 11:07 schrieb Maxim Solodovnik:
>>>>>
>>>>> Hello Peter,
>>>>>> these debug messages are OK during import (I can perform further
>>>>>> investigation, but I believe this is not an issue)
>>>>>>
>>>>>> Current 4.0.0 contains backported code from 3.3.0 which has stronger
>>>>>> Password rules ...
>>>>>> You were unable to login after restore from backup since Password
>>>>>> Crypt
>>>>>> was
>>>>>> changed to the SCrypt, which is stronger than SHA512 used before
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, May 24, 2017 at 3:50 PM, Peter Dähn <da...@vcrp.de> wrote:
>>>>>>
>>>>>> I tried to reset the password. I got following message:
>>>>>>
>>>>>>> "Weak' password: at least 1 special symbol '!@#$%^&*][' is required"
>>>>>>>
>>>>>>> Could this be the Problem? I think this shouldn't be like that,
>>>>>>> because
>>>>>>> there wasn't such restriction before.
>>>>>>>
>>>>>>> Greetings Peter
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Am 24.05.2017 um 10:21 schrieb Peter Dähn:
>>>>>>>
>>>>>>> Hi Maxim,
>>>>>>>
>>>>>>>> I wanted to try out html5 video components...
>>>>>>>>
>>>>>>>> While importing my backup (worked before) I got a lot of these
>>>>>>>> messages
>>>>>>>> below.
>>>>>>>>
>>>>>>>> DEBUG 05-24 10:06:49.592 AuthLevelUtil.java 56867 40
>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>> Login ::
>>>>>>>> [GRANTED]
>>>>>>>> DEBUG 05-24 10:06:49.601 AuthLevelUtil.java 56876 40
>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>> Login ::
>>>>>>>> [DENIED]
>>>>>>>> DEBUG 05-24 10:06:49.609 AuthLevelUtil.java 56884 40
>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>> Login ::
>>>>>>>> [DENIED]
>>>>>>>> DEBUG 05-24 10:06:49.615 AuthLevelUtil.java 56890 40
>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>> Login ::
>>>>>>>> [DENIED]
>>>>>>>> DEBUG 05-24 10:06:49.622 AuthLevelUtil.java 56897 40
>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>> Login ::
>>>>>>>> [DENIED]
>>>>>>>> DEBUG 05-24 10:06:49.629 AuthLevelUtil.java 56904 40
>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>> Login ::
>>>>>>>> [DENIED]
>>>>>>>> DEBUG 05-24 10:06:49.636 AuthLevelUtil.java 56911 40
>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>> Login ::
>>>>>>>> [DENIED]
>>>>>>>>
>>>>>>>> I never noticed these ones before. After starting the server, I
>>>>>>>> couldn't
>>>>>>>> login with my admin user. "Username/email and/or password are
>>>>>>>> incorrect."
>>>>>>>>
>>>>>>>> Any Ideas?
>>>>>>>>
>>>>>>>> Greetings Peter
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>
>
Re: Error while import backup
Posted by Maxim Solodovnik <so...@gmail.com>.
Good to know :)
Thanks for testing :)
WBR, Maxim
(from mobile, sorry for the typos)
On Jun 19, 2017 18:51, "Peter Dähn" <da...@vcrp.de> wrote:
> Hi Maxim,
>
> I was a bit late for helping to figure this out... Lunch break...
>
> But here it comes..
>
> DEBUG 06-19 13:45:32.625 UserDao.java 79903 642
> org.apache.openmeetings.db.dao.user.UserDao
> [http-nio-0.0.0.0-5080-exec-6] - login:: 1 users were found
> DEBUG 06-19 13:45:32.669 CryptProvider.java 79947 36
> org.apache.openmeetings.util.crypt.CryptProvider
> [http-nio-0.0.0.0-5080-exec-6] - getInstanceOfCrypt::
> configKeyCryptClassName: org.apache.openmeetings.util.c
> rypt.SCryptImplementation
> WARN 06-19 13:45:32.708 UserDao.java 79986 478
> org.apache.openmeetings.db.dao.user.UserDao
> [http-nio-0.0.0.0-5080-exec-6] - Password for user with ID 1 crypted with
> outdated Crypt, updating ...
> WARN 06-19 13:45:35.013 UserDao.java 82291 481
> org.apache.openmeetings.db.dao.user.UserDao
> [http-nio-0.0.0.0-5080-exec-6] - Password for user User [id=1,
> firstname=xxx, lastname=xxx, login=xxx, pictureuri=xxx.jpg, deleted=false,
> languageId=2, address=Address [id=1, country=DE, street=street, town=town,
> zip=zip, deleted=false, email=xxx@xxx, phone=phone], externalId=null,
> externalType=null, type=user] updated successfully
> DEBUG 06-19 13:45:35.016 AuthLevelUtil.java 82294 40
> org.apache.openmeetings.db.util.AuthLevelUtil
> [http-nio-0.0.0.0-5080-exec-6] - Level Login :: [GRANTED]
>
> Worked for me, and the best way to handle this, I think,
>
> Thanks for quick fixing!
>
> Greetings Peter
>
>
> Am 19.06.2017 um 12:42 schrieb Maxim Solodovnik:
>
>> Build 44+ from here:
>> https://builds.apache.org/view/M-R/view/OpenMeetings/job/
>> Openmeetings%203.3.x/
>>
>> On Mon, Jun 19, 2017 at 5:40 PM, Maxim Solodovnik <so...@gmail.com>
>> wrote:
>>
>> Found the issue, sorry for the noise
>>>
>>> On Mon, Jun 19, 2017 at 5:38 PM, Maxim Solodovnik <so...@gmail.com>
>>> wrote:
>>>
>>> Weird ....
>>>> my tests shows crypt class can't be MD5Implementation after import ....
>>>> Maybe you did any manual manipulations with DB?
>>>>
>>>> On Mon, Jun 19, 2017 at 5:30 PM, Maxim Solodovnik <solomax666@gmail.com
>>>> >
>>>> wrote:
>>>>
>>>> Additional fix is required :(
>>>>> Could you please manually change crypt class name in configuration DB
>>>>> table to be org.apache.openmeetings.util.crypt.SCryptImplementation
>>>>> and
>>>>> restart OM?
>>>>>
>>>>> will try to commit changes ASAP
>>>>>
>>>>> On Mon, Jun 19, 2017 at 5:06 PM, Peter Dähn <da...@vcrp.de> wrote:
>>>>>
>>>>> Hello Maxim,
>>>>>>
>>>>>> checked out fresh 3.3.x code and compiled it.
>>>>>>
>>>>>> ########################################################
>>>>>> # Openmeetings is up #
>>>>>> # 3.3.0-SNAPSHOT 5889b5beda3299418cf80ee68846ea5ce54ee9ed
>>>>>> 2017/06/19 09:33 #
>>>>>> # and ready to use #
>>>>>> ########################################################
>>>>>>
>>>>>> Import backup works so far, Login ended up in "Internal Error Page".
>>>>>> Belonging Error in the log underneath.
>>>>>>
>>>>>>
>>>>>> DEBUG 06-19 12:00:03.155 UserDao.java 162929 642
>>>>>> org.apache.openmeetings.db.dao.user.UserDao
>>>>>> [http-nio-0.0.0.0-5080-exec-7] - login:: 1 users were found
>>>>>> DEBUG 06-19 12:00:03.169 CryptProvider.java 162943 36
>>>>>> org.apache.openmeetings.util.crypt.CryptProvider
>>>>>> [http-nio-0.0.0.0-5080-exec-7] - getInstanceOfCrypt::
>>>>>> configKeyCryptClassName: org.apache.openmeetings.util.c
>>>>>> rypt.MD5Implementation
>>>>>> ERROR 06-19 12:00:03.174 CryptProvider.java 162948 40
>>>>>> org.apache.openmeetings.util.crypt.CryptProvider
>>>>>> [http-nio-0.0.0.0-5080-exec-7] - [getInstanceOfCrypt]
>>>>>> java.lang.ClassCastException: org.apache.openmeetings.util.c
>>>>>> rypt.MD5Implementation
>>>>>> cannot be cast to org.apache.openmeetings.util.crypt.ICrypt
>>>>>> at org.apache.openmeetings.util.crypt.CryptProvider.get(CryptPr
>>>>>> ovider.java:38)
>>>>>> at org.apache.openmeetings.db.dao.user.UserDao.verifyPassword(U
>>>>>> serDao.java:473)
>>>>>> at org.apache.openmeetings.db.dao.user.UserDao.login(UserDao.ja
>>>>>> va:650)
>>>>>> at org.apache.openmeetings.db.dao.user.UserDao$$FastClassBySpri
>>>>>> ngCGLIB$$1492ba5a.invoke(<generated>)
>>>>>> at org.springframework.cglib.proxy.MethodProxy.invoke(MethodPro
>>>>>> xy.java:204)
>>>>>> at org.springframework.aop.framework.CglibAopProxy$CglibMethodI
>>>>>> nvocation.invokeJoinpoint(CglibAopProxy.java:721)
>>>>>> at org.springframework.aop.framework.ReflectiveMethodInvocation
>>>>>> .proceed(ReflectiveMethodInvocation.java:157)
>>>>>> at org.springframework.transaction.interceptor.TransactionInter
>>>>>> ceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
>>>>>> at org.springframework.transaction.interceptor.TransactionAspec
>>>>>> tSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
>>>>>> at org.springframework.transaction.interceptor.TransactionInter
>>>>>> ceptor.invoke(TransactionInterceptor.java:96)
>>>>>> at org.springframework.aop.framework.ReflectiveMethodInvocation
>>>>>> .proceed(ReflectiveMethodInvocation.java:179)
>>>>>> at org.springframework.aop.framework.CglibAopProxy$DynamicAdvis
>>>>>> edInterceptor.intercept(CglibAopProxy.java:656)
>>>>>> at org.apache.openmeetings.db.dao.user.UserDao$$EnhancerBySprin
>>>>>> gCGLIB$$ae5af194.login(<generated>)
>>>>>> at org.apache.openmeetings.web.app.WebSession.signIn(WebSession
>>>>>> .java:336)
>>>>>> at org.apache.openmeetings.web.pages.auth.SignInDialog.onSubmit
>>>>>> (SignInDialog.java:188)
>>>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
>>>>>> alog$DialogFormSubmitter.onSubmit(AbstractFormDialog.java:294)
>>>>>> at org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.
>>>>>> java:1248)
>>>>>> at org.apache.wicket.markup.html.form.Form.process(Form.java:94
>>>>>> 6)
>>>>>> at org.apache.wicket.markup.html.form.StatelessForm.process(Sta
>>>>>> telessForm.java:100)
>>>>>> at org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form
>>>>>> .java:770)
>>>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
>>>>>> alog.internalOnClick(AbstractFormDialog.java:215)
>>>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractDialog
>>>>>> $1.onClick(AbstractDialog.java:413)
>>>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.DialogBehavior
>>>>>> .onAjax(DialogBehavior.java:188)
>>>>>> at com.googlecode.wicket.jquery.core.ajax.JQueryAjaxBehavior.re
>>>>>> spond(JQueryAjaxBehavior.java:173)
>>>>>> at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest
>>>>>> (AbstractDefaultAjaxBehavior.java:598)
>>>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>>>> r.internalInvoke(ListenerRequestHandler.java:308)
>>>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>>>> r.invoke(ListenerRequestHandler.java:282)
>>>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>>>> r.invokeListener(ListenerRequestHandler.java:224)
>>>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>>>> r.respond(ListenerRequestHandler.java:210)
>>>>>> at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor
>>>>>> .respond(RequestCycle.java:912)
>>>>>> at org.apache.wicket.request.RequestHandlerExecutor.execute(Req
>>>>>> uestHandlerExecutor.java:65)
>>>>>> at org.apache.wicket.request.cycle.RequestCycle.execute(Request
>>>>>> Cycle.java:283)
>>>>>> at org.apache.wicket.request.cycle.RequestCycle.processRequest(
>>>>>> RequestCycle.java:253)
>>>>>> at org.apache.wicket.request.cycle.RequestCycle.processRequestA
>>>>>> ndDetach(RequestCycle.java:221)
>>>>>> at org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processR
>>>>>> equestCycle(AbstractUpgradeFilter.java:70)
>>>>>> at org.apache.wicket.protocol.http.WicketFilter.processRequest(
>>>>>> WicketFilter.java:204)
>>>>>> at org.apache.wicket.protocol.http.WicketFilter.doFilter(Wicket
>>>>>> Filter.java:286)
>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>>>>>> lter(ApplicationFilterChain.java:192)
>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>>>>>> licationFilterChain.java:165)
>>>>>> at org.red5.logging.LoggerContextFilter.doFilter(LoggerContextF
>>>>>> ilter.java:84)
>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>>>>>> lter(ApplicationFilterChain.java:192)
>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>>>>>> licationFilterChain.java:165)
>>>>>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar
>>>>>> dWrapperValve.java:198)
>>>>>> at org.apache.catalina.core.StandardContextValve.invoke(Standar
>>>>>> dContextValve.java:96)
>>>>>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A
>>>>>> uthenticatorBase.java:478)
>>>>>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo
>>>>>> stValve.java:140)
>>>>>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo
>>>>>> rtValve.java:80)
>>>>>> at org.apache.catalina.valves.AbstractAccessLogValve.invoke(Abs
>>>>>> tractAccessLogValve.java:624)
>>>>>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard
>>>>>> EngineValve.java:87)
>>>>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd
>>>>>> apter.java:341)
>>>>>> at org.apache.coyote.http11.Http11Processor.service(Http11Proce
>>>>>> ssor.java:783)
>>>>>> at org.apache.coyote.AbstractProcessorLight.process(AbstractPro
>>>>>> cessorLight.java:66)
>>>>>> at org.apache.coyote.AbstractProtocol$ConnectionHandler.process
>>>>>> (AbstractProtocol.java:798)
>>>>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
>>>>>> (NioEndpoint.java:1441)
>>>>>> at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketPro
>>>>>> cessorBase.java:49)
>>>>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>>>>>> Executor.java:1142)
>>>>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>>>>>> lExecutor.java:617)
>>>>>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r
>>>>>> un(TaskThread.java:61)
>>>>>> at java.lang.Thread.run(Thread.java:745)
>>>>>> ERROR 06-19 12:00:03.191 DefaultExceptionMapper.java 162965 170
>>>>>> org.apache.wicket.DefaultExceptionMapper
>>>>>> [http-nio-0.0.0.0-5080-exec-7] - Unexpected error occurred
>>>>>> java.lang.NullPointerException: null
>>>>>> at org.apache.openmeetings.db.dao.user.UserDao.verifyPassword(U
>>>>>> serDao.java:474)
>>>>>> at org.apache.openmeetings.db.dao.user.UserDao.login(UserDao.ja
>>>>>> va:650)
>>>>>> at org.apache.openmeetings.db.dao.user.UserDao$$FastClassBySpri
>>>>>> ngCGLIB$$1492ba5a.invoke(<generated>)
>>>>>> at org.springframework.cglib.proxy.MethodProxy.invoke(MethodPro
>>>>>> xy.java:204)
>>>>>> at org.springframework.aop.framework.CglibAopProxy$CglibMethodI
>>>>>> nvocation.invokeJoinpoint(CglibAopProxy.java:721)
>>>>>> at org.springframework.aop.framework.ReflectiveMethodInvocation
>>>>>> .proceed(ReflectiveMethodInvocation.java:157)
>>>>>> at org.springframework.transaction.interceptor.TransactionInter
>>>>>> ceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
>>>>>> at org.springframework.transaction.interceptor.TransactionAspec
>>>>>> tSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
>>>>>> at org.springframework.transaction.interceptor.TransactionInter
>>>>>> ceptor.invoke(TransactionInterceptor.java:96)
>>>>>> at org.springframework.aop.framework.ReflectiveMethodInvocation
>>>>>> .proceed(ReflectiveMethodInvocation.java:179)
>>>>>> at org.springframework.aop.framework.CglibAopProxy$DynamicAdvis
>>>>>> edInterceptor.intercept(CglibAopProxy.java:656)
>>>>>> at org.apache.openmeetings.db.dao.user.UserDao$$EnhancerBySprin
>>>>>> gCGLIB$$ae5af194.login(<generated>)
>>>>>> at org.apache.openmeetings.web.app.WebSession.signIn(WebSession
>>>>>> .java:336)
>>>>>> at org.apache.openmeetings.web.pages.auth.SignInDialog.onSubmit
>>>>>> (SignInDialog.java:188)
>>>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
>>>>>> alog$DialogFormSubmitter.onSubmit(AbstractFormDialog.java:294)
>>>>>> at org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.
>>>>>> java:1248)
>>>>>> at org.apache.wicket.markup.html.form.Form.process(Form.java:94
>>>>>> 6)
>>>>>> at org.apache.wicket.markup.html.form.StatelessForm.process(Sta
>>>>>> telessForm.java:100)
>>>>>> at org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form
>>>>>> .java:770)
>>>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
>>>>>> alog.internalOnClick(AbstractFormDialog.java:215)
>>>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractDialog
>>>>>> $1.onClick(AbstractDialog.java:413)
>>>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.DialogBehavior
>>>>>> .onAjax(DialogBehavior.java:188)
>>>>>> at com.googlecode.wicket.jquery.core.ajax.JQueryAjaxBehavior.re
>>>>>> spond(JQueryAjaxBehavior.java:173)
>>>>>> at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest
>>>>>> (AbstractDefaultAjaxBehavior.java:598)
>>>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>>>> r.internalInvoke(ListenerRequestHandler.java:308)
>>>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>>>> r.invoke(ListenerRequestHandler.java:282)
>>>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>>>> r.invokeListener(ListenerRequestHandler.java:224)
>>>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>>>> r.respond(ListenerRequestHandler.java:210)
>>>>>> at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor
>>>>>> .respond(RequestCycle.java:912)
>>>>>> at org.apache.wicket.request.RequestHandlerExecutor.execute(Req
>>>>>> uestHandlerExecutor.java:65)
>>>>>> at org.apache.wicket.request.cycle.RequestCycle.execute(Request
>>>>>> Cycle.java:283)
>>>>>> at org.apache.wicket.request.cycle.RequestCycle.processRequest(
>>>>>> RequestCycle.java:253)
>>>>>> at org.apache.wicket.request.cycle.RequestCycle.processRequestA
>>>>>> ndDetach(RequestCycle.java:221)
>>>>>> at org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processR
>>>>>> equestCycle(AbstractUpgradeFilter.java:70)
>>>>>> at org.apache.wicket.protocol.http.WicketFilter.processRequest(
>>>>>> WicketFilter.java:204)
>>>>>> at org.apache.wicket.protocol.http.WicketFilter.doFilter(Wicket
>>>>>> Filter.java:286)
>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>>>>>> lter(ApplicationFilterChain.java:192)
>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>>>>>> licationFilterChain.java:165)
>>>>>> at org.red5.logging.LoggerContextFilter.doFilter(LoggerContextF
>>>>>> ilter.java:84)
>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>>>>>> lter(ApplicationFilterChain.java:192)
>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>>>>>> licationFilterChain.java:165)
>>>>>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar
>>>>>> dWrapperValve.java:198)
>>>>>> at org.apache.catalina.core.StandardContextValve.invoke(Standar
>>>>>> dContextValve.java:96)
>>>>>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A
>>>>>> uthenticatorBase.java:478)
>>>>>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo
>>>>>> stValve.java:140)
>>>>>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo
>>>>>> rtValve.java:80)
>>>>>> at org.apache.catalina.valves.AbstractAccessLogValve.invoke(Abs
>>>>>> tractAccessLogValve.java:624)
>>>>>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard
>>>>>> EngineValve.java:87)
>>>>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd
>>>>>> apter.java:341)
>>>>>> at org.apache.coyote.http11.Http11Processor.service(Http11Proce
>>>>>> ssor.java:783)
>>>>>> at org.apache.coyote.AbstractProcessorLight.process(AbstractPro
>>>>>> cessorLight.java:66)
>>>>>> at org.apache.coyote.AbstractProtocol$ConnectionHandler.process
>>>>>> (AbstractProtocol.java:798)
>>>>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
>>>>>> (NioEndpoint.java:1441)
>>>>>> at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketPro
>>>>>> cessorBase.java:49)
>>>>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>>>>>> Executor.java:1142)
>>>>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>>>>>> lExecutor.java:617)
>>>>>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r
>>>>>> un(TaskThread.java:61)
>>>>>> at java.lang.Thread.run(Thread.java:745)
>>>>>>
>>>>>> Any Ideas?
>>>>>>
>>>>>> Greetings Peter
>>>>>>
>>>>>>
>>>>>> Am 17.06.2017 um 08:15 schrieb Maxim Solodovnik:
>>>>>>
>>>>>> Hello Peter,
>>>>>>>
>>>>>>> I have implemented #3
>>>>>>> http://git-wip-us.apache.org/repos/asf/openmeetings/diff/156bcc79
>>>>>>> The only difference: Password re-hashing is not being emailed but
>>>>>>> logged
>>>>>>> with WARN level
>>>>>>>
>>>>>>> Would appreciate if you can test it and let me know your thoughts :)
>>>>>>>
>>>>>>> Build 36+ from here:
>>>>>>> https://builds.apache.org/view/M-R/view/OpenMeetings/job/Ope
>>>>>>> nmeetings%203.3.x/
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Jun 16, 2017 at 2:43 PM, Maxim Solodovnik <
>>>>>>> solomax666@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>> Both external and LDAP users would not be affected
>>>>>>>
>>>>>>>> Will try to implement 3) as you have described, looks doable :)
>>>>>>>> Thanks!
>>>>>>>>
>>>>>>>> On Fri, Jun 16, 2017 at 2:34 PM, Peter Dähn <lm...@vcrp.de>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Hi Maxim,
>>>>>>>>
>>>>>>>>> We have a lot external user in our system and just a few "real"
>>>>>>>>> user. Am
>>>>>>>>> I right that this doesn't apply to external user or does this case
>>>>>>>>> also be
>>>>>>>>> handled?
>>>>>>>>>
>>>>>>>>> 1 and 2 wouldn't be my favorites.
>>>>>>>>>
>>>>>>>>> I would prefer 3 and has an alternative if 3 isn't possible.
>>>>>>>>>
>>>>>>>>> 3) We hat a similar change in our system. They did it in the
>>>>>>>>> following
>>>>>>>>> way.
>>>>>>>>>
>>>>>>>>> - user login -> check password with sha256
>>>>>>>>> - if this doesn't match check password against md5
>>>>>>>>> - if this match store sha256-hash for further logins and
>>>>>>>>> send an
>>>>>>>>> e-mail to that user "Rewrote password for security-reasons. If you
>>>>>>>>> didin't
>>>>>>>>> login right now, inform your system-admin" or something like that.
>>>>>>>>> - if both hashes doesn't match deny login.
>>>>>>>>>
>>>>>>>>> This would be the most user-friendly way I think.
>>>>>>>>>
>>>>>>>>> 4) Alternatively one could reset all passwords and if a user try to
>>>>>>>>> login
>>>>>>>>> with empty password one get a popup "Your password need to renewed.
>>>>>>>>> You got
>>>>>>>>> an e-mail". The system sends an e-mail with a link to create a new
>>>>>>>>> password.
>>>>>>>>>
>>>>>>>>> This are out ideas so far.
>>>>>>>>>
>>>>>>>>> Greetings Peter
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Am 14.06.2017 um 09:07 schrieb Maxim Solodovnik:
>>>>>>>>>
>>>>>>>>> Sure, have to fix some issues
>>>>>>>>>
>>>>>>>>>> Will try to finish everything until next week-end :)
>>>>>>>>>> So no rush right now :)
>>>>>>>>>>
>>>>>>>>>> My ideas were:
>>>>>>>>>> 1) Add Admin function "reset all passwords" (not sure how users
>>>>>>>>>> should be
>>>>>>>>>> notified on new password in this case)
>>>>>>>>>> 2) Add Admin function: "Email all users" general email "Please
>>>>>>>>>> reset your
>>>>>>>>>> passwords" will be sent to all users
>>>>>>>>>> 3) Allow login with old password and require user to change it,
>>>>>>>>>> possible
>>>>>>>>>> but seems to be tricky
>>>>>>>>>>
>>>>>>>>>> Will wait for the results of your discussion :)
>>>>>>>>>>
>>>>>>>>>> On Wed, Jun 14, 2017 at 2:00 PM, Peter Dähn <lm...@vcrp.de>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> Hi Maxim,
>>>>>>>>>>
>>>>>>>>>> you are right, this point is left....
>>>>>>>>>>> I think I try to discuss this with a colleague of mine. Maybe we
>>>>>>>>>>> get an
>>>>>>>>>>> idea...
>>>>>>>>>>>
>>>>>>>>>>> Back later the or most likely on Friday. I hope this is on time.
>>>>>>>>>>>
>>>>>>>>>>> Greetings Peter
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Am 14.06.2017 um 07:43 schrieb Maxim Solodovnik:
>>>>>>>>>>>
>>>>>>>>>>> Thanks a lot Peter,
>>>>>>>>>>>
>>>>>>>>>>> Now I'm back and ready to help :)
>>>>>>>>>>>
>>>>>>>>>>> Would appreciate to hear any thought regarding "soft" changing of
>>>>>>>>>>> password
>>>>>>>>>>> hash function
>>>>>>>>>>>
>>>>>>>>>>> On Mon, Jun 12, 2017 at 6:40 PM, Peter Dähn <da...@vcrp.de> <
>>>>>>>>>>> daehn@vcrp.de> wrote:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> so.. now it is time I think...
>>>>>>>>>>>
>>>>>>>>>>> Congratulations! I hope you had a nice wedding and a few relaxing
>>>>>>>>>>> days...
>>>>>>>>>>>
>>>>>>>>>>> Greetings Peter
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Am 24.05.2017 um 12:03 schrieb Peter Dähn:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> ok.. then good luck...
>>>>>>>>>>>
>>>>>>>>>>> and best wishes when you are back... ;-)
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Am 24.05.2017 um 11:57 schrieb Maxim Solodovnik:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Thanks :)
>>>>>>>>>>>
>>>>>>>>>>> I'll be on vacation for the next 2 weeks, with rare access to the
>>>>>>>>>>> email
>>>>>>>>>>> from my phone, so no rush :)
>>>>>>>>>>>
>>>>>>>>>>> On Wed, May 24, 2017 at 4:55 PM, Peter Dähn <da...@vcrp.de> <
>>>>>>>>>>> daehn@vcrp.de> wrote:
>>>>>>>>>>>
>>>>>>>>>>> ok.. need to think about it... ;-)
>>>>>>>>>>>
>>>>>>>>>>> I will be back in office next week... maybe with "THE IDEA".. or
>>>>>>>>>>> maybe
>>>>>>>>>>> not... ;-)
>>>>>>>>>>>
>>>>>>>>>>> Greetings Peter
>>>>>>>>>>>
>>>>>>>>>>> Am 24.05.2017 um 11:21 schrieb Maxim Solodovnik:
>>>>>>>>>>>
>>>>>>>>>>> It is all discussible :)
>>>>>>>>>>>
>>>>>>>>>>> 3.0.7 still uses MD5CryptImplementation<https:/
>>>>>>>>>>> /github.com/apache/openmeetings/blob/3.0.x/src/util/
>>>>>>>>>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementati
>>>>>>>>>>> on.java>
>>>>>>>>>>> <
>>>>>>>>>>> https://github.com/apache/openmeetings/blob/3.0.x/src/util/
>>>>>>>>>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementati
>>>>>>>>>>> on.java>
>>>>>>>>>>> which
>>>>>>>>>>> is not secure at all :(((
>>>>>>>>>>> We can add back SHA256Implementation<https://g
>>>>>>>>>>> ithub.com/apache/openmeetings/blob/3.1.x/openmeeti
>>>>>>>>>>> ngs-util/src/main/java/org/apache/openmeetings/util/
>>>>>>>>>>> crypt/SHA256Implementation.java> <https://github.com/apache/ope
>>>>>>>>>>> nmeetings/blob/3.1.x/openmeetings-util/src/main/java/org/apa
>>>>>>>>>>> che/openmeetings/util/crypt/SHA256Implementation.java>
>>>>>>>>>>>
>>>>>>>>>>> (
>>>>>>>>>>> available since 3.1.x) for compatibility reasons, but I'm afraid
>>>>>>>>>>> there
>>>>>>>>>>> is
>>>>>>>>>>> no clean way to perform backup and preserve passwords .....
>>>>>>>>>>>
>>>>>>>>>>> I thought maybe we can add "Reset All passwords" admin function,
>>>>>>>>>>> but
>>>>>>>>>>> it is
>>>>>>>>>>> totally insecure :(
>>>>>>>>>>> Any ideas are appreciated :)
>>>>>>>>>>>
>>>>>>>>>>> On Wed, May 24, 2017 at 4:15 PM, Peter Dähn <da...@vcrp.de> <
>>>>>>>>>>> daehn@vcrp.de> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> I think further investigation is not needed. I just didn't see it
>>>>>>>>>>> before...
>>>>>>>>>>>
>>>>>>>>>>> Is this behavior the final state? Then it will be difficult to
>>>>>>>>>>> update my
>>>>>>>>>>> installation (3.0.7). This also should the problem with any
>>>>>>>>>>> installation
>>>>>>>>>>> before 3.3.0. Isn't it?
>>>>>>>>>>>
>>>>>>>>>>> Greetings Peter
>>>>>>>>>>>
>>>>>>>>>>> Am 24.05.2017 um 11:07 schrieb Maxim Solodovnik:
>>>>>>>>>>>
>>>>>>>>>>> Hello Peter,
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> these debug messages are OK during import (I can perform further
>>>>>>>>>>> investigation, but I believe this is not an issue)
>>>>>>>>>>>
>>>>>>>>>>> Current 4.0.0 contains backported code from 3.3.0 which has
>>>>>>>>>>> stronger
>>>>>>>>>>> Password rules ...
>>>>>>>>>>> You were unable to login after restore from backup since Password
>>>>>>>>>>> Crypt
>>>>>>>>>>> was
>>>>>>>>>>> changed to the SCrypt, which is stronger than SHA512 used before
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Wed, May 24, 2017 at 3:50 PM, Peter Dähn <da...@vcrp.de> <
>>>>>>>>>>> daehn@vcrp.de> wrote:
>>>>>>>>>>>
>>>>>>>>>>> I tried to reset the password. I got following message:
>>>>>>>>>>>
>>>>>>>>>>> "Weak' password: at least 1 special symbol '!@#$%^&*][' is
>>>>>>>>>>> required"
>>>>>>>>>>>
>>>>>>>>>>> Could this be the Problem? I think this shouldn't be like that,
>>>>>>>>>>> because
>>>>>>>>>>> there wasn't such restriction before.
>>>>>>>>>>>
>>>>>>>>>>> Greetings Peter
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Am 24.05.2017 um 10:21 schrieb Peter Dähn:
>>>>>>>>>>>
>>>>>>>>>>> Hi Maxim,
>>>>>>>>>>>
>>>>>>>>>>> I wanted to try out html5 video components...
>>>>>>>>>>>
>>>>>>>>>>> While importing my backup (worked before) I got a lot of these
>>>>>>>>>>> messages
>>>>>>>>>>> below.
>>>>>>>>>>>
>>>>>>>>>>> DEBUG 05-24 10:06:49.592 AuthLevelUtil.java 56867 40
>>>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>>>> Login ::
>>>>>>>>>>> [GRANTED]
>>>>>>>>>>> DEBUG 05-24 10:06:49.601 AuthLevelUtil.java 56876 40
>>>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>>>> Login ::
>>>>>>>>>>> [DENIED]
>>>>>>>>>>> DEBUG 05-24 10:06:49.609 AuthLevelUtil.java 56884 40
>>>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>>>> Login ::
>>>>>>>>>>> [DENIED]
>>>>>>>>>>> DEBUG 05-24 10:06:49.615 AuthLevelUtil.java 56890 40
>>>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>>>> Login ::
>>>>>>>>>>> [DENIED]
>>>>>>>>>>> DEBUG 05-24 10:06:49.622 AuthLevelUtil.java 56897 40
>>>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>>>> Login ::
>>>>>>>>>>> [DENIED]
>>>>>>>>>>> DEBUG 05-24 10:06:49.629 AuthLevelUtil.java 56904 40
>>>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>>>> Login ::
>>>>>>>>>>> [DENIED]
>>>>>>>>>>> DEBUG 05-24 10:06:49.636 AuthLevelUtil.java 56911 40
>>>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>>>> Login ::
>>>>>>>>>>> [DENIED]
>>>>>>>>>>>
>>>>>>>>>>> I never noticed these ones before. After starting the server, I
>>>>>>>>>>> couldn't
>>>>>>>>>>> login with my admin user. "Username/email and/or password are
>>>>>>>>>>> incorrect."
>>>>>>>>>>>
>>>>>>>>>>> Any Ideas?
>>>>>>>>>>>
>>>>>>>>>>> Greetings Peter
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> B.Sc. Peter Dähn
>>>>>>>>>>> Virtueller Campus Rheinland-Pfalz <http://www.vcrp.de/>
>>>>>>>>>>> Postfach 3049
>>>>>>>>>>> 67653 Kaiserslautern
>>>>>>>>>>> Tel: 0631/205-4944
>>>>>>>>>>> Olat <https://olat.vcrp.de/>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>
>>>>>>>>> B.Sc. Peter Dähn
>>>>>>>>> Virtueller Campus Rheinland-Pfalz <http://www.vcrp.de/>
>>>>>>>>> Postfach 3049
>>>>>>>>> 67653 Kaiserslautern
>>>>>>>>> Tel: 0631/205-4944
>>>>>>>>> Olat <https://olat.vcrp.de/>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>> WBR
>>>>>>>> Maxim aka solomax
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>> --
>>>>> WBR
>>>>> Maxim aka solomax
>>>>>
>>>>>
>>>>
>>>> --
>>>> WBR
>>>> Maxim aka solomax
>>>>
>>>>
>>>
>>> --
>>> WBR
>>> Maxim aka solomax
>>>
>>>
>>
>>
Re: Error while import backup
Posted by Peter Dähn <da...@vcrp.de>.
Hi Maxim,
I was a bit late for helping to figure this out... Lunch break...
But here it comes..
DEBUG 06-19 13:45:32.625 UserDao.java 79903 642
org.apache.openmeetings.db.dao.user.UserDao
[http-nio-0.0.0.0-5080-exec-6] - login:: 1 users were found
DEBUG 06-19 13:45:32.669 CryptProvider.java 79947 36
org.apache.openmeetings.util.crypt.CryptProvider
[http-nio-0.0.0.0-5080-exec-6] - getInstanceOfCrypt::
configKeyCryptClassName:
org.apache.openmeetings.util.crypt.SCryptImplementation
WARN 06-19 13:45:32.708 UserDao.java 79986 478
org.apache.openmeetings.db.dao.user.UserDao
[http-nio-0.0.0.0-5080-exec-6] - Password for user with ID 1 crypted
with outdated Crypt, updating ...
WARN 06-19 13:45:35.013 UserDao.java 82291 481
org.apache.openmeetings.db.dao.user.UserDao
[http-nio-0.0.0.0-5080-exec-6] - Password for user User [id=1,
firstname=xxx, lastname=xxx, login=xxx, pictureuri=xxx.jpg,
deleted=false, languageId=2, address=Address [id=1, country=DE,
street=street, town=town, zip=zip, deleted=false, email=xxx@xxx,
phone=phone], externalId=null, externalType=null, type=user] updated
successfully
DEBUG 06-19 13:45:35.016 AuthLevelUtil.java 82294 40
org.apache.openmeetings.db.util.AuthLevelUtil
[http-nio-0.0.0.0-5080-exec-6] - Level Login :: [GRANTED]
Worked for me, and the best way to handle this, I think,
Thanks for quick fixing!
Greetings Peter
Am 19.06.2017 um 12:42 schrieb Maxim Solodovnik:
> Build 44+ from here:
> https://builds.apache.org/view/M-R/view/OpenMeetings/job/Openmeetings%203.3.x/
>
> On Mon, Jun 19, 2017 at 5:40 PM, Maxim Solodovnik <so...@gmail.com>
> wrote:
>
>> Found the issue, sorry for the noise
>>
>> On Mon, Jun 19, 2017 at 5:38 PM, Maxim Solodovnik <so...@gmail.com>
>> wrote:
>>
>>> Weird ....
>>> my tests shows crypt class can't be MD5Implementation after import ....
>>> Maybe you did any manual manipulations with DB?
>>>
>>> On Mon, Jun 19, 2017 at 5:30 PM, Maxim Solodovnik <so...@gmail.com>
>>> wrote:
>>>
>>>> Additional fix is required :(
>>>> Could you please manually change crypt class name in configuration DB
>>>> table to be org.apache.openmeetings.util.crypt.SCryptImplementation and
>>>> restart OM?
>>>>
>>>> will try to commit changes ASAP
>>>>
>>>> On Mon, Jun 19, 2017 at 5:06 PM, Peter Dähn <da...@vcrp.de> wrote:
>>>>
>>>>> Hello Maxim,
>>>>>
>>>>> checked out fresh 3.3.x code and compiled it.
>>>>>
>>>>> ########################################################
>>>>> # Openmeetings is up #
>>>>> # 3.3.0-SNAPSHOT 5889b5beda3299418cf80ee68846ea5ce54ee9ed
>>>>> 2017/06/19 09:33 #
>>>>> # and ready to use #
>>>>> ########################################################
>>>>>
>>>>> Import backup works so far, Login ended up in "Internal Error Page".
>>>>> Belonging Error in the log underneath.
>>>>>
>>>>>
>>>>> DEBUG 06-19 12:00:03.155 UserDao.java 162929 642
>>>>> org.apache.openmeetings.db.dao.user.UserDao
>>>>> [http-nio-0.0.0.0-5080-exec-7] - login:: 1 users were found
>>>>> DEBUG 06-19 12:00:03.169 CryptProvider.java 162943 36
>>>>> org.apache.openmeetings.util.crypt.CryptProvider
>>>>> [http-nio-0.0.0.0-5080-exec-7] - getInstanceOfCrypt::
>>>>> configKeyCryptClassName: org.apache.openmeetings.util.c
>>>>> rypt.MD5Implementation
>>>>> ERROR 06-19 12:00:03.174 CryptProvider.java 162948 40
>>>>> org.apache.openmeetings.util.crypt.CryptProvider
>>>>> [http-nio-0.0.0.0-5080-exec-7] - [getInstanceOfCrypt]
>>>>> java.lang.ClassCastException: org.apache.openmeetings.util.crypt.MD5Implementation
>>>>> cannot be cast to org.apache.openmeetings.util.crypt.ICrypt
>>>>> at org.apache.openmeetings.util.crypt.CryptProvider.get(CryptPr
>>>>> ovider.java:38)
>>>>> at org.apache.openmeetings.db.dao.user.UserDao.verifyPassword(U
>>>>> serDao.java:473)
>>>>> at org.apache.openmeetings.db.dao.user.UserDao.login(UserDao.ja
>>>>> va:650)
>>>>> at org.apache.openmeetings.db.dao.user.UserDao$$FastClassBySpri
>>>>> ngCGLIB$$1492ba5a.invoke(<generated>)
>>>>> at org.springframework.cglib.proxy.MethodProxy.invoke(MethodPro
>>>>> xy.java:204)
>>>>> at org.springframework.aop.framework.CglibAopProxy$CglibMethodI
>>>>> nvocation.invokeJoinpoint(CglibAopProxy.java:721)
>>>>> at org.springframework.aop.framework.ReflectiveMethodInvocation
>>>>> .proceed(ReflectiveMethodInvocation.java:157)
>>>>> at org.springframework.transaction.interceptor.TransactionInter
>>>>> ceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
>>>>> at org.springframework.transaction.interceptor.TransactionAspec
>>>>> tSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
>>>>> at org.springframework.transaction.interceptor.TransactionInter
>>>>> ceptor.invoke(TransactionInterceptor.java:96)
>>>>> at org.springframework.aop.framework.ReflectiveMethodInvocation
>>>>> .proceed(ReflectiveMethodInvocation.java:179)
>>>>> at org.springframework.aop.framework.CglibAopProxy$DynamicAdvis
>>>>> edInterceptor.intercept(CglibAopProxy.java:656)
>>>>> at org.apache.openmeetings.db.dao.user.UserDao$$EnhancerBySprin
>>>>> gCGLIB$$ae5af194.login(<generated>)
>>>>> at org.apache.openmeetings.web.app.WebSession.signIn(WebSession
>>>>> .java:336)
>>>>> at org.apache.openmeetings.web.pages.auth.SignInDialog.onSubmit
>>>>> (SignInDialog.java:188)
>>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
>>>>> alog$DialogFormSubmitter.onSubmit(AbstractFormDialog.java:294)
>>>>> at org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.
>>>>> java:1248)
>>>>> at org.apache.wicket.markup.html.form.Form.process(Form.java:946)
>>>>> at org.apache.wicket.markup.html.form.StatelessForm.process(Sta
>>>>> telessForm.java:100)
>>>>> at org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form
>>>>> .java:770)
>>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
>>>>> alog.internalOnClick(AbstractFormDialog.java:215)
>>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractDialog
>>>>> $1.onClick(AbstractDialog.java:413)
>>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.DialogBehavior
>>>>> .onAjax(DialogBehavior.java:188)
>>>>> at com.googlecode.wicket.jquery.core.ajax.JQueryAjaxBehavior.re
>>>>> spond(JQueryAjaxBehavior.java:173)
>>>>> at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest
>>>>> (AbstractDefaultAjaxBehavior.java:598)
>>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>>> r.internalInvoke(ListenerRequestHandler.java:308)
>>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>>> r.invoke(ListenerRequestHandler.java:282)
>>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>>> r.invokeListener(ListenerRequestHandler.java:224)
>>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>>> r.respond(ListenerRequestHandler.java:210)
>>>>> at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor
>>>>> .respond(RequestCycle.java:912)
>>>>> at org.apache.wicket.request.RequestHandlerExecutor.execute(Req
>>>>> uestHandlerExecutor.java:65)
>>>>> at org.apache.wicket.request.cycle.RequestCycle.execute(Request
>>>>> Cycle.java:283)
>>>>> at org.apache.wicket.request.cycle.RequestCycle.processRequest(
>>>>> RequestCycle.java:253)
>>>>> at org.apache.wicket.request.cycle.RequestCycle.processRequestA
>>>>> ndDetach(RequestCycle.java:221)
>>>>> at org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processR
>>>>> equestCycle(AbstractUpgradeFilter.java:70)
>>>>> at org.apache.wicket.protocol.http.WicketFilter.processRequest(
>>>>> WicketFilter.java:204)
>>>>> at org.apache.wicket.protocol.http.WicketFilter.doFilter(Wicket
>>>>> Filter.java:286)
>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>>>>> lter(ApplicationFilterChain.java:192)
>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>>>>> licationFilterChain.java:165)
>>>>> at org.red5.logging.LoggerContextFilter.doFilter(LoggerContextF
>>>>> ilter.java:84)
>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>>>>> lter(ApplicationFilterChain.java:192)
>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>>>>> licationFilterChain.java:165)
>>>>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar
>>>>> dWrapperValve.java:198)
>>>>> at org.apache.catalina.core.StandardContextValve.invoke(Standar
>>>>> dContextValve.java:96)
>>>>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A
>>>>> uthenticatorBase.java:478)
>>>>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo
>>>>> stValve.java:140)
>>>>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo
>>>>> rtValve.java:80)
>>>>> at org.apache.catalina.valves.AbstractAccessLogValve.invoke(Abs
>>>>> tractAccessLogValve.java:624)
>>>>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard
>>>>> EngineValve.java:87)
>>>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd
>>>>> apter.java:341)
>>>>> at org.apache.coyote.http11.Http11Processor.service(Http11Proce
>>>>> ssor.java:783)
>>>>> at org.apache.coyote.AbstractProcessorLight.process(AbstractPro
>>>>> cessorLight.java:66)
>>>>> at org.apache.coyote.AbstractProtocol$ConnectionHandler.process
>>>>> (AbstractProtocol.java:798)
>>>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
>>>>> (NioEndpoint.java:1441)
>>>>> at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketPro
>>>>> cessorBase.java:49)
>>>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>>>>> Executor.java:1142)
>>>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>>>>> lExecutor.java:617)
>>>>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r
>>>>> un(TaskThread.java:61)
>>>>> at java.lang.Thread.run(Thread.java:745)
>>>>> ERROR 06-19 12:00:03.191 DefaultExceptionMapper.java 162965 170
>>>>> org.apache.wicket.DefaultExceptionMapper
>>>>> [http-nio-0.0.0.0-5080-exec-7] - Unexpected error occurred
>>>>> java.lang.NullPointerException: null
>>>>> at org.apache.openmeetings.db.dao.user.UserDao.verifyPassword(U
>>>>> serDao.java:474)
>>>>> at org.apache.openmeetings.db.dao.user.UserDao.login(UserDao.ja
>>>>> va:650)
>>>>> at org.apache.openmeetings.db.dao.user.UserDao$$FastClassBySpri
>>>>> ngCGLIB$$1492ba5a.invoke(<generated>)
>>>>> at org.springframework.cglib.proxy.MethodProxy.invoke(MethodPro
>>>>> xy.java:204)
>>>>> at org.springframework.aop.framework.CglibAopProxy$CglibMethodI
>>>>> nvocation.invokeJoinpoint(CglibAopProxy.java:721)
>>>>> at org.springframework.aop.framework.ReflectiveMethodInvocation
>>>>> .proceed(ReflectiveMethodInvocation.java:157)
>>>>> at org.springframework.transaction.interceptor.TransactionInter
>>>>> ceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
>>>>> at org.springframework.transaction.interceptor.TransactionAspec
>>>>> tSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
>>>>> at org.springframework.transaction.interceptor.TransactionInter
>>>>> ceptor.invoke(TransactionInterceptor.java:96)
>>>>> at org.springframework.aop.framework.ReflectiveMethodInvocation
>>>>> .proceed(ReflectiveMethodInvocation.java:179)
>>>>> at org.springframework.aop.framework.CglibAopProxy$DynamicAdvis
>>>>> edInterceptor.intercept(CglibAopProxy.java:656)
>>>>> at org.apache.openmeetings.db.dao.user.UserDao$$EnhancerBySprin
>>>>> gCGLIB$$ae5af194.login(<generated>)
>>>>> at org.apache.openmeetings.web.app.WebSession.signIn(WebSession
>>>>> .java:336)
>>>>> at org.apache.openmeetings.web.pages.auth.SignInDialog.onSubmit
>>>>> (SignInDialog.java:188)
>>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
>>>>> alog$DialogFormSubmitter.onSubmit(AbstractFormDialog.java:294)
>>>>> at org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.
>>>>> java:1248)
>>>>> at org.apache.wicket.markup.html.form.Form.process(Form.java:946)
>>>>> at org.apache.wicket.markup.html.form.StatelessForm.process(Sta
>>>>> telessForm.java:100)
>>>>> at org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form
>>>>> .java:770)
>>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
>>>>> alog.internalOnClick(AbstractFormDialog.java:215)
>>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractDialog
>>>>> $1.onClick(AbstractDialog.java:413)
>>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.DialogBehavior
>>>>> .onAjax(DialogBehavior.java:188)
>>>>> at com.googlecode.wicket.jquery.core.ajax.JQueryAjaxBehavior.re
>>>>> spond(JQueryAjaxBehavior.java:173)
>>>>> at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest
>>>>> (AbstractDefaultAjaxBehavior.java:598)
>>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>>> r.internalInvoke(ListenerRequestHandler.java:308)
>>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>>> r.invoke(ListenerRequestHandler.java:282)
>>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>>> r.invokeListener(ListenerRequestHandler.java:224)
>>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>>> r.respond(ListenerRequestHandler.java:210)
>>>>> at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor
>>>>> .respond(RequestCycle.java:912)
>>>>> at org.apache.wicket.request.RequestHandlerExecutor.execute(Req
>>>>> uestHandlerExecutor.java:65)
>>>>> at org.apache.wicket.request.cycle.RequestCycle.execute(Request
>>>>> Cycle.java:283)
>>>>> at org.apache.wicket.request.cycle.RequestCycle.processRequest(
>>>>> RequestCycle.java:253)
>>>>> at org.apache.wicket.request.cycle.RequestCycle.processRequestA
>>>>> ndDetach(RequestCycle.java:221)
>>>>> at org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processR
>>>>> equestCycle(AbstractUpgradeFilter.java:70)
>>>>> at org.apache.wicket.protocol.http.WicketFilter.processRequest(
>>>>> WicketFilter.java:204)
>>>>> at org.apache.wicket.protocol.http.WicketFilter.doFilter(Wicket
>>>>> Filter.java:286)
>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>>>>> lter(ApplicationFilterChain.java:192)
>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>>>>> licationFilterChain.java:165)
>>>>> at org.red5.logging.LoggerContextFilter.doFilter(LoggerContextF
>>>>> ilter.java:84)
>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>>>>> lter(ApplicationFilterChain.java:192)
>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>>>>> licationFilterChain.java:165)
>>>>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar
>>>>> dWrapperValve.java:198)
>>>>> at org.apache.catalina.core.StandardContextValve.invoke(Standar
>>>>> dContextValve.java:96)
>>>>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A
>>>>> uthenticatorBase.java:478)
>>>>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo
>>>>> stValve.java:140)
>>>>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo
>>>>> rtValve.java:80)
>>>>> at org.apache.catalina.valves.AbstractAccessLogValve.invoke(Abs
>>>>> tractAccessLogValve.java:624)
>>>>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard
>>>>> EngineValve.java:87)
>>>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd
>>>>> apter.java:341)
>>>>> at org.apache.coyote.http11.Http11Processor.service(Http11Proce
>>>>> ssor.java:783)
>>>>> at org.apache.coyote.AbstractProcessorLight.process(AbstractPro
>>>>> cessorLight.java:66)
>>>>> at org.apache.coyote.AbstractProtocol$ConnectionHandler.process
>>>>> (AbstractProtocol.java:798)
>>>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
>>>>> (NioEndpoint.java:1441)
>>>>> at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketPro
>>>>> cessorBase.java:49)
>>>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>>>>> Executor.java:1142)
>>>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>>>>> lExecutor.java:617)
>>>>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r
>>>>> un(TaskThread.java:61)
>>>>> at java.lang.Thread.run(Thread.java:745)
>>>>>
>>>>> Any Ideas?
>>>>>
>>>>> Greetings Peter
>>>>>
>>>>>
>>>>> Am 17.06.2017 um 08:15 schrieb Maxim Solodovnik:
>>>>>
>>>>>> Hello Peter,
>>>>>>
>>>>>> I have implemented #3
>>>>>> http://git-wip-us.apache.org/repos/asf/openmeetings/diff/156bcc79
>>>>>> The only difference: Password re-hashing is not being emailed but
>>>>>> logged
>>>>>> with WARN level
>>>>>>
>>>>>> Would appreciate if you can test it and let me know your thoughts :)
>>>>>>
>>>>>> Build 36+ from here:
>>>>>> https://builds.apache.org/view/M-R/view/OpenMeetings/job/Ope
>>>>>> nmeetings%203.3.x/
>>>>>>
>>>>>>
>>>>>> On Fri, Jun 16, 2017 at 2:43 PM, Maxim Solodovnik <
>>>>>> solomax666@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>> Both external and LDAP users would not be affected
>>>>>>> Will try to implement 3) as you have described, looks doable :)
>>>>>>> Thanks!
>>>>>>>
>>>>>>> On Fri, Jun 16, 2017 at 2:34 PM, Peter Dähn <lm...@vcrp.de>
>>>>>>> wrote:
>>>>>>>
>>>>>>> Hi Maxim,
>>>>>>>> We have a lot external user in our system and just a few "real"
>>>>>>>> user. Am
>>>>>>>> I right that this doesn't apply to external user or does this case
>>>>>>>> also be
>>>>>>>> handled?
>>>>>>>>
>>>>>>>> 1 and 2 wouldn't be my favorites.
>>>>>>>>
>>>>>>>> I would prefer 3 and has an alternative if 3 isn't possible.
>>>>>>>>
>>>>>>>> 3) We hat a similar change in our system. They did it in the
>>>>>>>> following
>>>>>>>> way.
>>>>>>>>
>>>>>>>> - user login -> check password with sha256
>>>>>>>> - if this doesn't match check password against md5
>>>>>>>> - if this match store sha256-hash for further logins and
>>>>>>>> send an
>>>>>>>> e-mail to that user "Rewrote password for security-reasons. If you
>>>>>>>> didin't
>>>>>>>> login right now, inform your system-admin" or something like that.
>>>>>>>> - if both hashes doesn't match deny login.
>>>>>>>>
>>>>>>>> This would be the most user-friendly way I think.
>>>>>>>>
>>>>>>>> 4) Alternatively one could reset all passwords and if a user try to
>>>>>>>> login
>>>>>>>> with empty password one get a popup "Your password need to renewed.
>>>>>>>> You got
>>>>>>>> an e-mail". The system sends an e-mail with a link to create a new
>>>>>>>> password.
>>>>>>>>
>>>>>>>> This are out ideas so far.
>>>>>>>>
>>>>>>>> Greetings Peter
>>>>>>>>
>>>>>>>>
>>>>>>>> Am 14.06.2017 um 09:07 schrieb Maxim Solodovnik:
>>>>>>>>
>>>>>>>> Sure, have to fix some issues
>>>>>>>>> Will try to finish everything until next week-end :)
>>>>>>>>> So no rush right now :)
>>>>>>>>>
>>>>>>>>> My ideas were:
>>>>>>>>> 1) Add Admin function "reset all passwords" (not sure how users
>>>>>>>>> should be
>>>>>>>>> notified on new password in this case)
>>>>>>>>> 2) Add Admin function: "Email all users" general email "Please
>>>>>>>>> reset your
>>>>>>>>> passwords" will be sent to all users
>>>>>>>>> 3) Allow login with old password and require user to change it,
>>>>>>>>> possible
>>>>>>>>> but seems to be tricky
>>>>>>>>>
>>>>>>>>> Will wait for the results of your discussion :)
>>>>>>>>>
>>>>>>>>> On Wed, Jun 14, 2017 at 2:00 PM, Peter Dähn <lm...@vcrp.de>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> Hi Maxim,
>>>>>>>>>
>>>>>>>>>> you are right, this point is left....
>>>>>>>>>> I think I try to discuss this with a colleague of mine. Maybe we
>>>>>>>>>> get an
>>>>>>>>>> idea...
>>>>>>>>>>
>>>>>>>>>> Back later the or most likely on Friday. I hope this is on time.
>>>>>>>>>>
>>>>>>>>>> Greetings Peter
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Am 14.06.2017 um 07:43 schrieb Maxim Solodovnik:
>>>>>>>>>>
>>>>>>>>>> Thanks a lot Peter,
>>>>>>>>>>
>>>>>>>>>> Now I'm back and ready to help :)
>>>>>>>>>>
>>>>>>>>>> Would appreciate to hear any thought regarding "soft" changing of
>>>>>>>>>> password
>>>>>>>>>> hash function
>>>>>>>>>>
>>>>>>>>>> On Mon, Jun 12, 2017 at 6:40 PM, Peter Dähn <da...@vcrp.de> <
>>>>>>>>>> daehn@vcrp.de> wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> so.. now it is time I think...
>>>>>>>>>>
>>>>>>>>>> Congratulations! I hope you had a nice wedding and a few relaxing
>>>>>>>>>> days...
>>>>>>>>>>
>>>>>>>>>> Greetings Peter
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Am 24.05.2017 um 12:03 schrieb Peter Dähn:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> ok.. then good luck...
>>>>>>>>>>
>>>>>>>>>> and best wishes when you are back... ;-)
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Am 24.05.2017 um 11:57 schrieb Maxim Solodovnik:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Thanks :)
>>>>>>>>>>
>>>>>>>>>> I'll be on vacation for the next 2 weeks, with rare access to the
>>>>>>>>>> email
>>>>>>>>>> from my phone, so no rush :)
>>>>>>>>>>
>>>>>>>>>> On Wed, May 24, 2017 at 4:55 PM, Peter Dähn <da...@vcrp.de> <
>>>>>>>>>> daehn@vcrp.de> wrote:
>>>>>>>>>>
>>>>>>>>>> ok.. need to think about it... ;-)
>>>>>>>>>>
>>>>>>>>>> I will be back in office next week... maybe with "THE IDEA".. or
>>>>>>>>>> maybe
>>>>>>>>>> not... ;-)
>>>>>>>>>>
>>>>>>>>>> Greetings Peter
>>>>>>>>>>
>>>>>>>>>> Am 24.05.2017 um 11:21 schrieb Maxim Solodovnik:
>>>>>>>>>>
>>>>>>>>>> It is all discussible :)
>>>>>>>>>>
>>>>>>>>>> 3.0.7 still uses MD5CryptImplementation<https:/
>>>>>>>>>> /github.com/apache/openmeetings/blob/3.0.x/src/util/
>>>>>>>>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java>
>>>>>>>>>> <
>>>>>>>>>> https://github.com/apache/openmeetings/blob/3.0.x/src/util/
>>>>>>>>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementati
>>>>>>>>>> on.java>
>>>>>>>>>> which
>>>>>>>>>> is not secure at all :(((
>>>>>>>>>> We can add back SHA256Implementation<https://g
>>>>>>>>>> ithub.com/apache/openmeetings/blob/3.1.x/openmeeti
>>>>>>>>>> ngs-util/src/main/java/org/apache/openmeetings/util/
>>>>>>>>>> crypt/SHA256Implementation.java> <https://github.com/apache/ope
>>>>>>>>>> nmeetings/blob/3.1.x/openmeetings-util/src/main/java/org/apa
>>>>>>>>>> che/openmeetings/util/crypt/SHA256Implementation.java>
>>>>>>>>>>
>>>>>>>>>> (
>>>>>>>>>> available since 3.1.x) for compatibility reasons, but I'm afraid
>>>>>>>>>> there
>>>>>>>>>> is
>>>>>>>>>> no clean way to perform backup and preserve passwords .....
>>>>>>>>>>
>>>>>>>>>> I thought maybe we can add "Reset All passwords" admin function,
>>>>>>>>>> but
>>>>>>>>>> it is
>>>>>>>>>> totally insecure :(
>>>>>>>>>> Any ideas are appreciated :)
>>>>>>>>>>
>>>>>>>>>> On Wed, May 24, 2017 at 4:15 PM, Peter Dähn <da...@vcrp.de> <
>>>>>>>>>> daehn@vcrp.de> wrote:
>>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> I think further investigation is not needed. I just didn't see it
>>>>>>>>>> before...
>>>>>>>>>>
>>>>>>>>>> Is this behavior the final state? Then it will be difficult to
>>>>>>>>>> update my
>>>>>>>>>> installation (3.0.7). This also should the problem with any
>>>>>>>>>> installation
>>>>>>>>>> before 3.3.0. Isn't it?
>>>>>>>>>>
>>>>>>>>>> Greetings Peter
>>>>>>>>>>
>>>>>>>>>> Am 24.05.2017 um 11:07 schrieb Maxim Solodovnik:
>>>>>>>>>>
>>>>>>>>>> Hello Peter,
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> these debug messages are OK during import (I can perform further
>>>>>>>>>> investigation, but I believe this is not an issue)
>>>>>>>>>>
>>>>>>>>>> Current 4.0.0 contains backported code from 3.3.0 which has
>>>>>>>>>> stronger
>>>>>>>>>> Password rules ...
>>>>>>>>>> You were unable to login after restore from backup since Password
>>>>>>>>>> Crypt
>>>>>>>>>> was
>>>>>>>>>> changed to the SCrypt, which is stronger than SHA512 used before
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Wed, May 24, 2017 at 3:50 PM, Peter Dähn <da...@vcrp.de> <
>>>>>>>>>> daehn@vcrp.de> wrote:
>>>>>>>>>>
>>>>>>>>>> I tried to reset the password. I got following message:
>>>>>>>>>>
>>>>>>>>>> "Weak' password: at least 1 special symbol '!@#$%^&*][' is
>>>>>>>>>> required"
>>>>>>>>>>
>>>>>>>>>> Could this be the Problem? I think this shouldn't be like that,
>>>>>>>>>> because
>>>>>>>>>> there wasn't such restriction before.
>>>>>>>>>>
>>>>>>>>>> Greetings Peter
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Am 24.05.2017 um 10:21 schrieb Peter Dähn:
>>>>>>>>>>
>>>>>>>>>> Hi Maxim,
>>>>>>>>>>
>>>>>>>>>> I wanted to try out html5 video components...
>>>>>>>>>>
>>>>>>>>>> While importing my backup (worked before) I got a lot of these
>>>>>>>>>> messages
>>>>>>>>>> below.
>>>>>>>>>>
>>>>>>>>>> DEBUG 05-24 10:06:49.592 AuthLevelUtil.java 56867 40
>>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>>> Login ::
>>>>>>>>>> [GRANTED]
>>>>>>>>>> DEBUG 05-24 10:06:49.601 AuthLevelUtil.java 56876 40
>>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>>> Login ::
>>>>>>>>>> [DENIED]
>>>>>>>>>> DEBUG 05-24 10:06:49.609 AuthLevelUtil.java 56884 40
>>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>>> Login ::
>>>>>>>>>> [DENIED]
>>>>>>>>>> DEBUG 05-24 10:06:49.615 AuthLevelUtil.java 56890 40
>>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>>> Login ::
>>>>>>>>>> [DENIED]
>>>>>>>>>> DEBUG 05-24 10:06:49.622 AuthLevelUtil.java 56897 40
>>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>>> Login ::
>>>>>>>>>> [DENIED]
>>>>>>>>>> DEBUG 05-24 10:06:49.629 AuthLevelUtil.java 56904 40
>>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>>> Login ::
>>>>>>>>>> [DENIED]
>>>>>>>>>> DEBUG 05-24 10:06:49.636 AuthLevelUtil.java 56911 40
>>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>>> Login ::
>>>>>>>>>> [DENIED]
>>>>>>>>>>
>>>>>>>>>> I never noticed these ones before. After starting the server, I
>>>>>>>>>> couldn't
>>>>>>>>>> login with my admin user. "Username/email and/or password are
>>>>>>>>>> incorrect."
>>>>>>>>>>
>>>>>>>>>> Any Ideas?
>>>>>>>>>>
>>>>>>>>>> Greetings Peter
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> B.Sc. Peter Dähn
>>>>>>>>>> Virtueller Campus Rheinland-Pfalz <http://www.vcrp.de/>
>>>>>>>>>> Postfach 3049
>>>>>>>>>> 67653 Kaiserslautern
>>>>>>>>>> Tel: 0631/205-4944
>>>>>>>>>> Olat <https://olat.vcrp.de/>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> --
>>>>>>>> B.Sc. Peter Dähn
>>>>>>>> Virtueller Campus Rheinland-Pfalz <http://www.vcrp.de/>
>>>>>>>> Postfach 3049
>>>>>>>> 67653 Kaiserslautern
>>>>>>>> Tel: 0631/205-4944
>>>>>>>> Olat <https://olat.vcrp.de/>
>>>>>>>>
>>>>>>>>
>>>>>>> --
>>>>>>> WBR
>>>>>>> Maxim aka solomax
>>>>>>>
>>>>>>>
>>>>>>
>>>>
>>>> --
>>>> WBR
>>>> Maxim aka solomax
>>>>
>>>
>>>
>>> --
>>> WBR
>>> Maxim aka solomax
>>>
>>
>>
>> --
>> WBR
>> Maxim aka solomax
>>
>
>
Re: Error while import backup
Posted by Maxim Solodovnik <so...@gmail.com>.
Build 44+ from here:
https://builds.apache.org/view/M-R/view/OpenMeetings/job/Openmeetings%203.3.x/
On Mon, Jun 19, 2017 at 5:40 PM, Maxim Solodovnik <so...@gmail.com>
wrote:
> Found the issue, sorry for the noise
>
> On Mon, Jun 19, 2017 at 5:38 PM, Maxim Solodovnik <so...@gmail.com>
> wrote:
>
>> Weird ....
>> my tests shows crypt class can't be MD5Implementation after import ....
>> Maybe you did any manual manipulations with DB?
>>
>> On Mon, Jun 19, 2017 at 5:30 PM, Maxim Solodovnik <so...@gmail.com>
>> wrote:
>>
>>> Additional fix is required :(
>>> Could you please manually change crypt class name in configuration DB
>>> table to be org.apache.openmeetings.util.crypt.SCryptImplementation and
>>> restart OM?
>>>
>>> will try to commit changes ASAP
>>>
>>> On Mon, Jun 19, 2017 at 5:06 PM, Peter Dähn <da...@vcrp.de> wrote:
>>>
>>>> Hello Maxim,
>>>>
>>>> checked out fresh 3.3.x code and compiled it.
>>>>
>>>> ########################################################
>>>> # Openmeetings is up #
>>>> # 3.3.0-SNAPSHOT 5889b5beda3299418cf80ee68846ea5ce54ee9ed
>>>> 2017/06/19 09:33 #
>>>> # and ready to use #
>>>> ########################################################
>>>>
>>>> Import backup works so far, Login ended up in "Internal Error Page".
>>>> Belonging Error in the log underneath.
>>>>
>>>>
>>>> DEBUG 06-19 12:00:03.155 UserDao.java 162929 642
>>>> org.apache.openmeetings.db.dao.user.UserDao
>>>> [http-nio-0.0.0.0-5080-exec-7] - login:: 1 users were found
>>>> DEBUG 06-19 12:00:03.169 CryptProvider.java 162943 36
>>>> org.apache.openmeetings.util.crypt.CryptProvider
>>>> [http-nio-0.0.0.0-5080-exec-7] - getInstanceOfCrypt::
>>>> configKeyCryptClassName: org.apache.openmeetings.util.c
>>>> rypt.MD5Implementation
>>>> ERROR 06-19 12:00:03.174 CryptProvider.java 162948 40
>>>> org.apache.openmeetings.util.crypt.CryptProvider
>>>> [http-nio-0.0.0.0-5080-exec-7] - [getInstanceOfCrypt]
>>>> java.lang.ClassCastException: org.apache.openmeetings.util.crypt.MD5Implementation
>>>> cannot be cast to org.apache.openmeetings.util.crypt.ICrypt
>>>> at org.apache.openmeetings.util.crypt.CryptProvider.get(CryptPr
>>>> ovider.java:38)
>>>> at org.apache.openmeetings.db.dao.user.UserDao.verifyPassword(U
>>>> serDao.java:473)
>>>> at org.apache.openmeetings.db.dao.user.UserDao.login(UserDao.ja
>>>> va:650)
>>>> at org.apache.openmeetings.db.dao.user.UserDao$$FastClassBySpri
>>>> ngCGLIB$$1492ba5a.invoke(<generated>)
>>>> at org.springframework.cglib.proxy.MethodProxy.invoke(MethodPro
>>>> xy.java:204)
>>>> at org.springframework.aop.framework.CglibAopProxy$CglibMethodI
>>>> nvocation.invokeJoinpoint(CglibAopProxy.java:721)
>>>> at org.springframework.aop.framework.ReflectiveMethodInvocation
>>>> .proceed(ReflectiveMethodInvocation.java:157)
>>>> at org.springframework.transaction.interceptor.TransactionInter
>>>> ceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
>>>> at org.springframework.transaction.interceptor.TransactionAspec
>>>> tSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
>>>> at org.springframework.transaction.interceptor.TransactionInter
>>>> ceptor.invoke(TransactionInterceptor.java:96)
>>>> at org.springframework.aop.framework.ReflectiveMethodInvocation
>>>> .proceed(ReflectiveMethodInvocation.java:179)
>>>> at org.springframework.aop.framework.CglibAopProxy$DynamicAdvis
>>>> edInterceptor.intercept(CglibAopProxy.java:656)
>>>> at org.apache.openmeetings.db.dao.user.UserDao$$EnhancerBySprin
>>>> gCGLIB$$ae5af194.login(<generated>)
>>>> at org.apache.openmeetings.web.app.WebSession.signIn(WebSession
>>>> .java:336)
>>>> at org.apache.openmeetings.web.pages.auth.SignInDialog.onSubmit
>>>> (SignInDialog.java:188)
>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
>>>> alog$DialogFormSubmitter.onSubmit(AbstractFormDialog.java:294)
>>>> at org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.
>>>> java:1248)
>>>> at org.apache.wicket.markup.html.form.Form.process(Form.java:946)
>>>> at org.apache.wicket.markup.html.form.StatelessForm.process(Sta
>>>> telessForm.java:100)
>>>> at org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form
>>>> .java:770)
>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
>>>> alog.internalOnClick(AbstractFormDialog.java:215)
>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractDialog
>>>> $1.onClick(AbstractDialog.java:413)
>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.DialogBehavior
>>>> .onAjax(DialogBehavior.java:188)
>>>> at com.googlecode.wicket.jquery.core.ajax.JQueryAjaxBehavior.re
>>>> spond(JQueryAjaxBehavior.java:173)
>>>> at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest
>>>> (AbstractDefaultAjaxBehavior.java:598)
>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>> r.internalInvoke(ListenerRequestHandler.java:308)
>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>> r.invoke(ListenerRequestHandler.java:282)
>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>> r.invokeListener(ListenerRequestHandler.java:224)
>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>> r.respond(ListenerRequestHandler.java:210)
>>>> at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor
>>>> .respond(RequestCycle.java:912)
>>>> at org.apache.wicket.request.RequestHandlerExecutor.execute(Req
>>>> uestHandlerExecutor.java:65)
>>>> at org.apache.wicket.request.cycle.RequestCycle.execute(Request
>>>> Cycle.java:283)
>>>> at org.apache.wicket.request.cycle.RequestCycle.processRequest(
>>>> RequestCycle.java:253)
>>>> at org.apache.wicket.request.cycle.RequestCycle.processRequestA
>>>> ndDetach(RequestCycle.java:221)
>>>> at org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processR
>>>> equestCycle(AbstractUpgradeFilter.java:70)
>>>> at org.apache.wicket.protocol.http.WicketFilter.processRequest(
>>>> WicketFilter.java:204)
>>>> at org.apache.wicket.protocol.http.WicketFilter.doFilter(Wicket
>>>> Filter.java:286)
>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>>>> lter(ApplicationFilterChain.java:192)
>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>>>> licationFilterChain.java:165)
>>>> at org.red5.logging.LoggerContextFilter.doFilter(LoggerContextF
>>>> ilter.java:84)
>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>>>> lter(ApplicationFilterChain.java:192)
>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>>>> licationFilterChain.java:165)
>>>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar
>>>> dWrapperValve.java:198)
>>>> at org.apache.catalina.core.StandardContextValve.invoke(Standar
>>>> dContextValve.java:96)
>>>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A
>>>> uthenticatorBase.java:478)
>>>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo
>>>> stValve.java:140)
>>>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo
>>>> rtValve.java:80)
>>>> at org.apache.catalina.valves.AbstractAccessLogValve.invoke(Abs
>>>> tractAccessLogValve.java:624)
>>>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard
>>>> EngineValve.java:87)
>>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd
>>>> apter.java:341)
>>>> at org.apache.coyote.http11.Http11Processor.service(Http11Proce
>>>> ssor.java:783)
>>>> at org.apache.coyote.AbstractProcessorLight.process(AbstractPro
>>>> cessorLight.java:66)
>>>> at org.apache.coyote.AbstractProtocol$ConnectionHandler.process
>>>> (AbstractProtocol.java:798)
>>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
>>>> (NioEndpoint.java:1441)
>>>> at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketPro
>>>> cessorBase.java:49)
>>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>>>> Executor.java:1142)
>>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>>>> lExecutor.java:617)
>>>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r
>>>> un(TaskThread.java:61)
>>>> at java.lang.Thread.run(Thread.java:745)
>>>> ERROR 06-19 12:00:03.191 DefaultExceptionMapper.java 162965 170
>>>> org.apache.wicket.DefaultExceptionMapper
>>>> [http-nio-0.0.0.0-5080-exec-7] - Unexpected error occurred
>>>> java.lang.NullPointerException: null
>>>> at org.apache.openmeetings.db.dao.user.UserDao.verifyPassword(U
>>>> serDao.java:474)
>>>> at org.apache.openmeetings.db.dao.user.UserDao.login(UserDao.ja
>>>> va:650)
>>>> at org.apache.openmeetings.db.dao.user.UserDao$$FastClassBySpri
>>>> ngCGLIB$$1492ba5a.invoke(<generated>)
>>>> at org.springframework.cglib.proxy.MethodProxy.invoke(MethodPro
>>>> xy.java:204)
>>>> at org.springframework.aop.framework.CglibAopProxy$CglibMethodI
>>>> nvocation.invokeJoinpoint(CglibAopProxy.java:721)
>>>> at org.springframework.aop.framework.ReflectiveMethodInvocation
>>>> .proceed(ReflectiveMethodInvocation.java:157)
>>>> at org.springframework.transaction.interceptor.TransactionInter
>>>> ceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
>>>> at org.springframework.transaction.interceptor.TransactionAspec
>>>> tSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
>>>> at org.springframework.transaction.interceptor.TransactionInter
>>>> ceptor.invoke(TransactionInterceptor.java:96)
>>>> at org.springframework.aop.framework.ReflectiveMethodInvocation
>>>> .proceed(ReflectiveMethodInvocation.java:179)
>>>> at org.springframework.aop.framework.CglibAopProxy$DynamicAdvis
>>>> edInterceptor.intercept(CglibAopProxy.java:656)
>>>> at org.apache.openmeetings.db.dao.user.UserDao$$EnhancerBySprin
>>>> gCGLIB$$ae5af194.login(<generated>)
>>>> at org.apache.openmeetings.web.app.WebSession.signIn(WebSession
>>>> .java:336)
>>>> at org.apache.openmeetings.web.pages.auth.SignInDialog.onSubmit
>>>> (SignInDialog.java:188)
>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
>>>> alog$DialogFormSubmitter.onSubmit(AbstractFormDialog.java:294)
>>>> at org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.
>>>> java:1248)
>>>> at org.apache.wicket.markup.html.form.Form.process(Form.java:946)
>>>> at org.apache.wicket.markup.html.form.StatelessForm.process(Sta
>>>> telessForm.java:100)
>>>> at org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form
>>>> .java:770)
>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
>>>> alog.internalOnClick(AbstractFormDialog.java:215)
>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractDialog
>>>> $1.onClick(AbstractDialog.java:413)
>>>> at com.googlecode.wicket.jquery.ui.widget.dialog.DialogBehavior
>>>> .onAjax(DialogBehavior.java:188)
>>>> at com.googlecode.wicket.jquery.core.ajax.JQueryAjaxBehavior.re
>>>> spond(JQueryAjaxBehavior.java:173)
>>>> at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest
>>>> (AbstractDefaultAjaxBehavior.java:598)
>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>> r.internalInvoke(ListenerRequestHandler.java:308)
>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>> r.invoke(ListenerRequestHandler.java:282)
>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>> r.invokeListener(ListenerRequestHandler.java:224)
>>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>>> r.respond(ListenerRequestHandler.java:210)
>>>> at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor
>>>> .respond(RequestCycle.java:912)
>>>> at org.apache.wicket.request.RequestHandlerExecutor.execute(Req
>>>> uestHandlerExecutor.java:65)
>>>> at org.apache.wicket.request.cycle.RequestCycle.execute(Request
>>>> Cycle.java:283)
>>>> at org.apache.wicket.request.cycle.RequestCycle.processRequest(
>>>> RequestCycle.java:253)
>>>> at org.apache.wicket.request.cycle.RequestCycle.processRequestA
>>>> ndDetach(RequestCycle.java:221)
>>>> at org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processR
>>>> equestCycle(AbstractUpgradeFilter.java:70)
>>>> at org.apache.wicket.protocol.http.WicketFilter.processRequest(
>>>> WicketFilter.java:204)
>>>> at org.apache.wicket.protocol.http.WicketFilter.doFilter(Wicket
>>>> Filter.java:286)
>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>>>> lter(ApplicationFilterChain.java:192)
>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>>>> licationFilterChain.java:165)
>>>> at org.red5.logging.LoggerContextFilter.doFilter(LoggerContextF
>>>> ilter.java:84)
>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>>>> lter(ApplicationFilterChain.java:192)
>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>>>> licationFilterChain.java:165)
>>>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar
>>>> dWrapperValve.java:198)
>>>> at org.apache.catalina.core.StandardContextValve.invoke(Standar
>>>> dContextValve.java:96)
>>>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A
>>>> uthenticatorBase.java:478)
>>>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo
>>>> stValve.java:140)
>>>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo
>>>> rtValve.java:80)
>>>> at org.apache.catalina.valves.AbstractAccessLogValve.invoke(Abs
>>>> tractAccessLogValve.java:624)
>>>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard
>>>> EngineValve.java:87)
>>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd
>>>> apter.java:341)
>>>> at org.apache.coyote.http11.Http11Processor.service(Http11Proce
>>>> ssor.java:783)
>>>> at org.apache.coyote.AbstractProcessorLight.process(AbstractPro
>>>> cessorLight.java:66)
>>>> at org.apache.coyote.AbstractProtocol$ConnectionHandler.process
>>>> (AbstractProtocol.java:798)
>>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
>>>> (NioEndpoint.java:1441)
>>>> at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketPro
>>>> cessorBase.java:49)
>>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>>>> Executor.java:1142)
>>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>>>> lExecutor.java:617)
>>>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r
>>>> un(TaskThread.java:61)
>>>> at java.lang.Thread.run(Thread.java:745)
>>>>
>>>> Any Ideas?
>>>>
>>>> Greetings Peter
>>>>
>>>>
>>>> Am 17.06.2017 um 08:15 schrieb Maxim Solodovnik:
>>>>
>>>>> Hello Peter,
>>>>>
>>>>> I have implemented #3
>>>>> http://git-wip-us.apache.org/repos/asf/openmeetings/diff/156bcc79
>>>>> The only difference: Password re-hashing is not being emailed but
>>>>> logged
>>>>> with WARN level
>>>>>
>>>>> Would appreciate if you can test it and let me know your thoughts :)
>>>>>
>>>>> Build 36+ from here:
>>>>> https://builds.apache.org/view/M-R/view/OpenMeetings/job/Ope
>>>>> nmeetings%203.3.x/
>>>>>
>>>>>
>>>>> On Fri, Jun 16, 2017 at 2:43 PM, Maxim Solodovnik <
>>>>> solomax666@gmail.com>
>>>>> wrote:
>>>>>
>>>>> Both external and LDAP users would not be affected
>>>>>>
>>>>>> Will try to implement 3) as you have described, looks doable :)
>>>>>> Thanks!
>>>>>>
>>>>>> On Fri, Jun 16, 2017 at 2:34 PM, Peter Dähn <lm...@vcrp.de>
>>>>>> wrote:
>>>>>>
>>>>>> Hi Maxim,
>>>>>>>
>>>>>>> We have a lot external user in our system and just a few "real"
>>>>>>> user. Am
>>>>>>> I right that this doesn't apply to external user or does this case
>>>>>>> also be
>>>>>>> handled?
>>>>>>>
>>>>>>> 1 and 2 wouldn't be my favorites.
>>>>>>>
>>>>>>> I would prefer 3 and has an alternative if 3 isn't possible.
>>>>>>>
>>>>>>> 3) We hat a similar change in our system. They did it in the
>>>>>>> following
>>>>>>> way.
>>>>>>>
>>>>>>> - user login -> check password with sha256
>>>>>>> - if this doesn't match check password against md5
>>>>>>> - if this match store sha256-hash for further logins and
>>>>>>> send an
>>>>>>> e-mail to that user "Rewrote password for security-reasons. If you
>>>>>>> didin't
>>>>>>> login right now, inform your system-admin" or something like that.
>>>>>>> - if both hashes doesn't match deny login.
>>>>>>>
>>>>>>> This would be the most user-friendly way I think.
>>>>>>>
>>>>>>> 4) Alternatively one could reset all passwords and if a user try to
>>>>>>> login
>>>>>>> with empty password one get a popup "Your password need to renewed.
>>>>>>> You got
>>>>>>> an e-mail". The system sends an e-mail with a link to create a new
>>>>>>> password.
>>>>>>>
>>>>>>> This are out ideas so far.
>>>>>>>
>>>>>>> Greetings Peter
>>>>>>>
>>>>>>>
>>>>>>> Am 14.06.2017 um 09:07 schrieb Maxim Solodovnik:
>>>>>>>
>>>>>>> Sure, have to fix some issues
>>>>>>>> Will try to finish everything until next week-end :)
>>>>>>>> So no rush right now :)
>>>>>>>>
>>>>>>>> My ideas were:
>>>>>>>> 1) Add Admin function "reset all passwords" (not sure how users
>>>>>>>> should be
>>>>>>>> notified on new password in this case)
>>>>>>>> 2) Add Admin function: "Email all users" general email "Please
>>>>>>>> reset your
>>>>>>>> passwords" will be sent to all users
>>>>>>>> 3) Allow login with old password and require user to change it,
>>>>>>>> possible
>>>>>>>> but seems to be tricky
>>>>>>>>
>>>>>>>> Will wait for the results of your discussion :)
>>>>>>>>
>>>>>>>> On Wed, Jun 14, 2017 at 2:00 PM, Peter Dähn <lm...@vcrp.de>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Hi Maxim,
>>>>>>>>
>>>>>>>>> you are right, this point is left....
>>>>>>>>> I think I try to discuss this with a colleague of mine. Maybe we
>>>>>>>>> get an
>>>>>>>>> idea...
>>>>>>>>>
>>>>>>>>> Back later the or most likely on Friday. I hope this is on time.
>>>>>>>>>
>>>>>>>>> Greetings Peter
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Am 14.06.2017 um 07:43 schrieb Maxim Solodovnik:
>>>>>>>>>
>>>>>>>>> Thanks a lot Peter,
>>>>>>>>>
>>>>>>>>> Now I'm back and ready to help :)
>>>>>>>>>
>>>>>>>>> Would appreciate to hear any thought regarding "soft" changing of
>>>>>>>>> password
>>>>>>>>> hash function
>>>>>>>>>
>>>>>>>>> On Mon, Jun 12, 2017 at 6:40 PM, Peter Dähn <da...@vcrp.de> <
>>>>>>>>> daehn@vcrp.de> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> so.. now it is time I think...
>>>>>>>>>
>>>>>>>>> Congratulations! I hope you had a nice wedding and a few relaxing
>>>>>>>>> days...
>>>>>>>>>
>>>>>>>>> Greetings Peter
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Am 24.05.2017 um 12:03 schrieb Peter Dähn:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ok.. then good luck...
>>>>>>>>>
>>>>>>>>> and best wishes when you are back... ;-)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Am 24.05.2017 um 11:57 schrieb Maxim Solodovnik:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks :)
>>>>>>>>>
>>>>>>>>> I'll be on vacation for the next 2 weeks, with rare access to the
>>>>>>>>> email
>>>>>>>>> from my phone, so no rush :)
>>>>>>>>>
>>>>>>>>> On Wed, May 24, 2017 at 4:55 PM, Peter Dähn <da...@vcrp.de> <
>>>>>>>>> daehn@vcrp.de> wrote:
>>>>>>>>>
>>>>>>>>> ok.. need to think about it... ;-)
>>>>>>>>>
>>>>>>>>> I will be back in office next week... maybe with "THE IDEA".. or
>>>>>>>>> maybe
>>>>>>>>> not... ;-)
>>>>>>>>>
>>>>>>>>> Greetings Peter
>>>>>>>>>
>>>>>>>>> Am 24.05.2017 um 11:21 schrieb Maxim Solodovnik:
>>>>>>>>>
>>>>>>>>> It is all discussible :)
>>>>>>>>>
>>>>>>>>> 3.0.7 still uses MD5CryptImplementation<https:/
>>>>>>>>> /github.com/apache/openmeetings/blob/3.0.x/src/util/
>>>>>>>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java>
>>>>>>>>> <
>>>>>>>>> https://github.com/apache/openmeetings/blob/3.0.x/src/util/
>>>>>>>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementati
>>>>>>>>> on.java>
>>>>>>>>> which
>>>>>>>>> is not secure at all :(((
>>>>>>>>> We can add back SHA256Implementation<https://g
>>>>>>>>> ithub.com/apache/openmeetings/blob/3.1.x/openmeeti
>>>>>>>>> ngs-util/src/main/java/org/apache/openmeetings/util/
>>>>>>>>> crypt/SHA256Implementation.java> <https://github.com/apache/ope
>>>>>>>>> nmeetings/blob/3.1.x/openmeetings-util/src/main/java/org/apa
>>>>>>>>> che/openmeetings/util/crypt/SHA256Implementation.java>
>>>>>>>>>
>>>>>>>>> (
>>>>>>>>> available since 3.1.x) for compatibility reasons, but I'm afraid
>>>>>>>>> there
>>>>>>>>> is
>>>>>>>>> no clean way to perform backup and preserve passwords .....
>>>>>>>>>
>>>>>>>>> I thought maybe we can add "Reset All passwords" admin function,
>>>>>>>>> but
>>>>>>>>> it is
>>>>>>>>> totally insecure :(
>>>>>>>>> Any ideas are appreciated :)
>>>>>>>>>
>>>>>>>>> On Wed, May 24, 2017 at 4:15 PM, Peter Dähn <da...@vcrp.de> <
>>>>>>>>> daehn@vcrp.de> wrote:
>>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I think further investigation is not needed. I just didn't see it
>>>>>>>>> before...
>>>>>>>>>
>>>>>>>>> Is this behavior the final state? Then it will be difficult to
>>>>>>>>> update my
>>>>>>>>> installation (3.0.7). This also should the problem with any
>>>>>>>>> installation
>>>>>>>>> before 3.3.0. Isn't it?
>>>>>>>>>
>>>>>>>>> Greetings Peter
>>>>>>>>>
>>>>>>>>> Am 24.05.2017 um 11:07 schrieb Maxim Solodovnik:
>>>>>>>>>
>>>>>>>>> Hello Peter,
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> these debug messages are OK during import (I can perform further
>>>>>>>>> investigation, but I believe this is not an issue)
>>>>>>>>>
>>>>>>>>> Current 4.0.0 contains backported code from 3.3.0 which has
>>>>>>>>> stronger
>>>>>>>>> Password rules ...
>>>>>>>>> You were unable to login after restore from backup since Password
>>>>>>>>> Crypt
>>>>>>>>> was
>>>>>>>>> changed to the SCrypt, which is stronger than SHA512 used before
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, May 24, 2017 at 3:50 PM, Peter Dähn <da...@vcrp.de> <
>>>>>>>>> daehn@vcrp.de> wrote:
>>>>>>>>>
>>>>>>>>> I tried to reset the password. I got following message:
>>>>>>>>>
>>>>>>>>> "Weak' password: at least 1 special symbol '!@#$%^&*][' is
>>>>>>>>> required"
>>>>>>>>>
>>>>>>>>> Could this be the Problem? I think this shouldn't be like that,
>>>>>>>>> because
>>>>>>>>> there wasn't such restriction before.
>>>>>>>>>
>>>>>>>>> Greetings Peter
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Am 24.05.2017 um 10:21 schrieb Peter Dähn:
>>>>>>>>>
>>>>>>>>> Hi Maxim,
>>>>>>>>>
>>>>>>>>> I wanted to try out html5 video components...
>>>>>>>>>
>>>>>>>>> While importing my backup (worked before) I got a lot of these
>>>>>>>>> messages
>>>>>>>>> below.
>>>>>>>>>
>>>>>>>>> DEBUG 05-24 10:06:49.592 AuthLevelUtil.java 56867 40
>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>> Login ::
>>>>>>>>> [GRANTED]
>>>>>>>>> DEBUG 05-24 10:06:49.601 AuthLevelUtil.java 56876 40
>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>> Login ::
>>>>>>>>> [DENIED]
>>>>>>>>> DEBUG 05-24 10:06:49.609 AuthLevelUtil.java 56884 40
>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>> Login ::
>>>>>>>>> [DENIED]
>>>>>>>>> DEBUG 05-24 10:06:49.615 AuthLevelUtil.java 56890 40
>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>> Login ::
>>>>>>>>> [DENIED]
>>>>>>>>> DEBUG 05-24 10:06:49.622 AuthLevelUtil.java 56897 40
>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>> Login ::
>>>>>>>>> [DENIED]
>>>>>>>>> DEBUG 05-24 10:06:49.629 AuthLevelUtil.java 56904 40
>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>> Login ::
>>>>>>>>> [DENIED]
>>>>>>>>> DEBUG 05-24 10:06:49.636 AuthLevelUtil.java 56911 40
>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>> Login ::
>>>>>>>>> [DENIED]
>>>>>>>>>
>>>>>>>>> I never noticed these ones before. After starting the server, I
>>>>>>>>> couldn't
>>>>>>>>> login with my admin user. "Username/email and/or password are
>>>>>>>>> incorrect."
>>>>>>>>>
>>>>>>>>> Any Ideas?
>>>>>>>>>
>>>>>>>>> Greetings Peter
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> B.Sc. Peter Dähn
>>>>>>>>> Virtueller Campus Rheinland-Pfalz <http://www.vcrp.de/>
>>>>>>>>> Postfach 3049
>>>>>>>>> 67653 Kaiserslautern
>>>>>>>>> Tel: 0631/205-4944
>>>>>>>>> Olat <https://olat.vcrp.de/>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>> B.Sc. Peter Dähn
>>>>>>> Virtueller Campus Rheinland-Pfalz <http://www.vcrp.de/>
>>>>>>> Postfach 3049
>>>>>>> 67653 Kaiserslautern
>>>>>>> Tel: 0631/205-4944
>>>>>>> Olat <https://olat.vcrp.de/>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> WBR
>>>>>> Maxim aka solomax
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>
>>>
>>> --
>>> WBR
>>> Maxim aka solomax
>>>
>>
>>
>>
>> --
>> WBR
>> Maxim aka solomax
>>
>
>
>
> --
> WBR
> Maxim aka solomax
>
--
WBR
Maxim aka solomax
Re: Error while import backup
Posted by Maxim Solodovnik <so...@gmail.com>.
Found the issue, sorry for the noise
On Mon, Jun 19, 2017 at 5:38 PM, Maxim Solodovnik <so...@gmail.com>
wrote:
> Weird ....
> my tests shows crypt class can't be MD5Implementation after import ....
> Maybe you did any manual manipulations with DB?
>
> On Mon, Jun 19, 2017 at 5:30 PM, Maxim Solodovnik <so...@gmail.com>
> wrote:
>
>> Additional fix is required :(
>> Could you please manually change crypt class name in configuration DB
>> table to be org.apache.openmeetings.util.crypt.SCryptImplementation and
>> restart OM?
>>
>> will try to commit changes ASAP
>>
>> On Mon, Jun 19, 2017 at 5:06 PM, Peter Dähn <da...@vcrp.de> wrote:
>>
>>> Hello Maxim,
>>>
>>> checked out fresh 3.3.x code and compiled it.
>>>
>>> ########################################################
>>> # Openmeetings is up #
>>> # 3.3.0-SNAPSHOT 5889b5beda3299418cf80ee68846ea5ce54ee9ed
>>> 2017/06/19 09:33 #
>>> # and ready to use #
>>> ########################################################
>>>
>>> Import backup works so far, Login ended up in "Internal Error Page".
>>> Belonging Error in the log underneath.
>>>
>>>
>>> DEBUG 06-19 12:00:03.155 UserDao.java 162929 642
>>> org.apache.openmeetings.db.dao.user.UserDao
>>> [http-nio-0.0.0.0-5080-exec-7] - login:: 1 users were found
>>> DEBUG 06-19 12:00:03.169 CryptProvider.java 162943 36
>>> org.apache.openmeetings.util.crypt.CryptProvider
>>> [http-nio-0.0.0.0-5080-exec-7] - getInstanceOfCrypt::
>>> configKeyCryptClassName: org.apache.openmeetings.util.c
>>> rypt.MD5Implementation
>>> ERROR 06-19 12:00:03.174 CryptProvider.java 162948 40
>>> org.apache.openmeetings.util.crypt.CryptProvider
>>> [http-nio-0.0.0.0-5080-exec-7] - [getInstanceOfCrypt]
>>> java.lang.ClassCastException: org.apache.openmeetings.util.crypt.MD5Implementation
>>> cannot be cast to org.apache.openmeetings.util.crypt.ICrypt
>>> at org.apache.openmeetings.util.crypt.CryptProvider.get(CryptPr
>>> ovider.java:38)
>>> at org.apache.openmeetings.db.dao.user.UserDao.verifyPassword(U
>>> serDao.java:473)
>>> at org.apache.openmeetings.db.dao.user.UserDao.login(UserDao.ja
>>> va:650)
>>> at org.apache.openmeetings.db.dao.user.UserDao$$FastClassBySpri
>>> ngCGLIB$$1492ba5a.invoke(<generated>)
>>> at org.springframework.cglib.proxy.MethodProxy.invoke(MethodPro
>>> xy.java:204)
>>> at org.springframework.aop.framework.CglibAopProxy$CglibMethodI
>>> nvocation.invokeJoinpoint(CglibAopProxy.java:721)
>>> at org.springframework.aop.framework.ReflectiveMethodInvocation
>>> .proceed(ReflectiveMethodInvocation.java:157)
>>> at org.springframework.transaction.interceptor.TransactionInter
>>> ceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
>>> at org.springframework.transaction.interceptor.TransactionAspec
>>> tSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
>>> at org.springframework.transaction.interceptor.TransactionInter
>>> ceptor.invoke(TransactionInterceptor.java:96)
>>> at org.springframework.aop.framework.ReflectiveMethodInvocation
>>> .proceed(ReflectiveMethodInvocation.java:179)
>>> at org.springframework.aop.framework.CglibAopProxy$DynamicAdvis
>>> edInterceptor.intercept(CglibAopProxy.java:656)
>>> at org.apache.openmeetings.db.dao.user.UserDao$$EnhancerBySprin
>>> gCGLIB$$ae5af194.login(<generated>)
>>> at org.apache.openmeetings.web.app.WebSession.signIn(WebSession
>>> .java:336)
>>> at org.apache.openmeetings.web.pages.auth.SignInDialog.onSubmit
>>> (SignInDialog.java:188)
>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
>>> alog$DialogFormSubmitter.onSubmit(AbstractFormDialog.java:294)
>>> at org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.
>>> java:1248)
>>> at org.apache.wicket.markup.html.form.Form.process(Form.java:946)
>>> at org.apache.wicket.markup.html.form.StatelessForm.process(Sta
>>> telessForm.java:100)
>>> at org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form
>>> .java:770)
>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
>>> alog.internalOnClick(AbstractFormDialog.java:215)
>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractDialog
>>> $1.onClick(AbstractDialog.java:413)
>>> at com.googlecode.wicket.jquery.ui.widget.dialog.DialogBehavior
>>> .onAjax(DialogBehavior.java:188)
>>> at com.googlecode.wicket.jquery.core.ajax.JQueryAjaxBehavior.re
>>> spond(JQueryAjaxBehavior.java:173)
>>> at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest
>>> (AbstractDefaultAjaxBehavior.java:598)
>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>> r.internalInvoke(ListenerRequestHandler.java:308)
>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>> r.invoke(ListenerRequestHandler.java:282)
>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>> r.invokeListener(ListenerRequestHandler.java:224)
>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>> r.respond(ListenerRequestHandler.java:210)
>>> at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor
>>> .respond(RequestCycle.java:912)
>>> at org.apache.wicket.request.RequestHandlerExecutor.execute(Req
>>> uestHandlerExecutor.java:65)
>>> at org.apache.wicket.request.cycle.RequestCycle.execute(Request
>>> Cycle.java:283)
>>> at org.apache.wicket.request.cycle.RequestCycle.processRequest(
>>> RequestCycle.java:253)
>>> at org.apache.wicket.request.cycle.RequestCycle.processRequestA
>>> ndDetach(RequestCycle.java:221)
>>> at org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processR
>>> equestCycle(AbstractUpgradeFilter.java:70)
>>> at org.apache.wicket.protocol.http.WicketFilter.processRequest(
>>> WicketFilter.java:204)
>>> at org.apache.wicket.protocol.http.WicketFilter.doFilter(Wicket
>>> Filter.java:286)
>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>>> lter(ApplicationFilterChain.java:192)
>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>>> licationFilterChain.java:165)
>>> at org.red5.logging.LoggerContextFilter.doFilter(LoggerContextF
>>> ilter.java:84)
>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>>> lter(ApplicationFilterChain.java:192)
>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>>> licationFilterChain.java:165)
>>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar
>>> dWrapperValve.java:198)
>>> at org.apache.catalina.core.StandardContextValve.invoke(Standar
>>> dContextValve.java:96)
>>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A
>>> uthenticatorBase.java:478)
>>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo
>>> stValve.java:140)
>>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo
>>> rtValve.java:80)
>>> at org.apache.catalina.valves.AbstractAccessLogValve.invoke(Abs
>>> tractAccessLogValve.java:624)
>>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard
>>> EngineValve.java:87)
>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd
>>> apter.java:341)
>>> at org.apache.coyote.http11.Http11Processor.service(Http11Proce
>>> ssor.java:783)
>>> at org.apache.coyote.AbstractProcessorLight.process(AbstractPro
>>> cessorLight.java:66)
>>> at org.apache.coyote.AbstractProtocol$ConnectionHandler.process
>>> (AbstractProtocol.java:798)
>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
>>> (NioEndpoint.java:1441)
>>> at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketPro
>>> cessorBase.java:49)
>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>>> Executor.java:1142)
>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>>> lExecutor.java:617)
>>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r
>>> un(TaskThread.java:61)
>>> at java.lang.Thread.run(Thread.java:745)
>>> ERROR 06-19 12:00:03.191 DefaultExceptionMapper.java 162965 170
>>> org.apache.wicket.DefaultExceptionMapper [http-nio-0.0.0.0-5080-exec-7]
>>> - Unexpected error occurred
>>> java.lang.NullPointerException: null
>>> at org.apache.openmeetings.db.dao.user.UserDao.verifyPassword(U
>>> serDao.java:474)
>>> at org.apache.openmeetings.db.dao.user.UserDao.login(UserDao.ja
>>> va:650)
>>> at org.apache.openmeetings.db.dao.user.UserDao$$FastClassBySpri
>>> ngCGLIB$$1492ba5a.invoke(<generated>)
>>> at org.springframework.cglib.proxy.MethodProxy.invoke(MethodPro
>>> xy.java:204)
>>> at org.springframework.aop.framework.CglibAopProxy$CglibMethodI
>>> nvocation.invokeJoinpoint(CglibAopProxy.java:721)
>>> at org.springframework.aop.framework.ReflectiveMethodInvocation
>>> .proceed(ReflectiveMethodInvocation.java:157)
>>> at org.springframework.transaction.interceptor.TransactionInter
>>> ceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
>>> at org.springframework.transaction.interceptor.TransactionAspec
>>> tSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
>>> at org.springframework.transaction.interceptor.TransactionInter
>>> ceptor.invoke(TransactionInterceptor.java:96)
>>> at org.springframework.aop.framework.ReflectiveMethodInvocation
>>> .proceed(ReflectiveMethodInvocation.java:179)
>>> at org.springframework.aop.framework.CglibAopProxy$DynamicAdvis
>>> edInterceptor.intercept(CglibAopProxy.java:656)
>>> at org.apache.openmeetings.db.dao.user.UserDao$$EnhancerBySprin
>>> gCGLIB$$ae5af194.login(<generated>)
>>> at org.apache.openmeetings.web.app.WebSession.signIn(WebSession
>>> .java:336)
>>> at org.apache.openmeetings.web.pages.auth.SignInDialog.onSubmit
>>> (SignInDialog.java:188)
>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
>>> alog$DialogFormSubmitter.onSubmit(AbstractFormDialog.java:294)
>>> at org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.
>>> java:1248)
>>> at org.apache.wicket.markup.html.form.Form.process(Form.java:946)
>>> at org.apache.wicket.markup.html.form.StatelessForm.process(Sta
>>> telessForm.java:100)
>>> at org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form
>>> .java:770)
>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
>>> alog.internalOnClick(AbstractFormDialog.java:215)
>>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractDialog
>>> $1.onClick(AbstractDialog.java:413)
>>> at com.googlecode.wicket.jquery.ui.widget.dialog.DialogBehavior
>>> .onAjax(DialogBehavior.java:188)
>>> at com.googlecode.wicket.jquery.core.ajax.JQueryAjaxBehavior.re
>>> spond(JQueryAjaxBehavior.java:173)
>>> at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest
>>> (AbstractDefaultAjaxBehavior.java:598)
>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>> r.internalInvoke(ListenerRequestHandler.java:308)
>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>> r.invoke(ListenerRequestHandler.java:282)
>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>> r.invokeListener(ListenerRequestHandler.java:224)
>>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>>> r.respond(ListenerRequestHandler.java:210)
>>> at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor
>>> .respond(RequestCycle.java:912)
>>> at org.apache.wicket.request.RequestHandlerExecutor.execute(Req
>>> uestHandlerExecutor.java:65)
>>> at org.apache.wicket.request.cycle.RequestCycle.execute(Request
>>> Cycle.java:283)
>>> at org.apache.wicket.request.cycle.RequestCycle.processRequest(
>>> RequestCycle.java:253)
>>> at org.apache.wicket.request.cycle.RequestCycle.processRequestA
>>> ndDetach(RequestCycle.java:221)
>>> at org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processR
>>> equestCycle(AbstractUpgradeFilter.java:70)
>>> at org.apache.wicket.protocol.http.WicketFilter.processRequest(
>>> WicketFilter.java:204)
>>> at org.apache.wicket.protocol.http.WicketFilter.doFilter(Wicket
>>> Filter.java:286)
>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>>> lter(ApplicationFilterChain.java:192)
>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>>> licationFilterChain.java:165)
>>> at org.red5.logging.LoggerContextFilter.doFilter(LoggerContextF
>>> ilter.java:84)
>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>>> lter(ApplicationFilterChain.java:192)
>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>>> licationFilterChain.java:165)
>>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar
>>> dWrapperValve.java:198)
>>> at org.apache.catalina.core.StandardContextValve.invoke(Standar
>>> dContextValve.java:96)
>>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A
>>> uthenticatorBase.java:478)
>>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo
>>> stValve.java:140)
>>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo
>>> rtValve.java:80)
>>> at org.apache.catalina.valves.AbstractAccessLogValve.invoke(Abs
>>> tractAccessLogValve.java:624)
>>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard
>>> EngineValve.java:87)
>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd
>>> apter.java:341)
>>> at org.apache.coyote.http11.Http11Processor.service(Http11Proce
>>> ssor.java:783)
>>> at org.apache.coyote.AbstractProcessorLight.process(AbstractPro
>>> cessorLight.java:66)
>>> at org.apache.coyote.AbstractProtocol$ConnectionHandler.process
>>> (AbstractProtocol.java:798)
>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
>>> (NioEndpoint.java:1441)
>>> at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketPro
>>> cessorBase.java:49)
>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>>> Executor.java:1142)
>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>>> lExecutor.java:617)
>>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r
>>> un(TaskThread.java:61)
>>> at java.lang.Thread.run(Thread.java:745)
>>>
>>> Any Ideas?
>>>
>>> Greetings Peter
>>>
>>>
>>> Am 17.06.2017 um 08:15 schrieb Maxim Solodovnik:
>>>
>>>> Hello Peter,
>>>>
>>>> I have implemented #3
>>>> http://git-wip-us.apache.org/repos/asf/openmeetings/diff/156bcc79
>>>> The only difference: Password re-hashing is not being emailed but logged
>>>> with WARN level
>>>>
>>>> Would appreciate if you can test it and let me know your thoughts :)
>>>>
>>>> Build 36+ from here:
>>>> https://builds.apache.org/view/M-R/view/OpenMeetings/job/Ope
>>>> nmeetings%203.3.x/
>>>>
>>>>
>>>> On Fri, Jun 16, 2017 at 2:43 PM, Maxim Solodovnik <solomax666@gmail.com
>>>> >
>>>> wrote:
>>>>
>>>> Both external and LDAP users would not be affected
>>>>>
>>>>> Will try to implement 3) as you have described, looks doable :)
>>>>> Thanks!
>>>>>
>>>>> On Fri, Jun 16, 2017 at 2:34 PM, Peter Dähn <lm...@vcrp.de> wrote:
>>>>>
>>>>> Hi Maxim,
>>>>>>
>>>>>> We have a lot external user in our system and just a few "real" user.
>>>>>> Am
>>>>>> I right that this doesn't apply to external user or does this case
>>>>>> also be
>>>>>> handled?
>>>>>>
>>>>>> 1 and 2 wouldn't be my favorites.
>>>>>>
>>>>>> I would prefer 3 and has an alternative if 3 isn't possible.
>>>>>>
>>>>>> 3) We hat a similar change in our system. They did it in the following
>>>>>> way.
>>>>>>
>>>>>> - user login -> check password with sha256
>>>>>> - if this doesn't match check password against md5
>>>>>> - if this match store sha256-hash for further logins and
>>>>>> send an
>>>>>> e-mail to that user "Rewrote password for security-reasons. If you
>>>>>> didin't
>>>>>> login right now, inform your system-admin" or something like that.
>>>>>> - if both hashes doesn't match deny login.
>>>>>>
>>>>>> This would be the most user-friendly way I think.
>>>>>>
>>>>>> 4) Alternatively one could reset all passwords and if a user try to
>>>>>> login
>>>>>> with empty password one get a popup "Your password need to renewed.
>>>>>> You got
>>>>>> an e-mail". The system sends an e-mail with a link to create a new
>>>>>> password.
>>>>>>
>>>>>> This are out ideas so far.
>>>>>>
>>>>>> Greetings Peter
>>>>>>
>>>>>>
>>>>>> Am 14.06.2017 um 09:07 schrieb Maxim Solodovnik:
>>>>>>
>>>>>> Sure, have to fix some issues
>>>>>>> Will try to finish everything until next week-end :)
>>>>>>> So no rush right now :)
>>>>>>>
>>>>>>> My ideas were:
>>>>>>> 1) Add Admin function "reset all passwords" (not sure how users
>>>>>>> should be
>>>>>>> notified on new password in this case)
>>>>>>> 2) Add Admin function: "Email all users" general email "Please reset
>>>>>>> your
>>>>>>> passwords" will be sent to all users
>>>>>>> 3) Allow login with old password and require user to change it,
>>>>>>> possible
>>>>>>> but seems to be tricky
>>>>>>>
>>>>>>> Will wait for the results of your discussion :)
>>>>>>>
>>>>>>> On Wed, Jun 14, 2017 at 2:00 PM, Peter Dähn <lm...@vcrp.de>
>>>>>>> wrote:
>>>>>>>
>>>>>>> Hi Maxim,
>>>>>>>
>>>>>>>> you are right, this point is left....
>>>>>>>> I think I try to discuss this with a colleague of mine. Maybe we
>>>>>>>> get an
>>>>>>>> idea...
>>>>>>>>
>>>>>>>> Back later the or most likely on Friday. I hope this is on time.
>>>>>>>>
>>>>>>>> Greetings Peter
>>>>>>>>
>>>>>>>>
>>>>>>>> Am 14.06.2017 um 07:43 schrieb Maxim Solodovnik:
>>>>>>>>
>>>>>>>> Thanks a lot Peter,
>>>>>>>>
>>>>>>>> Now I'm back and ready to help :)
>>>>>>>>
>>>>>>>> Would appreciate to hear any thought regarding "soft" changing of
>>>>>>>> password
>>>>>>>> hash function
>>>>>>>>
>>>>>>>> On Mon, Jun 12, 2017 at 6:40 PM, Peter Dähn <da...@vcrp.de> <
>>>>>>>> daehn@vcrp.de> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> so.. now it is time I think...
>>>>>>>>
>>>>>>>> Congratulations! I hope you had a nice wedding and a few relaxing
>>>>>>>> days...
>>>>>>>>
>>>>>>>> Greetings Peter
>>>>>>>>
>>>>>>>>
>>>>>>>> Am 24.05.2017 um 12:03 schrieb Peter Dähn:
>>>>>>>>
>>>>>>>>
>>>>>>>> ok.. then good luck...
>>>>>>>>
>>>>>>>> and best wishes when you are back... ;-)
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Am 24.05.2017 um 11:57 schrieb Maxim Solodovnik:
>>>>>>>>
>>>>>>>>
>>>>>>>> Thanks :)
>>>>>>>>
>>>>>>>> I'll be on vacation for the next 2 weeks, with rare access to the
>>>>>>>> email
>>>>>>>> from my phone, so no rush :)
>>>>>>>>
>>>>>>>> On Wed, May 24, 2017 at 4:55 PM, Peter Dähn <da...@vcrp.de> <
>>>>>>>> daehn@vcrp.de> wrote:
>>>>>>>>
>>>>>>>> ok.. need to think about it... ;-)
>>>>>>>>
>>>>>>>> I will be back in office next week... maybe with "THE IDEA".. or
>>>>>>>> maybe
>>>>>>>> not... ;-)
>>>>>>>>
>>>>>>>> Greetings Peter
>>>>>>>>
>>>>>>>> Am 24.05.2017 um 11:21 schrieb Maxim Solodovnik:
>>>>>>>>
>>>>>>>> It is all discussible :)
>>>>>>>>
>>>>>>>> 3.0.7 still uses MD5CryptImplementation<https:/
>>>>>>>> /github.com/apache/openmeetings/blob/3.0.x/src/util/
>>>>>>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java>
>>>>>>>> <
>>>>>>>> https://github.com/apache/openmeetings/blob/3.0.x/src/util/
>>>>>>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementati
>>>>>>>> on.java>
>>>>>>>> which
>>>>>>>> is not secure at all :(((
>>>>>>>> We can add back SHA256Implementation<https://g
>>>>>>>> ithub.com/apache/openmeetings/blob/3.1.x/openmeeti
>>>>>>>> ngs-util/src/main/java/org/apache/openmeetings/util/
>>>>>>>> crypt/SHA256Implementation.java> <https://github.com/apache/ope
>>>>>>>> nmeetings/blob/3.1.x/openmeetings-util/src/main/java/org/apa
>>>>>>>> che/openmeetings/util/crypt/SHA256Implementation.java>
>>>>>>>>
>>>>>>>> (
>>>>>>>> available since 3.1.x) for compatibility reasons, but I'm afraid
>>>>>>>> there
>>>>>>>> is
>>>>>>>> no clean way to perform backup and preserve passwords .....
>>>>>>>>
>>>>>>>> I thought maybe we can add "Reset All passwords" admin function, but
>>>>>>>> it is
>>>>>>>> totally insecure :(
>>>>>>>> Any ideas are appreciated :)
>>>>>>>>
>>>>>>>> On Wed, May 24, 2017 at 4:15 PM, Peter Dähn <da...@vcrp.de> <
>>>>>>>> daehn@vcrp.de> wrote:
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>>
>>>>>>>> I think further investigation is not needed. I just didn't see it
>>>>>>>> before...
>>>>>>>>
>>>>>>>> Is this behavior the final state? Then it will be difficult to
>>>>>>>> update my
>>>>>>>> installation (3.0.7). This also should the problem with any
>>>>>>>> installation
>>>>>>>> before 3.3.0. Isn't it?
>>>>>>>>
>>>>>>>> Greetings Peter
>>>>>>>>
>>>>>>>> Am 24.05.2017 um 11:07 schrieb Maxim Solodovnik:
>>>>>>>>
>>>>>>>> Hello Peter,
>>>>>>>>
>>>>>>>>
>>>>>>>> these debug messages are OK during import (I can perform further
>>>>>>>> investigation, but I believe this is not an issue)
>>>>>>>>
>>>>>>>> Current 4.0.0 contains backported code from 3.3.0 which has stronger
>>>>>>>> Password rules ...
>>>>>>>> You were unable to login after restore from backup since Password
>>>>>>>> Crypt
>>>>>>>> was
>>>>>>>> changed to the SCrypt, which is stronger than SHA512 used before
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, May 24, 2017 at 3:50 PM, Peter Dähn <da...@vcrp.de> <
>>>>>>>> daehn@vcrp.de> wrote:
>>>>>>>>
>>>>>>>> I tried to reset the password. I got following message:
>>>>>>>>
>>>>>>>> "Weak' password: at least 1 special symbol '!@#$%^&*][' is required"
>>>>>>>>
>>>>>>>> Could this be the Problem? I think this shouldn't be like that,
>>>>>>>> because
>>>>>>>> there wasn't such restriction before.
>>>>>>>>
>>>>>>>> Greetings Peter
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Am 24.05.2017 um 10:21 schrieb Peter Dähn:
>>>>>>>>
>>>>>>>> Hi Maxim,
>>>>>>>>
>>>>>>>> I wanted to try out html5 video components...
>>>>>>>>
>>>>>>>> While importing my backup (worked before) I got a lot of these
>>>>>>>> messages
>>>>>>>> below.
>>>>>>>>
>>>>>>>> DEBUG 05-24 10:06:49.592 AuthLevelUtil.java 56867 40
>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>> Login ::
>>>>>>>> [GRANTED]
>>>>>>>> DEBUG 05-24 10:06:49.601 AuthLevelUtil.java 56876 40
>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>> Login ::
>>>>>>>> [DENIED]
>>>>>>>> DEBUG 05-24 10:06:49.609 AuthLevelUtil.java 56884 40
>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>> Login ::
>>>>>>>> [DENIED]
>>>>>>>> DEBUG 05-24 10:06:49.615 AuthLevelUtil.java 56890 40
>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>> Login ::
>>>>>>>> [DENIED]
>>>>>>>> DEBUG 05-24 10:06:49.622 AuthLevelUtil.java 56897 40
>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>> Login ::
>>>>>>>> [DENIED]
>>>>>>>> DEBUG 05-24 10:06:49.629 AuthLevelUtil.java 56904 40
>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>> Login ::
>>>>>>>> [DENIED]
>>>>>>>> DEBUG 05-24 10:06:49.636 AuthLevelUtil.java 56911 40
>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>> Login ::
>>>>>>>> [DENIED]
>>>>>>>>
>>>>>>>> I never noticed these ones before. After starting the server, I
>>>>>>>> couldn't
>>>>>>>> login with my admin user. "Username/email and/or password are
>>>>>>>> incorrect."
>>>>>>>>
>>>>>>>> Any Ideas?
>>>>>>>>
>>>>>>>> Greetings Peter
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> B.Sc. Peter Dähn
>>>>>>>> Virtueller Campus Rheinland-Pfalz <http://www.vcrp.de/>
>>>>>>>> Postfach 3049
>>>>>>>> 67653 Kaiserslautern
>>>>>>>> Tel: 0631/205-4944
>>>>>>>> Olat <https://olat.vcrp.de/>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>> B.Sc. Peter Dähn
>>>>>> Virtueller Campus Rheinland-Pfalz <http://www.vcrp.de/>
>>>>>> Postfach 3049
>>>>>> 67653 Kaiserslautern
>>>>>> Tel: 0631/205-4944
>>>>>> Olat <https://olat.vcrp.de/>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> WBR
>>>>> Maxim aka solomax
>>>>>
>>>>>
>>>>
>>>>
>>
>>
>> --
>> WBR
>> Maxim aka solomax
>>
>
>
>
> --
> WBR
> Maxim aka solomax
>
--
WBR
Maxim aka solomax
Re: Error while import backup
Posted by Maxim Solodovnik <so...@gmail.com>.
Weird ....
my tests shows crypt class can't be MD5Implementation after import ....
Maybe you did any manual manipulations with DB?
On Mon, Jun 19, 2017 at 5:30 PM, Maxim Solodovnik <so...@gmail.com>
wrote:
> Additional fix is required :(
> Could you please manually change crypt class name in configuration DB
> table to be org.apache.openmeetings.util.crypt.SCryptImplementation and
> restart OM?
>
> will try to commit changes ASAP
>
> On Mon, Jun 19, 2017 at 5:06 PM, Peter Dähn <da...@vcrp.de> wrote:
>
>> Hello Maxim,
>>
>> checked out fresh 3.3.x code and compiled it.
>>
>> ########################################################
>> # Openmeetings is up #
>> # 3.3.0-SNAPSHOT 5889b5beda3299418cf80ee68846ea5ce54ee9ed
>> 2017/06/19 09:33 #
>> # and ready to use #
>> ########################################################
>>
>> Import backup works so far, Login ended up in "Internal Error Page".
>> Belonging Error in the log underneath.
>>
>>
>> DEBUG 06-19 12:00:03.155 UserDao.java 162929 642
>> org.apache.openmeetings.db.dao.user.UserDao
>> [http-nio-0.0.0.0-5080-exec-7] - login:: 1 users were found
>> DEBUG 06-19 12:00:03.169 CryptProvider.java 162943 36
>> org.apache.openmeetings.util.crypt.CryptProvider
>> [http-nio-0.0.0.0-5080-exec-7] - getInstanceOfCrypt::
>> configKeyCryptClassName: org.apache.openmeetings.util.c
>> rypt.MD5Implementation
>> ERROR 06-19 12:00:03.174 CryptProvider.java 162948 40
>> org.apache.openmeetings.util.crypt.CryptProvider
>> [http-nio-0.0.0.0-5080-exec-7] - [getInstanceOfCrypt]
>> java.lang.ClassCastException: org.apache.openmeetings.util.crypt.MD5Implementation
>> cannot be cast to org.apache.openmeetings.util.crypt.ICrypt
>> at org.apache.openmeetings.util.crypt.CryptProvider.get(CryptPr
>> ovider.java:38)
>> at org.apache.openmeetings.db.dao.user.UserDao.verifyPassword(U
>> serDao.java:473)
>> at org.apache.openmeetings.db.dao.user.UserDao.login(UserDao.ja
>> va:650)
>> at org.apache.openmeetings.db.dao.user.UserDao$$FastClassBySpri
>> ngCGLIB$$1492ba5a.invoke(<generated>)
>> at org.springframework.cglib.proxy.MethodProxy.invoke(MethodPro
>> xy.java:204)
>> at org.springframework.aop.framework.CglibAopProxy$CglibMethodI
>> nvocation.invokeJoinpoint(CglibAopProxy.java:721)
>> at org.springframework.aop.framework.ReflectiveMethodInvocation
>> .proceed(ReflectiveMethodInvocation.java:157)
>> at org.springframework.transaction.interceptor.TransactionInter
>> ceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
>> at org.springframework.transaction.interceptor.TransactionAspec
>> tSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
>> at org.springframework.transaction.interceptor.TransactionInter
>> ceptor.invoke(TransactionInterceptor.java:96)
>> at org.springframework.aop.framework.ReflectiveMethodInvocation
>> .proceed(ReflectiveMethodInvocation.java:179)
>> at org.springframework.aop.framework.CglibAopProxy$DynamicAdvis
>> edInterceptor.intercept(CglibAopProxy.java:656)
>> at org.apache.openmeetings.db.dao.user.UserDao$$EnhancerBySprin
>> gCGLIB$$ae5af194.login(<generated>)
>> at org.apache.openmeetings.web.app.WebSession.signIn(WebSession
>> .java:336)
>> at org.apache.openmeetings.web.pages.auth.SignInDialog.onSubmit
>> (SignInDialog.java:188)
>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
>> alog$DialogFormSubmitter.onSubmit(AbstractFormDialog.java:294)
>> at org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.
>> java:1248)
>> at org.apache.wicket.markup.html.form.Form.process(Form.java:946)
>> at org.apache.wicket.markup.html.form.StatelessForm.process(Sta
>> telessForm.java:100)
>> at org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form
>> .java:770)
>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
>> alog.internalOnClick(AbstractFormDialog.java:215)
>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractDialog
>> $1.onClick(AbstractDialog.java:413)
>> at com.googlecode.wicket.jquery.ui.widget.dialog.DialogBehavior
>> .onAjax(DialogBehavior.java:188)
>> at com.googlecode.wicket.jquery.core.ajax.JQueryAjaxBehavior.re
>> spond(JQueryAjaxBehavior.java:173)
>> at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest
>> (AbstractDefaultAjaxBehavior.java:598)
>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>> r.internalInvoke(ListenerRequestHandler.java:308)
>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>> r.invoke(ListenerRequestHandler.java:282)
>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>> r.invokeListener(ListenerRequestHandler.java:224)
>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>> r.respond(ListenerRequestHandler.java:210)
>> at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor
>> .respond(RequestCycle.java:912)
>> at org.apache.wicket.request.RequestHandlerExecutor.execute(Req
>> uestHandlerExecutor.java:65)
>> at org.apache.wicket.request.cycle.RequestCycle.execute(Request
>> Cycle.java:283)
>> at org.apache.wicket.request.cycle.RequestCycle.processRequest(
>> RequestCycle.java:253)
>> at org.apache.wicket.request.cycle.RequestCycle.processRequestA
>> ndDetach(RequestCycle.java:221)
>> at org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processR
>> equestCycle(AbstractUpgradeFilter.java:70)
>> at org.apache.wicket.protocol.http.WicketFilter.processRequest(
>> WicketFilter.java:204)
>> at org.apache.wicket.protocol.http.WicketFilter.doFilter(Wicket
>> Filter.java:286)
>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>> lter(ApplicationFilterChain.java:192)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>> licationFilterChain.java:165)
>> at org.red5.logging.LoggerContextFilter.doFilter(LoggerContextF
>> ilter.java:84)
>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>> lter(ApplicationFilterChain.java:192)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>> licationFilterChain.java:165)
>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar
>> dWrapperValve.java:198)
>> at org.apache.catalina.core.StandardContextValve.invoke(Standar
>> dContextValve.java:96)
>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A
>> uthenticatorBase.java:478)
>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo
>> stValve.java:140)
>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo
>> rtValve.java:80)
>> at org.apache.catalina.valves.AbstractAccessLogValve.invoke(Abs
>> tractAccessLogValve.java:624)
>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard
>> EngineValve.java:87)
>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd
>> apter.java:341)
>> at org.apache.coyote.http11.Http11Processor.service(Http11Proce
>> ssor.java:783)
>> at org.apache.coyote.AbstractProcessorLight.process(AbstractPro
>> cessorLight.java:66)
>> at org.apache.coyote.AbstractProtocol$ConnectionHandler.process
>> (AbstractProtocol.java:798)
>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
>> (NioEndpoint.java:1441)
>> at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketPro
>> cessorBase.java:49)
>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>> Executor.java:1142)
>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>> lExecutor.java:617)
>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r
>> un(TaskThread.java:61)
>> at java.lang.Thread.run(Thread.java:745)
>> ERROR 06-19 12:00:03.191 DefaultExceptionMapper.java 162965 170
>> org.apache.wicket.DefaultExceptionMapper [http-nio-0.0.0.0-5080-exec-7]
>> - Unexpected error occurred
>> java.lang.NullPointerException: null
>> at org.apache.openmeetings.db.dao.user.UserDao.verifyPassword(U
>> serDao.java:474)
>> at org.apache.openmeetings.db.dao.user.UserDao.login(UserDao.ja
>> va:650)
>> at org.apache.openmeetings.db.dao.user.UserDao$$FastClassBySpri
>> ngCGLIB$$1492ba5a.invoke(<generated>)
>> at org.springframework.cglib.proxy.MethodProxy.invoke(MethodPro
>> xy.java:204)
>> at org.springframework.aop.framework.CglibAopProxy$CglibMethodI
>> nvocation.invokeJoinpoint(CglibAopProxy.java:721)
>> at org.springframework.aop.framework.ReflectiveMethodInvocation
>> .proceed(ReflectiveMethodInvocation.java:157)
>> at org.springframework.transaction.interceptor.TransactionInter
>> ceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
>> at org.springframework.transaction.interceptor.TransactionAspec
>> tSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
>> at org.springframework.transaction.interceptor.TransactionInter
>> ceptor.invoke(TransactionInterceptor.java:96)
>> at org.springframework.aop.framework.ReflectiveMethodInvocation
>> .proceed(ReflectiveMethodInvocation.java:179)
>> at org.springframework.aop.framework.CglibAopProxy$DynamicAdvis
>> edInterceptor.intercept(CglibAopProxy.java:656)
>> at org.apache.openmeetings.db.dao.user.UserDao$$EnhancerBySprin
>> gCGLIB$$ae5af194.login(<generated>)
>> at org.apache.openmeetings.web.app.WebSession.signIn(WebSession
>> .java:336)
>> at org.apache.openmeetings.web.pages.auth.SignInDialog.onSubmit
>> (SignInDialog.java:188)
>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
>> alog$DialogFormSubmitter.onSubmit(AbstractFormDialog.java:294)
>> at org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.
>> java:1248)
>> at org.apache.wicket.markup.html.form.Form.process(Form.java:946)
>> at org.apache.wicket.markup.html.form.StatelessForm.process(Sta
>> telessForm.java:100)
>> at org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form
>> .java:770)
>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
>> alog.internalOnClick(AbstractFormDialog.java:215)
>> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractDialog
>> $1.onClick(AbstractDialog.java:413)
>> at com.googlecode.wicket.jquery.ui.widget.dialog.DialogBehavior
>> .onAjax(DialogBehavior.java:188)
>> at com.googlecode.wicket.jquery.core.ajax.JQueryAjaxBehavior.re
>> spond(JQueryAjaxBehavior.java:173)
>> at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest
>> (AbstractDefaultAjaxBehavior.java:598)
>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>> r.internalInvoke(ListenerRequestHandler.java:308)
>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>> r.invoke(ListenerRequestHandler.java:282)
>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>> r.invokeListener(ListenerRequestHandler.java:224)
>> at org.apache.wicket.core.request.handler.ListenerRequestHandle
>> r.respond(ListenerRequestHandler.java:210)
>> at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor
>> .respond(RequestCycle.java:912)
>> at org.apache.wicket.request.RequestHandlerExecutor.execute(Req
>> uestHandlerExecutor.java:65)
>> at org.apache.wicket.request.cycle.RequestCycle.execute(Request
>> Cycle.java:283)
>> at org.apache.wicket.request.cycle.RequestCycle.processRequest(
>> RequestCycle.java:253)
>> at org.apache.wicket.request.cycle.RequestCycle.processRequestA
>> ndDetach(RequestCycle.java:221)
>> at org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processR
>> equestCycle(AbstractUpgradeFilter.java:70)
>> at org.apache.wicket.protocol.http.WicketFilter.processRequest(
>> WicketFilter.java:204)
>> at org.apache.wicket.protocol.http.WicketFilter.doFilter(Wicket
>> Filter.java:286)
>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>> lter(ApplicationFilterChain.java:192)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>> licationFilterChain.java:165)
>> at org.red5.logging.LoggerContextFilter.doFilter(LoggerContextF
>> ilter.java:84)
>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
>> lter(ApplicationFilterChain.java:192)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
>> licationFilterChain.java:165)
>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar
>> dWrapperValve.java:198)
>> at org.apache.catalina.core.StandardContextValve.invoke(Standar
>> dContextValve.java:96)
>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A
>> uthenticatorBase.java:478)
>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo
>> stValve.java:140)
>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo
>> rtValve.java:80)
>> at org.apache.catalina.valves.AbstractAccessLogValve.invoke(Abs
>> tractAccessLogValve.java:624)
>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard
>> EngineValve.java:87)
>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd
>> apter.java:341)
>> at org.apache.coyote.http11.Http11Processor.service(Http11Proce
>> ssor.java:783)
>> at org.apache.coyote.AbstractProcessorLight.process(AbstractPro
>> cessorLight.java:66)
>> at org.apache.coyote.AbstractProtocol$ConnectionHandler.process
>> (AbstractProtocol.java:798)
>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
>> (NioEndpoint.java:1441)
>> at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketPro
>> cessorBase.java:49)
>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>> Executor.java:1142)
>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>> lExecutor.java:617)
>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r
>> un(TaskThread.java:61)
>> at java.lang.Thread.run(Thread.java:745)
>>
>> Any Ideas?
>>
>> Greetings Peter
>>
>>
>> Am 17.06.2017 um 08:15 schrieb Maxim Solodovnik:
>>
>>> Hello Peter,
>>>
>>> I have implemented #3
>>> http://git-wip-us.apache.org/repos/asf/openmeetings/diff/156bcc79
>>> The only difference: Password re-hashing is not being emailed but logged
>>> with WARN level
>>>
>>> Would appreciate if you can test it and let me know your thoughts :)
>>>
>>> Build 36+ from here:
>>> https://builds.apache.org/view/M-R/view/OpenMeetings/job/Ope
>>> nmeetings%203.3.x/
>>>
>>>
>>> On Fri, Jun 16, 2017 at 2:43 PM, Maxim Solodovnik <so...@gmail.com>
>>> wrote:
>>>
>>> Both external and LDAP users would not be affected
>>>>
>>>> Will try to implement 3) as you have described, looks doable :)
>>>> Thanks!
>>>>
>>>> On Fri, Jun 16, 2017 at 2:34 PM, Peter Dähn <lm...@vcrp.de> wrote:
>>>>
>>>> Hi Maxim,
>>>>>
>>>>> We have a lot external user in our system and just a few "real" user.
>>>>> Am
>>>>> I right that this doesn't apply to external user or does this case
>>>>> also be
>>>>> handled?
>>>>>
>>>>> 1 and 2 wouldn't be my favorites.
>>>>>
>>>>> I would prefer 3 and has an alternative if 3 isn't possible.
>>>>>
>>>>> 3) We hat a similar change in our system. They did it in the following
>>>>> way.
>>>>>
>>>>> - user login -> check password with sha256
>>>>> - if this doesn't match check password against md5
>>>>> - if this match store sha256-hash for further logins and send
>>>>> an
>>>>> e-mail to that user "Rewrote password for security-reasons. If you
>>>>> didin't
>>>>> login right now, inform your system-admin" or something like that.
>>>>> - if both hashes doesn't match deny login.
>>>>>
>>>>> This would be the most user-friendly way I think.
>>>>>
>>>>> 4) Alternatively one could reset all passwords and if a user try to
>>>>> login
>>>>> with empty password one get a popup "Your password need to renewed.
>>>>> You got
>>>>> an e-mail". The system sends an e-mail with a link to create a new
>>>>> password.
>>>>>
>>>>> This are out ideas so far.
>>>>>
>>>>> Greetings Peter
>>>>>
>>>>>
>>>>> Am 14.06.2017 um 09:07 schrieb Maxim Solodovnik:
>>>>>
>>>>> Sure, have to fix some issues
>>>>>> Will try to finish everything until next week-end :)
>>>>>> So no rush right now :)
>>>>>>
>>>>>> My ideas were:
>>>>>> 1) Add Admin function "reset all passwords" (not sure how users
>>>>>> should be
>>>>>> notified on new password in this case)
>>>>>> 2) Add Admin function: "Email all users" general email "Please reset
>>>>>> your
>>>>>> passwords" will be sent to all users
>>>>>> 3) Allow login with old password and require user to change it,
>>>>>> possible
>>>>>> but seems to be tricky
>>>>>>
>>>>>> Will wait for the results of your discussion :)
>>>>>>
>>>>>> On Wed, Jun 14, 2017 at 2:00 PM, Peter Dähn <lm...@vcrp.de>
>>>>>> wrote:
>>>>>>
>>>>>> Hi Maxim,
>>>>>>
>>>>>>> you are right, this point is left....
>>>>>>> I think I try to discuss this with a colleague of mine. Maybe we get
>>>>>>> an
>>>>>>> idea...
>>>>>>>
>>>>>>> Back later the or most likely on Friday. I hope this is on time.
>>>>>>>
>>>>>>> Greetings Peter
>>>>>>>
>>>>>>>
>>>>>>> Am 14.06.2017 um 07:43 schrieb Maxim Solodovnik:
>>>>>>>
>>>>>>> Thanks a lot Peter,
>>>>>>>
>>>>>>> Now I'm back and ready to help :)
>>>>>>>
>>>>>>> Would appreciate to hear any thought regarding "soft" changing of
>>>>>>> password
>>>>>>> hash function
>>>>>>>
>>>>>>> On Mon, Jun 12, 2017 at 6:40 PM, Peter Dähn <da...@vcrp.de> <
>>>>>>> daehn@vcrp.de> wrote:
>>>>>>>
>>>>>>>
>>>>>>> so.. now it is time I think...
>>>>>>>
>>>>>>> Congratulations! I hope you had a nice wedding and a few relaxing
>>>>>>> days...
>>>>>>>
>>>>>>> Greetings Peter
>>>>>>>
>>>>>>>
>>>>>>> Am 24.05.2017 um 12:03 schrieb Peter Dähn:
>>>>>>>
>>>>>>>
>>>>>>> ok.. then good luck...
>>>>>>>
>>>>>>> and best wishes when you are back... ;-)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Am 24.05.2017 um 11:57 schrieb Maxim Solodovnik:
>>>>>>>
>>>>>>>
>>>>>>> Thanks :)
>>>>>>>
>>>>>>> I'll be on vacation for the next 2 weeks, with rare access to the
>>>>>>> email
>>>>>>> from my phone, so no rush :)
>>>>>>>
>>>>>>> On Wed, May 24, 2017 at 4:55 PM, Peter Dähn <da...@vcrp.de> <
>>>>>>> daehn@vcrp.de> wrote:
>>>>>>>
>>>>>>> ok.. need to think about it... ;-)
>>>>>>>
>>>>>>> I will be back in office next week... maybe with "THE IDEA".. or
>>>>>>> maybe
>>>>>>> not... ;-)
>>>>>>>
>>>>>>> Greetings Peter
>>>>>>>
>>>>>>> Am 24.05.2017 um 11:21 schrieb Maxim Solodovnik:
>>>>>>>
>>>>>>> It is all discussible :)
>>>>>>>
>>>>>>> 3.0.7 still uses MD5CryptImplementation<https:/
>>>>>>> /github.com/apache/openmeetings/blob/3.0.x/src/util/
>>>>>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java>
>>>>>>> <
>>>>>>> https://github.com/apache/openmeetings/blob/3.0.x/src/util/
>>>>>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java>
>>>>>>> which
>>>>>>> is not secure at all :(((
>>>>>>> We can add back SHA256Implementation<https://g
>>>>>>> ithub.com/apache/openmeetings/blob/3.1.x/openmeeti
>>>>>>> ngs-util/src/main/java/org/apache/openmeetings/util/
>>>>>>> crypt/SHA256Implementation.java> <https://github.com/apache/ope
>>>>>>> nmeetings/blob/3.1.x/openmeetings-util/src/main/java/org/apa
>>>>>>> che/openmeetings/util/crypt/SHA256Implementation.java>
>>>>>>>
>>>>>>> (
>>>>>>> available since 3.1.x) for compatibility reasons, but I'm afraid
>>>>>>> there
>>>>>>> is
>>>>>>> no clean way to perform backup and preserve passwords .....
>>>>>>>
>>>>>>> I thought maybe we can add "Reset All passwords" admin function, but
>>>>>>> it is
>>>>>>> totally insecure :(
>>>>>>> Any ideas are appreciated :)
>>>>>>>
>>>>>>> On Wed, May 24, 2017 at 4:15 PM, Peter Dähn <da...@vcrp.de> <
>>>>>>> daehn@vcrp.de> wrote:
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>>
>>>>>>> I think further investigation is not needed. I just didn't see it
>>>>>>> before...
>>>>>>>
>>>>>>> Is this behavior the final state? Then it will be difficult to
>>>>>>> update my
>>>>>>> installation (3.0.7). This also should the problem with any
>>>>>>> installation
>>>>>>> before 3.3.0. Isn't it?
>>>>>>>
>>>>>>> Greetings Peter
>>>>>>>
>>>>>>> Am 24.05.2017 um 11:07 schrieb Maxim Solodovnik:
>>>>>>>
>>>>>>> Hello Peter,
>>>>>>>
>>>>>>>
>>>>>>> these debug messages are OK during import (I can perform further
>>>>>>> investigation, but I believe this is not an issue)
>>>>>>>
>>>>>>> Current 4.0.0 contains backported code from 3.3.0 which has stronger
>>>>>>> Password rules ...
>>>>>>> You were unable to login after restore from backup since Password
>>>>>>> Crypt
>>>>>>> was
>>>>>>> changed to the SCrypt, which is stronger than SHA512 used before
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, May 24, 2017 at 3:50 PM, Peter Dähn <da...@vcrp.de> <
>>>>>>> daehn@vcrp.de> wrote:
>>>>>>>
>>>>>>> I tried to reset the password. I got following message:
>>>>>>>
>>>>>>> "Weak' password: at least 1 special symbol '!@#$%^&*][' is required"
>>>>>>>
>>>>>>> Could this be the Problem? I think this shouldn't be like that,
>>>>>>> because
>>>>>>> there wasn't such restriction before.
>>>>>>>
>>>>>>> Greetings Peter
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Am 24.05.2017 um 10:21 schrieb Peter Dähn:
>>>>>>>
>>>>>>> Hi Maxim,
>>>>>>>
>>>>>>> I wanted to try out html5 video components...
>>>>>>>
>>>>>>> While importing my backup (worked before) I got a lot of these
>>>>>>> messages
>>>>>>> below.
>>>>>>>
>>>>>>> DEBUG 05-24 10:06:49.592 AuthLevelUtil.java 56867 40
>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>> Login ::
>>>>>>> [GRANTED]
>>>>>>> DEBUG 05-24 10:06:49.601 AuthLevelUtil.java 56876 40
>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>> Login ::
>>>>>>> [DENIED]
>>>>>>> DEBUG 05-24 10:06:49.609 AuthLevelUtil.java 56884 40
>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>> Login ::
>>>>>>> [DENIED]
>>>>>>> DEBUG 05-24 10:06:49.615 AuthLevelUtil.java 56890 40
>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>> Login ::
>>>>>>> [DENIED]
>>>>>>> DEBUG 05-24 10:06:49.622 AuthLevelUtil.java 56897 40
>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>> Login ::
>>>>>>> [DENIED]
>>>>>>> DEBUG 05-24 10:06:49.629 AuthLevelUtil.java 56904 40
>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>> Login ::
>>>>>>> [DENIED]
>>>>>>> DEBUG 05-24 10:06:49.636 AuthLevelUtil.java 56911 40
>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>> Login ::
>>>>>>> [DENIED]
>>>>>>>
>>>>>>> I never noticed these ones before. After starting the server, I
>>>>>>> couldn't
>>>>>>> login with my admin user. "Username/email and/or password are
>>>>>>> incorrect."
>>>>>>>
>>>>>>> Any Ideas?
>>>>>>>
>>>>>>> Greetings Peter
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> B.Sc. Peter Dähn
>>>>>>> Virtueller Campus Rheinland-Pfalz <http://www.vcrp.de/>
>>>>>>> Postfach 3049
>>>>>>> 67653 Kaiserslautern
>>>>>>> Tel: 0631/205-4944
>>>>>>> Olat <https://olat.vcrp.de/>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>> B.Sc. Peter Dähn
>>>>> Virtueller Campus Rheinland-Pfalz <http://www.vcrp.de/>
>>>>> Postfach 3049
>>>>> 67653 Kaiserslautern
>>>>> Tel: 0631/205-4944
>>>>> Olat <https://olat.vcrp.de/>
>>>>>
>>>>>
>>>>
>>>> --
>>>> WBR
>>>> Maxim aka solomax
>>>>
>>>>
>>>
>>>
>
>
> --
> WBR
> Maxim aka solomax
>
--
WBR
Maxim aka solomax
Re: Error while import backup
Posted by Maxim Solodovnik <so...@gmail.com>.
Additional fix is required :(
Could you please manually change crypt class name in configuration DB table
to be org.apache.openmeetings.util.crypt.SCryptImplementation and restart
OM?
will try to commit changes ASAP
On Mon, Jun 19, 2017 at 5:06 PM, Peter Dähn <da...@vcrp.de> wrote:
> Hello Maxim,
>
> checked out fresh 3.3.x code and compiled it.
>
> ########################################################
> # Openmeetings is up #
> # 3.3.0-SNAPSHOT 5889b5beda3299418cf80ee68846ea5ce54ee9ed
> 2017/06/19 09:33 #
> # and ready to use #
> ########################################################
>
> Import backup works so far, Login ended up in "Internal Error Page".
> Belonging Error in the log underneath.
>
>
> DEBUG 06-19 12:00:03.155 UserDao.java 162929 642
> org.apache.openmeetings.db.dao.user.UserDao
> [http-nio-0.0.0.0-5080-exec-7] - login:: 1 users were found
> DEBUG 06-19 12:00:03.169 CryptProvider.java 162943 36
> org.apache.openmeetings.util.crypt.CryptProvider
> [http-nio-0.0.0.0-5080-exec-7] - getInstanceOfCrypt::
> configKeyCryptClassName: org.apache.openmeetings.util.c
> rypt.MD5Implementation
> ERROR 06-19 12:00:03.174 CryptProvider.java 162948 40
> org.apache.openmeetings.util.crypt.CryptProvider
> [http-nio-0.0.0.0-5080-exec-7] - [getInstanceOfCrypt]
> java.lang.ClassCastException: org.apache.openmeetings.util.crypt.MD5Implementation
> cannot be cast to org.apache.openmeetings.util.crypt.ICrypt
> at org.apache.openmeetings.util.crypt.CryptProvider.get(CryptPr
> ovider.java:38)
> at org.apache.openmeetings.db.dao.user.UserDao.verifyPassword(
> UserDao.java:473)
> at org.apache.openmeetings.db.dao.user.UserDao.login(UserDao.java:650)
> at org.apache.openmeetings.db.dao.user.UserDao$$FastClassBySpri
> ngCGLIB$$1492ba5a.invoke(<generated>)
> at org.springframework.cglib.proxy.MethodProxy.invoke(MethodPro
> xy.java:204)
> at org.springframework.aop.framework.CglibAopProxy$CglibMethodI
> nvocation.invokeJoinpoint(CglibAopProxy.java:721)
> at org.springframework.aop.framework.ReflectiveMethodInvocation
> .proceed(ReflectiveMethodInvocation.java:157)
> at org.springframework.transaction.interceptor.TransactionInter
> ceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
> at org.springframework.transaction.interceptor.TransactionAspec
> tSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
> at org.springframework.transaction.interceptor.TransactionInter
> ceptor.invoke(TransactionInterceptor.java:96)
> at org.springframework.aop.framework.ReflectiveMethodInvocation
> .proceed(ReflectiveMethodInvocation.java:179)
> at org.springframework.aop.framework.CglibAopProxy$DynamicAdvis
> edInterceptor.intercept(CglibAopProxy.java:656)
> at org.apache.openmeetings.db.dao.user.UserDao$$EnhancerBySprin
> gCGLIB$$ae5af194.login(<generated>)
> at org.apache.openmeetings.web.app.WebSession.signIn(WebSession
> .java:336)
> at org.apache.openmeetings.web.pages.auth.SignInDialog.onSubmit
> (SignInDialog.java:188)
> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
> alog$DialogFormSubmitter.onSubmit(AbstractFormDialog.java:294)
> at org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.
> java:1248)
> at org.apache.wicket.markup.html.form.Form.process(Form.java:946)
> at org.apache.wicket.markup.html.form.StatelessForm.process(Sta
> telessForm.java:100)
> at org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form
> .java:770)
> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
> alog.internalOnClick(AbstractFormDialog.java:215)
> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractDialog
> $1.onClick(AbstractDialog.java:413)
> at com.googlecode.wicket.jquery.ui.widget.dialog.DialogBehavior
> .onAjax(DialogBehavior.java:188)
> at com.googlecode.wicket.jquery.core.ajax.JQueryAjaxBehavior.re
> spond(JQueryAjaxBehavior.java:173)
> at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest
> (AbstractDefaultAjaxBehavior.java:598)
> at org.apache.wicket.core.request.handler.ListenerRequestHandle
> r.internalInvoke(ListenerRequestHandler.java:308)
> at org.apache.wicket.core.request.handler.ListenerRequestHandle
> r.invoke(ListenerRequestHandler.java:282)
> at org.apache.wicket.core.request.handler.ListenerRequestHandle
> r.invokeListener(ListenerRequestHandler.java:224)
> at org.apache.wicket.core.request.handler.ListenerRequestHandle
> r.respond(ListenerRequestHandler.java:210)
> at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor
> .respond(RequestCycle.java:912)
> at org.apache.wicket.request.RequestHandlerExecutor.execute(Req
> uestHandlerExecutor.java:65)
> at org.apache.wicket.request.cycle.RequestCycle.execute(Request
> Cycle.java:283)
> at org.apache.wicket.request.cycle.RequestCycle.processRequest(
> RequestCycle.java:253)
> at org.apache.wicket.request.cycle.RequestCycle.processRequestA
> ndDetach(RequestCycle.java:221)
> at org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processR
> equestCycle(AbstractUpgradeFilter.java:70)
> at org.apache.wicket.protocol.http.WicketFilter.processRequest(
> WicketFilter.java:204)
> at org.apache.wicket.protocol.http.WicketFilter.doFilter(Wicket
> Filter.java:286)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:192)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
> licationFilterChain.java:165)
> at org.red5.logging.LoggerContextFilter.doFilter(LoggerContextF
> ilter.java:84)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:192)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
> licationFilterChain.java:165)
> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar
> dWrapperValve.java:198)
> at org.apache.catalina.core.StandardContextValve.invoke(Standar
> dContextValve.java:96)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A
> uthenticatorBase.java:478)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo
> stValve.java:140)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo
> rtValve.java:80)
> at org.apache.catalina.valves.AbstractAccessLogValve.invoke(Abs
> tractAccessLogValve.java:624)
> at org.apache.catalina.core.StandardEngineValve.invoke(Standard
> EngineValve.java:87)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd
> apter.java:341)
> at org.apache.coyote.http11.Http11Processor.service(Http11Proce
> ssor.java:783)
> at org.apache.coyote.AbstractProcessorLight.process(AbstractPro
> cessorLight.java:66)
> at org.apache.coyote.AbstractProtocol$ConnectionHandler.
> process(AbstractProtocol.java:798)
> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
> (NioEndpoint.java:1441)
> at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketPro
> cessorBase.java:49)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
> Executor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
> lExecutor.java:617)
> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.
> run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:745)
> ERROR 06-19 12:00:03.191 DefaultExceptionMapper.java 162965 170
> org.apache.wicket.DefaultExceptionMapper [http-nio-0.0.0.0-5080-exec-7] -
> Unexpected error occurred
> java.lang.NullPointerException: null
> at org.apache.openmeetings.db.dao.user.UserDao.verifyPassword(
> UserDao.java:474)
> at org.apache.openmeetings.db.dao.user.UserDao.login(UserDao.java:650)
> at org.apache.openmeetings.db.dao.user.UserDao$$FastClassBySpri
> ngCGLIB$$1492ba5a.invoke(<generated>)
> at org.springframework.cglib.proxy.MethodProxy.invoke(MethodPro
> xy.java:204)
> at org.springframework.aop.framework.CglibAopProxy$CglibMethodI
> nvocation.invokeJoinpoint(CglibAopProxy.java:721)
> at org.springframework.aop.framework.ReflectiveMethodInvocation
> .proceed(ReflectiveMethodInvocation.java:157)
> at org.springframework.transaction.interceptor.TransactionInter
> ceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
> at org.springframework.transaction.interceptor.TransactionAspec
> tSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
> at org.springframework.transaction.interceptor.TransactionInter
> ceptor.invoke(TransactionInterceptor.java:96)
> at org.springframework.aop.framework.ReflectiveMethodInvocation
> .proceed(ReflectiveMethodInvocation.java:179)
> at org.springframework.aop.framework.CglibAopProxy$DynamicAdvis
> edInterceptor.intercept(CglibAopProxy.java:656)
> at org.apache.openmeetings.db.dao.user.UserDao$$EnhancerBySprin
> gCGLIB$$ae5af194.login(<generated>)
> at org.apache.openmeetings.web.app.WebSession.signIn(WebSession
> .java:336)
> at org.apache.openmeetings.web.pages.auth.SignInDialog.onSubmit
> (SignInDialog.java:188)
> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
> alog$DialogFormSubmitter.onSubmit(AbstractFormDialog.java:294)
> at org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.
> java:1248)
> at org.apache.wicket.markup.html.form.Form.process(Form.java:946)
> at org.apache.wicket.markup.html.form.StatelessForm.process(Sta
> telessForm.java:100)
> at org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form
> .java:770)
> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDi
> alog.internalOnClick(AbstractFormDialog.java:215)
> at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractDialog
> $1.onClick(AbstractDialog.java:413)
> at com.googlecode.wicket.jquery.ui.widget.dialog.DialogBehavior
> .onAjax(DialogBehavior.java:188)
> at com.googlecode.wicket.jquery.core.ajax.JQueryAjaxBehavior.re
> spond(JQueryAjaxBehavior.java:173)
> at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest
> (AbstractDefaultAjaxBehavior.java:598)
> at org.apache.wicket.core.request.handler.ListenerRequestHandle
> r.internalInvoke(ListenerRequestHandler.java:308)
> at org.apache.wicket.core.request.handler.ListenerRequestHandle
> r.invoke(ListenerRequestHandler.java:282)
> at org.apache.wicket.core.request.handler.ListenerRequestHandle
> r.invokeListener(ListenerRequestHandler.java:224)
> at org.apache.wicket.core.request.handler.ListenerRequestHandle
> r.respond(ListenerRequestHandler.java:210)
> at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor
> .respond(RequestCycle.java:912)
> at org.apache.wicket.request.RequestHandlerExecutor.execute(Req
> uestHandlerExecutor.java:65)
> at org.apache.wicket.request.cycle.RequestCycle.execute(Request
> Cycle.java:283)
> at org.apache.wicket.request.cycle.RequestCycle.processRequest(
> RequestCycle.java:253)
> at org.apache.wicket.request.cycle.RequestCycle.processRequestA
> ndDetach(RequestCycle.java:221)
> at org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processR
> equestCycle(AbstractUpgradeFilter.java:70)
> at org.apache.wicket.protocol.http.WicketFilter.processRequest(
> WicketFilter.java:204)
> at org.apache.wicket.protocol.http.WicketFilter.doFilter(Wicket
> Filter.java:286)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:192)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
> licationFilterChain.java:165)
> at org.red5.logging.LoggerContextFilter.doFilter(LoggerContextF
> ilter.java:84)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi
> lter(ApplicationFilterChain.java:192)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App
> licationFilterChain.java:165)
> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar
> dWrapperValve.java:198)
> at org.apache.catalina.core.StandardContextValve.invoke(Standar
> dContextValve.java:96)
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A
> uthenticatorBase.java:478)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo
> stValve.java:140)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo
> rtValve.java:80)
> at org.apache.catalina.valves.AbstractAccessLogValve.invoke(Abs
> tractAccessLogValve.java:624)
> at org.apache.catalina.core.StandardEngineValve.invoke(Standard
> EngineValve.java:87)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd
> apter.java:341)
> at org.apache.coyote.http11.Http11Processor.service(Http11Proce
> ssor.java:783)
> at org.apache.coyote.AbstractProcessorLight.process(AbstractPro
> cessorLight.java:66)
> at org.apache.coyote.AbstractProtocol$ConnectionHandler.
> process(AbstractProtocol.java:798)
> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
> (NioEndpoint.java:1441)
> at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketPro
> cessorBase.java:49)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
> Executor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
> lExecutor.java:617)
> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.
> run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:745)
>
> Any Ideas?
>
> Greetings Peter
>
>
> Am 17.06.2017 um 08:15 schrieb Maxim Solodovnik:
>
>> Hello Peter,
>>
>> I have implemented #3
>> http://git-wip-us.apache.org/repos/asf/openmeetings/diff/156bcc79
>> The only difference: Password re-hashing is not being emailed but logged
>> with WARN level
>>
>> Would appreciate if you can test it and let me know your thoughts :)
>>
>> Build 36+ from here:
>> https://builds.apache.org/view/M-R/view/OpenMeetings/job/
>> Openmeetings%203.3.x/
>>
>>
>> On Fri, Jun 16, 2017 at 2:43 PM, Maxim Solodovnik <so...@gmail.com>
>> wrote:
>>
>> Both external and LDAP users would not be affected
>>>
>>> Will try to implement 3) as you have described, looks doable :)
>>> Thanks!
>>>
>>> On Fri, Jun 16, 2017 at 2:34 PM, Peter Dähn <lm...@vcrp.de> wrote:
>>>
>>> Hi Maxim,
>>>>
>>>> We have a lot external user in our system and just a few "real" user. Am
>>>> I right that this doesn't apply to external user or does this case also
>>>> be
>>>> handled?
>>>>
>>>> 1 and 2 wouldn't be my favorites.
>>>>
>>>> I would prefer 3 and has an alternative if 3 isn't possible.
>>>>
>>>> 3) We hat a similar change in our system. They did it in the following
>>>> way.
>>>>
>>>> - user login -> check password with sha256
>>>> - if this doesn't match check password against md5
>>>> - if this match store sha256-hash for further logins and send
>>>> an
>>>> e-mail to that user "Rewrote password for security-reasons. If you
>>>> didin't
>>>> login right now, inform your system-admin" or something like that.
>>>> - if both hashes doesn't match deny login.
>>>>
>>>> This would be the most user-friendly way I think.
>>>>
>>>> 4) Alternatively one could reset all passwords and if a user try to
>>>> login
>>>> with empty password one get a popup "Your password need to renewed. You
>>>> got
>>>> an e-mail". The system sends an e-mail with a link to create a new
>>>> password.
>>>>
>>>> This are out ideas so far.
>>>>
>>>> Greetings Peter
>>>>
>>>>
>>>> Am 14.06.2017 um 09:07 schrieb Maxim Solodovnik:
>>>>
>>>> Sure, have to fix some issues
>>>>> Will try to finish everything until next week-end :)
>>>>> So no rush right now :)
>>>>>
>>>>> My ideas were:
>>>>> 1) Add Admin function "reset all passwords" (not sure how users should
>>>>> be
>>>>> notified on new password in this case)
>>>>> 2) Add Admin function: "Email all users" general email "Please reset
>>>>> your
>>>>> passwords" will be sent to all users
>>>>> 3) Allow login with old password and require user to change it,
>>>>> possible
>>>>> but seems to be tricky
>>>>>
>>>>> Will wait for the results of your discussion :)
>>>>>
>>>>> On Wed, Jun 14, 2017 at 2:00 PM, Peter Dähn <lm...@vcrp.de> wrote:
>>>>>
>>>>> Hi Maxim,
>>>>>
>>>>>> you are right, this point is left....
>>>>>> I think I try to discuss this with a colleague of mine. Maybe we get
>>>>>> an
>>>>>> idea...
>>>>>>
>>>>>> Back later the or most likely on Friday. I hope this is on time.
>>>>>>
>>>>>> Greetings Peter
>>>>>>
>>>>>>
>>>>>> Am 14.06.2017 um 07:43 schrieb Maxim Solodovnik:
>>>>>>
>>>>>> Thanks a lot Peter,
>>>>>>
>>>>>> Now I'm back and ready to help :)
>>>>>>
>>>>>> Would appreciate to hear any thought regarding "soft" changing of
>>>>>> password
>>>>>> hash function
>>>>>>
>>>>>> On Mon, Jun 12, 2017 at 6:40 PM, Peter Dähn <da...@vcrp.de> <
>>>>>> daehn@vcrp.de> wrote:
>>>>>>
>>>>>>
>>>>>> so.. now it is time I think...
>>>>>>
>>>>>> Congratulations! I hope you had a nice wedding and a few relaxing
>>>>>> days...
>>>>>>
>>>>>> Greetings Peter
>>>>>>
>>>>>>
>>>>>> Am 24.05.2017 um 12:03 schrieb Peter Dähn:
>>>>>>
>>>>>>
>>>>>> ok.. then good luck...
>>>>>>
>>>>>> and best wishes when you are back... ;-)
>>>>>>
>>>>>>
>>>>>>
>>>>>> Am 24.05.2017 um 11:57 schrieb Maxim Solodovnik:
>>>>>>
>>>>>>
>>>>>> Thanks :)
>>>>>>
>>>>>> I'll be on vacation for the next 2 weeks, with rare access to the
>>>>>> email
>>>>>> from my phone, so no rush :)
>>>>>>
>>>>>> On Wed, May 24, 2017 at 4:55 PM, Peter Dähn <da...@vcrp.de> <
>>>>>> daehn@vcrp.de> wrote:
>>>>>>
>>>>>> ok.. need to think about it... ;-)
>>>>>>
>>>>>> I will be back in office next week... maybe with "THE IDEA".. or maybe
>>>>>> not... ;-)
>>>>>>
>>>>>> Greetings Peter
>>>>>>
>>>>>> Am 24.05.2017 um 11:21 schrieb Maxim Solodovnik:
>>>>>>
>>>>>> It is all discussible :)
>>>>>>
>>>>>> 3.0.7 still uses MD5CryptImplementation<https:/
>>>>>> /github.com/apache/openmeetings/blob/3.0.x/src/util/
>>>>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java>
>>>>>> <
>>>>>> https://github.com/apache/openmeetings/blob/3.0.x/src/util/
>>>>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java>
>>>>>> which
>>>>>> is not secure at all :(((
>>>>>> We can add back SHA256Implementation<https://g
>>>>>> ithub.com/apache/openmeetings/blob/3.1.x/openmeeti
>>>>>> ngs-util/src/main/java/org/apache/openmeetings/util/
>>>>>> crypt/SHA256Implementation.java> <https://github.com/apache/ope
>>>>>> nmeetings/blob/3.1.x/openmeetings-util/src/main/java/org/apa
>>>>>> che/openmeetings/util/crypt/SHA256Implementation.java>
>>>>>>
>>>>>> (
>>>>>> available since 3.1.x) for compatibility reasons, but I'm afraid there
>>>>>> is
>>>>>> no clean way to perform backup and preserve passwords .....
>>>>>>
>>>>>> I thought maybe we can add "Reset All passwords" admin function, but
>>>>>> it is
>>>>>> totally insecure :(
>>>>>> Any ideas are appreciated :)
>>>>>>
>>>>>> On Wed, May 24, 2017 at 4:15 PM, Peter Dähn <da...@vcrp.de> <
>>>>>> daehn@vcrp.de> wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>>
>>>>>> I think further investigation is not needed. I just didn't see it
>>>>>> before...
>>>>>>
>>>>>> Is this behavior the final state? Then it will be difficult to
>>>>>> update my
>>>>>> installation (3.0.7). This also should the problem with any
>>>>>> installation
>>>>>> before 3.3.0. Isn't it?
>>>>>>
>>>>>> Greetings Peter
>>>>>>
>>>>>> Am 24.05.2017 um 11:07 schrieb Maxim Solodovnik:
>>>>>>
>>>>>> Hello Peter,
>>>>>>
>>>>>>
>>>>>> these debug messages are OK during import (I can perform further
>>>>>> investigation, but I believe this is not an issue)
>>>>>>
>>>>>> Current 4.0.0 contains backported code from 3.3.0 which has stronger
>>>>>> Password rules ...
>>>>>> You were unable to login after restore from backup since Password
>>>>>> Crypt
>>>>>> was
>>>>>> changed to the SCrypt, which is stronger than SHA512 used before
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, May 24, 2017 at 3:50 PM, Peter Dähn <da...@vcrp.de> <
>>>>>> daehn@vcrp.de> wrote:
>>>>>>
>>>>>> I tried to reset the password. I got following message:
>>>>>>
>>>>>> "Weak' password: at least 1 special symbol '!@#$%^&*][' is required"
>>>>>>
>>>>>> Could this be the Problem? I think this shouldn't be like that,
>>>>>> because
>>>>>> there wasn't such restriction before.
>>>>>>
>>>>>> Greetings Peter
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Am 24.05.2017 um 10:21 schrieb Peter Dähn:
>>>>>>
>>>>>> Hi Maxim,
>>>>>>
>>>>>> I wanted to try out html5 video components...
>>>>>>
>>>>>> While importing my backup (worked before) I got a lot of these
>>>>>> messages
>>>>>> below.
>>>>>>
>>>>>> DEBUG 05-24 10:06:49.592 AuthLevelUtil.java 56867 40
>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>> Login ::
>>>>>> [GRANTED]
>>>>>> DEBUG 05-24 10:06:49.601 AuthLevelUtil.java 56876 40
>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>> Login ::
>>>>>> [DENIED]
>>>>>> DEBUG 05-24 10:06:49.609 AuthLevelUtil.java 56884 40
>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>> Login ::
>>>>>> [DENIED]
>>>>>> DEBUG 05-24 10:06:49.615 AuthLevelUtil.java 56890 40
>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>> Login ::
>>>>>> [DENIED]
>>>>>> DEBUG 05-24 10:06:49.622 AuthLevelUtil.java 56897 40
>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>> Login ::
>>>>>> [DENIED]
>>>>>> DEBUG 05-24 10:06:49.629 AuthLevelUtil.java 56904 40
>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>> Login ::
>>>>>> [DENIED]
>>>>>> DEBUG 05-24 10:06:49.636 AuthLevelUtil.java 56911 40
>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>> Login ::
>>>>>> [DENIED]
>>>>>>
>>>>>> I never noticed these ones before. After starting the server, I
>>>>>> couldn't
>>>>>> login with my admin user. "Username/email and/or password are
>>>>>> incorrect."
>>>>>>
>>>>>> Any Ideas?
>>>>>>
>>>>>> Greetings Peter
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> B.Sc. Peter Dähn
>>>>>> Virtueller Campus Rheinland-Pfalz <http://www.vcrp.de/>
>>>>>> Postfach 3049
>>>>>> 67653 Kaiserslautern
>>>>>> Tel: 0631/205-4944
>>>>>> Olat <https://olat.vcrp.de/>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>> B.Sc. Peter Dähn
>>>> Virtueller Campus Rheinland-Pfalz <http://www.vcrp.de/>
>>>> Postfach 3049
>>>> 67653 Kaiserslautern
>>>> Tel: 0631/205-4944
>>>> Olat <https://olat.vcrp.de/>
>>>>
>>>>
>>>
>>> --
>>> WBR
>>> Maxim aka solomax
>>>
>>>
>>
>>
--
WBR
Maxim aka solomax
Re: Error while import backup
Posted by Peter Dähn <da...@vcrp.de>.
Hello Maxim,
checked out fresh 3.3.x code and compiled it.
########################################################
# Openmeetings is up #
# 3.3.0-SNAPSHOT 5889b5beda3299418cf80ee68846ea5ce54ee9ed
2017/06/19 09:33 #
# and ready to use #
########################################################
Import backup works so far, Login ended up in "Internal Error Page".
Belonging Error in the log underneath.
DEBUG 06-19 12:00:03.155 UserDao.java 162929 642
org.apache.openmeetings.db.dao.user.UserDao
[http-nio-0.0.0.0-5080-exec-7] - login:: 1 users were found
DEBUG 06-19 12:00:03.169 CryptProvider.java 162943 36
org.apache.openmeetings.util.crypt.CryptProvider
[http-nio-0.0.0.0-5080-exec-7] - getInstanceOfCrypt::
configKeyCryptClassName:
org.apache.openmeetings.util.crypt.MD5Implementation
ERROR 06-19 12:00:03.174 CryptProvider.java 162948 40
org.apache.openmeetings.util.crypt.CryptProvider
[http-nio-0.0.0.0-5080-exec-7] - [getInstanceOfCrypt]
java.lang.ClassCastException:
org.apache.openmeetings.util.crypt.MD5Implementation cannot be cast to
org.apache.openmeetings.util.crypt.ICrypt
at
org.apache.openmeetings.util.crypt.CryptProvider.get(CryptProvider.java:38)
at
org.apache.openmeetings.db.dao.user.UserDao.verifyPassword(UserDao.java:473)
at org.apache.openmeetings.db.dao.user.UserDao.login(UserDao.java:650)
at
org.apache.openmeetings.db.dao.user.UserDao$$FastClassBySpringCGLIB$$1492ba5a.invoke(<generated>)
at
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:721)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at
org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
at
org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
at
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:656)
at
org.apache.openmeetings.db.dao.user.UserDao$$EnhancerBySpringCGLIB$$ae5af194.login(<generated>)
at
org.apache.openmeetings.web.app.WebSession.signIn(WebSession.java:336)
at
org.apache.openmeetings.web.pages.auth.SignInDialog.onSubmit(SignInDialog.java:188)
at
com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDialog$DialogFormSubmitter.onSubmit(AbstractFormDialog.java:294)
at
org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.java:1248)
at org.apache.wicket.markup.html.form.Form.process(Form.java:946)
at
org.apache.wicket.markup.html.form.StatelessForm.process(StatelessForm.java:100)
at
org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form.java:770)
at
com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDialog.internalOnClick(AbstractFormDialog.java:215)
at
com.googlecode.wicket.jquery.ui.widget.dialog.AbstractDialog$1.onClick(AbstractDialog.java:413)
at
com.googlecode.wicket.jquery.ui.widget.dialog.DialogBehavior.onAjax(DialogBehavior.java:188)
at
com.googlecode.wicket.jquery.core.ajax.JQueryAjaxBehavior.respond(JQueryAjaxBehavior.java:173)
at
org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:598)
at
org.apache.wicket.core.request.handler.ListenerRequestHandler.internalInvoke(ListenerRequestHandler.java:308)
at
org.apache.wicket.core.request.handler.ListenerRequestHandler.invoke(ListenerRequestHandler.java:282)
at
org.apache.wicket.core.request.handler.ListenerRequestHandler.invokeListener(ListenerRequestHandler.java:224)
at
org.apache.wicket.core.request.handler.ListenerRequestHandler.respond(ListenerRequestHandler.java:210)
at
org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:912)
at
org.apache.wicket.request.RequestHandlerExecutor.execute(RequestHandlerExecutor.java:65)
at
org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:283)
at
org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:253)
at
org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:221)
at
org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:70)
at
org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:204)
at
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:286)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.red5.logging.LoggerContextFilter.doFilter(LoggerContextFilter.java:84)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1441)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
ERROR 06-19 12:00:03.191 DefaultExceptionMapper.java 162965 170
org.apache.wicket.DefaultExceptionMapper [http-nio-0.0.0.0-5080-exec-7]
- Unexpected error occurred
java.lang.NullPointerException: null
at
org.apache.openmeetings.db.dao.user.UserDao.verifyPassword(UserDao.java:474)
at org.apache.openmeetings.db.dao.user.UserDao.login(UserDao.java:650)
at
org.apache.openmeetings.db.dao.user.UserDao$$FastClassBySpringCGLIB$$1492ba5a.invoke(<generated>)
at
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:721)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at
org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
at
org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
at
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:656)
at
org.apache.openmeetings.db.dao.user.UserDao$$EnhancerBySpringCGLIB$$ae5af194.login(<generated>)
at
org.apache.openmeetings.web.app.WebSession.signIn(WebSession.java:336)
at
org.apache.openmeetings.web.pages.auth.SignInDialog.onSubmit(SignInDialog.java:188)
at
com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDialog$DialogFormSubmitter.onSubmit(AbstractFormDialog.java:294)
at
org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.java:1248)
at org.apache.wicket.markup.html.form.Form.process(Form.java:946)
at
org.apache.wicket.markup.html.form.StatelessForm.process(StatelessForm.java:100)
at
org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form.java:770)
at
com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDialog.internalOnClick(AbstractFormDialog.java:215)
at
com.googlecode.wicket.jquery.ui.widget.dialog.AbstractDialog$1.onClick(AbstractDialog.java:413)
at
com.googlecode.wicket.jquery.ui.widget.dialog.DialogBehavior.onAjax(DialogBehavior.java:188)
at
com.googlecode.wicket.jquery.core.ajax.JQueryAjaxBehavior.respond(JQueryAjaxBehavior.java:173)
at
org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:598)
at
org.apache.wicket.core.request.handler.ListenerRequestHandler.internalInvoke(ListenerRequestHandler.java:308)
at
org.apache.wicket.core.request.handler.ListenerRequestHandler.invoke(ListenerRequestHandler.java:282)
at
org.apache.wicket.core.request.handler.ListenerRequestHandler.invokeListener(ListenerRequestHandler.java:224)
at
org.apache.wicket.core.request.handler.ListenerRequestHandler.respond(ListenerRequestHandler.java:210)
at
org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:912)
at
org.apache.wicket.request.RequestHandlerExecutor.execute(RequestHandlerExecutor.java:65)
at
org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:283)
at
org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:253)
at
org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:221)
at
org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:70)
at
org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:204)
at
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:286)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.red5.logging.LoggerContextFilter.doFilter(LoggerContextFilter.java:84)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1441)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Any Ideas?
Greetings Peter
Am 17.06.2017 um 08:15 schrieb Maxim Solodovnik:
> Hello Peter,
>
> I have implemented #3
> http://git-wip-us.apache.org/repos/asf/openmeetings/diff/156bcc79
> The only difference: Password re-hashing is not being emailed but logged
> with WARN level
>
> Would appreciate if you can test it and let me know your thoughts :)
>
> Build 36+ from here:
> https://builds.apache.org/view/M-R/view/OpenMeetings/job/Openmeetings%203.3.x/
>
>
> On Fri, Jun 16, 2017 at 2:43 PM, Maxim Solodovnik <so...@gmail.com>
> wrote:
>
>> Both external and LDAP users would not be affected
>>
>> Will try to implement 3) as you have described, looks doable :)
>> Thanks!
>>
>> On Fri, Jun 16, 2017 at 2:34 PM, Peter Dähn <lm...@vcrp.de> wrote:
>>
>>> Hi Maxim,
>>>
>>> We have a lot external user in our system and just a few "real" user. Am
>>> I right that this doesn't apply to external user or does this case also be
>>> handled?
>>>
>>> 1 and 2 wouldn't be my favorites.
>>>
>>> I would prefer 3 and has an alternative if 3 isn't possible.
>>>
>>> 3) We hat a similar change in our system. They did it in the following
>>> way.
>>>
>>> - user login -> check password with sha256
>>> - if this doesn't match check password against md5
>>> - if this match store sha256-hash for further logins and send an
>>> e-mail to that user "Rewrote password for security-reasons. If you didin't
>>> login right now, inform your system-admin" or something like that.
>>> - if both hashes doesn't match deny login.
>>>
>>> This would be the most user-friendly way I think.
>>>
>>> 4) Alternatively one could reset all passwords and if a user try to login
>>> with empty password one get a popup "Your password need to renewed. You got
>>> an e-mail". The system sends an e-mail with a link to create a new password.
>>>
>>> This are out ideas so far.
>>>
>>> Greetings Peter
>>>
>>>
>>> Am 14.06.2017 um 09:07 schrieb Maxim Solodovnik:
>>>
>>>> Sure, have to fix some issues
>>>> Will try to finish everything until next week-end :)
>>>> So no rush right now :)
>>>>
>>>> My ideas were:
>>>> 1) Add Admin function "reset all passwords" (not sure how users should be
>>>> notified on new password in this case)
>>>> 2) Add Admin function: "Email all users" general email "Please reset your
>>>> passwords" will be sent to all users
>>>> 3) Allow login with old password and require user to change it, possible
>>>> but seems to be tricky
>>>>
>>>> Will wait for the results of your discussion :)
>>>>
>>>> On Wed, Jun 14, 2017 at 2:00 PM, Peter Dähn <lm...@vcrp.de> wrote:
>>>>
>>>> Hi Maxim,
>>>>> you are right, this point is left....
>>>>> I think I try to discuss this with a colleague of mine. Maybe we get an
>>>>> idea...
>>>>>
>>>>> Back later the or most likely on Friday. I hope this is on time.
>>>>>
>>>>> Greetings Peter
>>>>>
>>>>>
>>>>> Am 14.06.2017 um 07:43 schrieb Maxim Solodovnik:
>>>>>
>>>>> Thanks a lot Peter,
>>>>>
>>>>> Now I'm back and ready to help :)
>>>>>
>>>>> Would appreciate to hear any thought regarding "soft" changing of
>>>>> password
>>>>> hash function
>>>>>
>>>>> On Mon, Jun 12, 2017 at 6:40 PM, Peter Dähn <da...@vcrp.de> <
>>>>> daehn@vcrp.de> wrote:
>>>>>
>>>>>
>>>>> so.. now it is time I think...
>>>>>
>>>>> Congratulations! I hope you had a nice wedding and a few relaxing
>>>>> days...
>>>>>
>>>>> Greetings Peter
>>>>>
>>>>>
>>>>> Am 24.05.2017 um 12:03 schrieb Peter Dähn:
>>>>>
>>>>>
>>>>> ok.. then good luck...
>>>>>
>>>>> and best wishes when you are back... ;-)
>>>>>
>>>>>
>>>>>
>>>>> Am 24.05.2017 um 11:57 schrieb Maxim Solodovnik:
>>>>>
>>>>>
>>>>> Thanks :)
>>>>>
>>>>> I'll be on vacation for the next 2 weeks, with rare access to the email
>>>>> from my phone, so no rush :)
>>>>>
>>>>> On Wed, May 24, 2017 at 4:55 PM, Peter Dähn <da...@vcrp.de> <
>>>>> daehn@vcrp.de> wrote:
>>>>>
>>>>> ok.. need to think about it... ;-)
>>>>>
>>>>> I will be back in office next week... maybe with "THE IDEA".. or maybe
>>>>> not... ;-)
>>>>>
>>>>> Greetings Peter
>>>>>
>>>>> Am 24.05.2017 um 11:21 schrieb Maxim Solodovnik:
>>>>>
>>>>> It is all discussible :)
>>>>>
>>>>> 3.0.7 still uses MD5CryptImplementation<https:/
>>>>> /github.com/apache/openmeetings/blob/3.0.x/src/util/
>>>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java> <
>>>>> https://github.com/apache/openmeetings/blob/3.0.x/src/util/
>>>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java>
>>>>> which
>>>>> is not secure at all :(((
>>>>> We can add back SHA256Implementation<https://g
>>>>> ithub.com/apache/openmeetings/blob/3.1.x/openmeeti
>>>>> ngs-util/src/main/java/org/apache/openmeetings/util/
>>>>> crypt/SHA256Implementation.java> <https://github.com/apache/ope
>>>>> nmeetings/blob/3.1.x/openmeetings-util/src/main/java/org/apa
>>>>> che/openmeetings/util/crypt/SHA256Implementation.java>
>>>>>
>>>>> (
>>>>> available since 3.1.x) for compatibility reasons, but I'm afraid there
>>>>> is
>>>>> no clean way to perform backup and preserve passwords .....
>>>>>
>>>>> I thought maybe we can add "Reset All passwords" admin function, but
>>>>> it is
>>>>> totally insecure :(
>>>>> Any ideas are appreciated :)
>>>>>
>>>>> On Wed, May 24, 2017 at 4:15 PM, Peter Dähn <da...@vcrp.de> <
>>>>> daehn@vcrp.de> wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>>
>>>>> I think further investigation is not needed. I just didn't see it
>>>>> before...
>>>>>
>>>>> Is this behavior the final state? Then it will be difficult to
>>>>> update my
>>>>> installation (3.0.7). This also should the problem with any
>>>>> installation
>>>>> before 3.3.0. Isn't it?
>>>>>
>>>>> Greetings Peter
>>>>>
>>>>> Am 24.05.2017 um 11:07 schrieb Maxim Solodovnik:
>>>>>
>>>>> Hello Peter,
>>>>>
>>>>>
>>>>> these debug messages are OK during import (I can perform further
>>>>> investigation, but I believe this is not an issue)
>>>>>
>>>>> Current 4.0.0 contains backported code from 3.3.0 which has stronger
>>>>> Password rules ...
>>>>> You were unable to login after restore from backup since Password
>>>>> Crypt
>>>>> was
>>>>> changed to the SCrypt, which is stronger than SHA512 used before
>>>>>
>>>>>
>>>>>
>>>>> On Wed, May 24, 2017 at 3:50 PM, Peter Dähn <da...@vcrp.de> <
>>>>> daehn@vcrp.de> wrote:
>>>>>
>>>>> I tried to reset the password. I got following message:
>>>>>
>>>>> "Weak' password: at least 1 special symbol '!@#$%^&*][' is required"
>>>>>
>>>>> Could this be the Problem? I think this shouldn't be like that,
>>>>> because
>>>>> there wasn't such restriction before.
>>>>>
>>>>> Greetings Peter
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Am 24.05.2017 um 10:21 schrieb Peter Dähn:
>>>>>
>>>>> Hi Maxim,
>>>>>
>>>>> I wanted to try out html5 video components...
>>>>>
>>>>> While importing my backup (worked before) I got a lot of these
>>>>> messages
>>>>> below.
>>>>>
>>>>> DEBUG 05-24 10:06:49.592 AuthLevelUtil.java 56867 40
>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>> Login ::
>>>>> [GRANTED]
>>>>> DEBUG 05-24 10:06:49.601 AuthLevelUtil.java 56876 40
>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>> Login ::
>>>>> [DENIED]
>>>>> DEBUG 05-24 10:06:49.609 AuthLevelUtil.java 56884 40
>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>> Login ::
>>>>> [DENIED]
>>>>> DEBUG 05-24 10:06:49.615 AuthLevelUtil.java 56890 40
>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>> Login ::
>>>>> [DENIED]
>>>>> DEBUG 05-24 10:06:49.622 AuthLevelUtil.java 56897 40
>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>> Login ::
>>>>> [DENIED]
>>>>> DEBUG 05-24 10:06:49.629 AuthLevelUtil.java 56904 40
>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>> Login ::
>>>>> [DENIED]
>>>>> DEBUG 05-24 10:06:49.636 AuthLevelUtil.java 56911 40
>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>> Login ::
>>>>> [DENIED]
>>>>>
>>>>> I never noticed these ones before. After starting the server, I
>>>>> couldn't
>>>>> login with my admin user. "Username/email and/or password are
>>>>> incorrect."
>>>>>
>>>>> Any Ideas?
>>>>>
>>>>> Greetings Peter
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> B.Sc. Peter Dähn
>>>>> Virtueller Campus Rheinland-Pfalz <http://www.vcrp.de/>
>>>>> Postfach 3049
>>>>> 67653 Kaiserslautern
>>>>> Tel: 0631/205-4944
>>>>> Olat <https://olat.vcrp.de/>
>>>>>
>>>>>
>>>>
>>>>
>>> --
>>> B.Sc. Peter Dähn
>>> Virtueller Campus Rheinland-Pfalz <http://www.vcrp.de/>
>>> Postfach 3049
>>> 67653 Kaiserslautern
>>> Tel: 0631/205-4944
>>> Olat <https://olat.vcrp.de/>
>>>
>>
>>
>> --
>> WBR
>> Maxim aka solomax
>>
>
>
Re: Error while import backup
Posted by Maxim Solodovnik <so...@gmail.com>.
Hello Peter,
I have implemented #3
http://git-wip-us.apache.org/repos/asf/openmeetings/diff/156bcc79
The only difference: Password re-hashing is not being emailed but logged
with WARN level
Would appreciate if you can test it and let me know your thoughts :)
Build 36+ from here:
https://builds.apache.org/view/M-R/view/OpenMeetings/job/Openmeetings%203.3.x/
On Fri, Jun 16, 2017 at 2:43 PM, Maxim Solodovnik <so...@gmail.com>
wrote:
> Both external and LDAP users would not be affected
>
> Will try to implement 3) as you have described, looks doable :)
> Thanks!
>
> On Fri, Jun 16, 2017 at 2:34 PM, Peter Dähn <lm...@vcrp.de> wrote:
>
>> Hi Maxim,
>>
>> We have a lot external user in our system and just a few "real" user. Am
>> I right that this doesn't apply to external user or does this case also be
>> handled?
>>
>> 1 and 2 wouldn't be my favorites.
>>
>> I would prefer 3 and has an alternative if 3 isn't possible.
>>
>> 3) We hat a similar change in our system. They did it in the following
>> way.
>>
>> - user login -> check password with sha256
>> - if this doesn't match check password against md5
>> - if this match store sha256-hash for further logins and send an
>> e-mail to that user "Rewrote password for security-reasons. If you didin't
>> login right now, inform your system-admin" or something like that.
>> - if both hashes doesn't match deny login.
>>
>> This would be the most user-friendly way I think.
>>
>> 4) Alternatively one could reset all passwords and if a user try to login
>> with empty password one get a popup "Your password need to renewed. You got
>> an e-mail". The system sends an e-mail with a link to create a new password.
>>
>> This are out ideas so far.
>>
>> Greetings Peter
>>
>>
>> Am 14.06.2017 um 09:07 schrieb Maxim Solodovnik:
>>
>>> Sure, have to fix some issues
>>> Will try to finish everything until next week-end :)
>>> So no rush right now :)
>>>
>>> My ideas were:
>>> 1) Add Admin function "reset all passwords" (not sure how users should be
>>> notified on new password in this case)
>>> 2) Add Admin function: "Email all users" general email "Please reset your
>>> passwords" will be sent to all users
>>> 3) Allow login with old password and require user to change it, possible
>>> but seems to be tricky
>>>
>>> Will wait for the results of your discussion :)
>>>
>>> On Wed, Jun 14, 2017 at 2:00 PM, Peter Dähn <lm...@vcrp.de> wrote:
>>>
>>> Hi Maxim,
>>>>
>>>> you are right, this point is left....
>>>> I think I try to discuss this with a colleague of mine. Maybe we get an
>>>> idea...
>>>>
>>>> Back later the or most likely on Friday. I hope this is on time.
>>>>
>>>> Greetings Peter
>>>>
>>>>
>>>> Am 14.06.2017 um 07:43 schrieb Maxim Solodovnik:
>>>>
>>>> Thanks a lot Peter,
>>>>
>>>> Now I'm back and ready to help :)
>>>>
>>>> Would appreciate to hear any thought regarding "soft" changing of
>>>> password
>>>> hash function
>>>>
>>>> On Mon, Jun 12, 2017 at 6:40 PM, Peter Dähn <da...@vcrp.de> <
>>>> daehn@vcrp.de> wrote:
>>>>
>>>>
>>>> so.. now it is time I think...
>>>>
>>>> Congratulations! I hope you had a nice wedding and a few relaxing
>>>> days...
>>>>
>>>> Greetings Peter
>>>>
>>>>
>>>> Am 24.05.2017 um 12:03 schrieb Peter Dähn:
>>>>
>>>>
>>>> ok.. then good luck...
>>>>
>>>> and best wishes when you are back... ;-)
>>>>
>>>>
>>>>
>>>> Am 24.05.2017 um 11:57 schrieb Maxim Solodovnik:
>>>>
>>>>
>>>> Thanks :)
>>>>
>>>> I'll be on vacation for the next 2 weeks, with rare access to the email
>>>> from my phone, so no rush :)
>>>>
>>>> On Wed, May 24, 2017 at 4:55 PM, Peter Dähn <da...@vcrp.de> <
>>>> daehn@vcrp.de> wrote:
>>>>
>>>> ok.. need to think about it... ;-)
>>>>
>>>> I will be back in office next week... maybe with "THE IDEA".. or maybe
>>>> not... ;-)
>>>>
>>>> Greetings Peter
>>>>
>>>> Am 24.05.2017 um 11:21 schrieb Maxim Solodovnik:
>>>>
>>>> It is all discussible :)
>>>>
>>>> 3.0.7 still uses MD5CryptImplementation<https:/
>>>> /github.com/apache/openmeetings/blob/3.0.x/src/util/
>>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java> <
>>>> https://github.com/apache/openmeetings/blob/3.0.x/src/util/
>>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java>
>>>> which
>>>> is not secure at all :(((
>>>> We can add back SHA256Implementation<https://g
>>>> ithub.com/apache/openmeetings/blob/3.1.x/openmeeti
>>>> ngs-util/src/main/java/org/apache/openmeetings/util/
>>>> crypt/SHA256Implementation.java> <https://github.com/apache/ope
>>>> nmeetings/blob/3.1.x/openmeetings-util/src/main/java/org/apa
>>>> che/openmeetings/util/crypt/SHA256Implementation.java>
>>>>
>>>> (
>>>> available since 3.1.x) for compatibility reasons, but I'm afraid there
>>>> is
>>>> no clean way to perform backup and preserve passwords .....
>>>>
>>>> I thought maybe we can add "Reset All passwords" admin function, but
>>>> it is
>>>> totally insecure :(
>>>> Any ideas are appreciated :)
>>>>
>>>> On Wed, May 24, 2017 at 4:15 PM, Peter Dähn <da...@vcrp.de> <
>>>> daehn@vcrp.de> wrote:
>>>>
>>>> Hi,
>>>>
>>>>
>>>> I think further investigation is not needed. I just didn't see it
>>>> before...
>>>>
>>>> Is this behavior the final state? Then it will be difficult to
>>>> update my
>>>> installation (3.0.7). This also should the problem with any
>>>> installation
>>>> before 3.3.0. Isn't it?
>>>>
>>>> Greetings Peter
>>>>
>>>> Am 24.05.2017 um 11:07 schrieb Maxim Solodovnik:
>>>>
>>>> Hello Peter,
>>>>
>>>>
>>>> these debug messages are OK during import (I can perform further
>>>> investigation, but I believe this is not an issue)
>>>>
>>>> Current 4.0.0 contains backported code from 3.3.0 which has stronger
>>>> Password rules ...
>>>> You were unable to login after restore from backup since Password
>>>> Crypt
>>>> was
>>>> changed to the SCrypt, which is stronger than SHA512 used before
>>>>
>>>>
>>>>
>>>> On Wed, May 24, 2017 at 3:50 PM, Peter Dähn <da...@vcrp.de> <
>>>> daehn@vcrp.de> wrote:
>>>>
>>>> I tried to reset the password. I got following message:
>>>>
>>>> "Weak' password: at least 1 special symbol '!@#$%^&*][' is required"
>>>>
>>>> Could this be the Problem? I think this shouldn't be like that,
>>>> because
>>>> there wasn't such restriction before.
>>>>
>>>> Greetings Peter
>>>>
>>>>
>>>>
>>>>
>>>> Am 24.05.2017 um 10:21 schrieb Peter Dähn:
>>>>
>>>> Hi Maxim,
>>>>
>>>> I wanted to try out html5 video components...
>>>>
>>>> While importing my backup (worked before) I got a lot of these
>>>> messages
>>>> below.
>>>>
>>>> DEBUG 05-24 10:06:49.592 AuthLevelUtil.java 56867 40
>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>> Login ::
>>>> [GRANTED]
>>>> DEBUG 05-24 10:06:49.601 AuthLevelUtil.java 56876 40
>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>> Login ::
>>>> [DENIED]
>>>> DEBUG 05-24 10:06:49.609 AuthLevelUtil.java 56884 40
>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>> Login ::
>>>> [DENIED]
>>>> DEBUG 05-24 10:06:49.615 AuthLevelUtil.java 56890 40
>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>> Login ::
>>>> [DENIED]
>>>> DEBUG 05-24 10:06:49.622 AuthLevelUtil.java 56897 40
>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>> Login ::
>>>> [DENIED]
>>>> DEBUG 05-24 10:06:49.629 AuthLevelUtil.java 56904 40
>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>> Login ::
>>>> [DENIED]
>>>> DEBUG 05-24 10:06:49.636 AuthLevelUtil.java 56911 40
>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>> Login ::
>>>> [DENIED]
>>>>
>>>> I never noticed these ones before. After starting the server, I
>>>> couldn't
>>>> login with my admin user. "Username/email and/or password are
>>>> incorrect."
>>>>
>>>> Any Ideas?
>>>>
>>>> Greetings Peter
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> B.Sc. Peter Dähn
>>>> Virtueller Campus Rheinland-Pfalz <http://www.vcrp.de/>
>>>> Postfach 3049
>>>> 67653 Kaiserslautern
>>>> Tel: 0631/205-4944
>>>> Olat <https://olat.vcrp.de/>
>>>>
>>>>
>>>
>>>
>>>
>> --
>> B.Sc. Peter Dähn
>> Virtueller Campus Rheinland-Pfalz <http://www.vcrp.de/>
>> Postfach 3049
>> 67653 Kaiserslautern
>> Tel: 0631/205-4944
>> Olat <https://olat.vcrp.de/>
>>
>
>
>
> --
> WBR
> Maxim aka solomax
>
--
WBR
Maxim aka solomax
Re: Error while import backup
Posted by Maxim Solodovnik <so...@gmail.com>.
Both external and LDAP users would not be affected
Will try to implement 3) as you have described, looks doable :)
Thanks!
On Fri, Jun 16, 2017 at 2:34 PM, Peter Dähn <lm...@vcrp.de> wrote:
> Hi Maxim,
>
> We have a lot external user in our system and just a few "real" user. Am I
> right that this doesn't apply to external user or does this case also be
> handled?
>
> 1 and 2 wouldn't be my favorites.
>
> I would prefer 3 and has an alternative if 3 isn't possible.
>
> 3) We hat a similar change in our system. They did it in the following way.
>
> - user login -> check password with sha256
> - if this doesn't match check password against md5
> - if this match store sha256-hash for further logins and send an
> e-mail to that user "Rewrote password for security-reasons. If you didin't
> login right now, inform your system-admin" or something like that.
> - if both hashes doesn't match deny login.
>
> This would be the most user-friendly way I think.
>
> 4) Alternatively one could reset all passwords and if a user try to login
> with empty password one get a popup "Your password need to renewed. You got
> an e-mail". The system sends an e-mail with a link to create a new password.
>
> This are out ideas so far.
>
> Greetings Peter
>
>
> Am 14.06.2017 um 09:07 schrieb Maxim Solodovnik:
>
>> Sure, have to fix some issues
>> Will try to finish everything until next week-end :)
>> So no rush right now :)
>>
>> My ideas were:
>> 1) Add Admin function "reset all passwords" (not sure how users should be
>> notified on new password in this case)
>> 2) Add Admin function: "Email all users" general email "Please reset your
>> passwords" will be sent to all users
>> 3) Allow login with old password and require user to change it, possible
>> but seems to be tricky
>>
>> Will wait for the results of your discussion :)
>>
>> On Wed, Jun 14, 2017 at 2:00 PM, Peter Dähn <lm...@vcrp.de> wrote:
>>
>> Hi Maxim,
>>>
>>> you are right, this point is left....
>>> I think I try to discuss this with a colleague of mine. Maybe we get an
>>> idea...
>>>
>>> Back later the or most likely on Friday. I hope this is on time.
>>>
>>> Greetings Peter
>>>
>>>
>>> Am 14.06.2017 um 07:43 schrieb Maxim Solodovnik:
>>>
>>> Thanks a lot Peter,
>>>
>>> Now I'm back and ready to help :)
>>>
>>> Would appreciate to hear any thought regarding "soft" changing of
>>> password
>>> hash function
>>>
>>> On Mon, Jun 12, 2017 at 6:40 PM, Peter Dähn <da...@vcrp.de> <
>>> daehn@vcrp.de> wrote:
>>>
>>>
>>> so.. now it is time I think...
>>>
>>> Congratulations! I hope you had a nice wedding and a few relaxing days...
>>>
>>> Greetings Peter
>>>
>>>
>>> Am 24.05.2017 um 12:03 schrieb Peter Dähn:
>>>
>>>
>>> ok.. then good luck...
>>>
>>> and best wishes when you are back... ;-)
>>>
>>>
>>>
>>> Am 24.05.2017 um 11:57 schrieb Maxim Solodovnik:
>>>
>>>
>>> Thanks :)
>>>
>>> I'll be on vacation for the next 2 weeks, with rare access to the email
>>> from my phone, so no rush :)
>>>
>>> On Wed, May 24, 2017 at 4:55 PM, Peter Dähn <da...@vcrp.de> <
>>> daehn@vcrp.de> wrote:
>>>
>>> ok.. need to think about it... ;-)
>>>
>>> I will be back in office next week... maybe with "THE IDEA".. or maybe
>>> not... ;-)
>>>
>>> Greetings Peter
>>>
>>> Am 24.05.2017 um 11:21 schrieb Maxim Solodovnik:
>>>
>>> It is all discussible :)
>>>
>>> 3.0.7 still uses MD5CryptImplementation<https:/
>>> /github.com/apache/openmeetings/blob/3.0.x/src/util/
>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java> <
>>> https://github.com/apache/openmeetings/blob/3.0.x/src/util/
>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java>
>>> which
>>> is not secure at all :(((
>>> We can add back SHA256Implementation<https://g
>>> ithub.com/apache/openmeetings/blob/3.1.x/openmeeti
>>> ngs-util/src/main/java/org/apache/openmeetings/util/
>>> crypt/SHA256Implementation.java> <https://github.com/apache/ope
>>> nmeetings/blob/3.1.x/openmeetings-util/src/main/java/org/
>>> apache/openmeetings/util/crypt/SHA256Implementation.java>
>>>
>>> (
>>> available since 3.1.x) for compatibility reasons, but I'm afraid there
>>> is
>>> no clean way to perform backup and preserve passwords .....
>>>
>>> I thought maybe we can add "Reset All passwords" admin function, but
>>> it is
>>> totally insecure :(
>>> Any ideas are appreciated :)
>>>
>>> On Wed, May 24, 2017 at 4:15 PM, Peter Dähn <da...@vcrp.de> <
>>> daehn@vcrp.de> wrote:
>>>
>>> Hi,
>>>
>>>
>>> I think further investigation is not needed. I just didn't see it
>>> before...
>>>
>>> Is this behavior the final state? Then it will be difficult to
>>> update my
>>> installation (3.0.7). This also should the problem with any
>>> installation
>>> before 3.3.0. Isn't it?
>>>
>>> Greetings Peter
>>>
>>> Am 24.05.2017 um 11:07 schrieb Maxim Solodovnik:
>>>
>>> Hello Peter,
>>>
>>>
>>> these debug messages are OK during import (I can perform further
>>> investigation, but I believe this is not an issue)
>>>
>>> Current 4.0.0 contains backported code from 3.3.0 which has stronger
>>> Password rules ...
>>> You were unable to login after restore from backup since Password
>>> Crypt
>>> was
>>> changed to the SCrypt, which is stronger than SHA512 used before
>>>
>>>
>>>
>>> On Wed, May 24, 2017 at 3:50 PM, Peter Dähn <da...@vcrp.de> <
>>> daehn@vcrp.de> wrote:
>>>
>>> I tried to reset the password. I got following message:
>>>
>>> "Weak' password: at least 1 special symbol '!@#$%^&*][' is required"
>>>
>>> Could this be the Problem? I think this shouldn't be like that,
>>> because
>>> there wasn't such restriction before.
>>>
>>> Greetings Peter
>>>
>>>
>>>
>>>
>>> Am 24.05.2017 um 10:21 schrieb Peter Dähn:
>>>
>>> Hi Maxim,
>>>
>>> I wanted to try out html5 video components...
>>>
>>> While importing my backup (worked before) I got a lot of these
>>> messages
>>> below.
>>>
>>> DEBUG 05-24 10:06:49.592 AuthLevelUtil.java 56867 40
>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>> Login ::
>>> [GRANTED]
>>> DEBUG 05-24 10:06:49.601 AuthLevelUtil.java 56876 40
>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>> Login ::
>>> [DENIED]
>>> DEBUG 05-24 10:06:49.609 AuthLevelUtil.java 56884 40
>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>> Login ::
>>> [DENIED]
>>> DEBUG 05-24 10:06:49.615 AuthLevelUtil.java 56890 40
>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>> Login ::
>>> [DENIED]
>>> DEBUG 05-24 10:06:49.622 AuthLevelUtil.java 56897 40
>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>> Login ::
>>> [DENIED]
>>> DEBUG 05-24 10:06:49.629 AuthLevelUtil.java 56904 40
>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>> Login ::
>>> [DENIED]
>>> DEBUG 05-24 10:06:49.636 AuthLevelUtil.java 56911 40
>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>> Login ::
>>> [DENIED]
>>>
>>> I never noticed these ones before. After starting the server, I
>>> couldn't
>>> login with my admin user. "Username/email and/or password are
>>> incorrect."
>>>
>>> Any Ideas?
>>>
>>> Greetings Peter
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>> B.Sc. Peter Dähn
>>> Virtueller Campus Rheinland-Pfalz <http://www.vcrp.de/>
>>> Postfach 3049
>>> 67653 Kaiserslautern
>>> Tel: 0631/205-4944
>>> Olat <https://olat.vcrp.de/>
>>>
>>>
>>
>>
>>
> --
> B.Sc. Peter Dähn
> Virtueller Campus Rheinland-Pfalz <http://www.vcrp.de/>
> Postfach 3049
> 67653 Kaiserslautern
> Tel: 0631/205-4944
> Olat <https://olat.vcrp.de/>
>
--
WBR
Maxim aka solomax
Re: Error while import backup
Posted by Maxim Solodovnik <so...@gmail.com>.
Sure, have to fix some issues
Will try to finish everything until next week-end :)
So no rush right now :)
My ideas were:
1) Add Admin function "reset all passwords" (not sure how users should be
notified on new password in this case)
2) Add Admin function: "Email all users" general email "Please reset your
passwords" will be sent to all users
3) Allow login with old password and require user to change it, possible
but seems to be tricky
Will wait for the results of your discussion :)
On Wed, Jun 14, 2017 at 2:00 PM, Peter Dähn <lm...@vcrp.de> wrote:
> Hi Maxim,
>
> you are right, this point is left....
> I think I try to discuss this with a colleague of mine. Maybe we get an
> idea...
>
> Back later the or most likely on Friday. I hope this is on time.
>
> Greetings Peter
>
>
> Am 14.06.2017 um 07:43 schrieb Maxim Solodovnik:
>
> Thanks a lot Peter,
>
> Now I'm back and ready to help :)
>
> Would appreciate to hear any thought regarding "soft" changing of password
> hash function
>
> On Mon, Jun 12, 2017 at 6:40 PM, Peter Dähn <da...@vcrp.de> <da...@vcrp.de> wrote:
>
>
> so.. now it is time I think...
>
> Congratulations! I hope you had a nice wedding and a few relaxing days...
>
> Greetings Peter
>
>
> Am 24.05.2017 um 12:03 schrieb Peter Dähn:
>
>
> ok.. then good luck...
>
> and best wishes when you are back... ;-)
>
>
>
> Am 24.05.2017 um 11:57 schrieb Maxim Solodovnik:
>
>
> Thanks :)
>
> I'll be on vacation for the next 2 weeks, with rare access to the email
> from my phone, so no rush :)
>
> On Wed, May 24, 2017 at 4:55 PM, Peter Dähn <da...@vcrp.de> <da...@vcrp.de> wrote:
>
> ok.. need to think about it... ;-)
>
> I will be back in office next week... maybe with "THE IDEA".. or maybe
> not... ;-)
>
> Greetings Peter
>
> Am 24.05.2017 um 11:21 schrieb Maxim Solodovnik:
>
> It is all discussible :)
>
> 3.0.7 still uses MD5CryptImplementation<https://github.com/apache/openmeetings/blob/3.0.x/src/util/
> java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java> <https://github.com/apache/openmeetings/blob/3.0.x/src/util/java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java>
> which
> is not secure at all :(((
> We can add back SHA256Implementation<https://github.com/apache/openmeetings/blob/3.1.x/openmeeti
> ngs-util/src/main/java/org/apache/openmeetings/util/
> crypt/SHA256Implementation.java> <https://github.com/apache/openmeetings/blob/3.1.x/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SHA256Implementation.java>
>
> (
> available since 3.1.x) for compatibility reasons, but I'm afraid there
> is
> no clean way to perform backup and preserve passwords .....
>
> I thought maybe we can add "Reset All passwords" admin function, but
> it is
> totally insecure :(
> Any ideas are appreciated :)
>
> On Wed, May 24, 2017 at 4:15 PM, Peter Dähn <da...@vcrp.de> <da...@vcrp.de> wrote:
>
> Hi,
>
>
> I think further investigation is not needed. I just didn't see it
> before...
>
> Is this behavior the final state? Then it will be difficult to
> update my
> installation (3.0.7). This also should the problem with any
> installation
> before 3.3.0. Isn't it?
>
> Greetings Peter
>
> Am 24.05.2017 um 11:07 schrieb Maxim Solodovnik:
>
> Hello Peter,
>
>
> these debug messages are OK during import (I can perform further
> investigation, but I believe this is not an issue)
>
> Current 4.0.0 contains backported code from 3.3.0 which has stronger
> Password rules ...
> You were unable to login after restore from backup since Password
> Crypt
> was
> changed to the SCrypt, which is stronger than SHA512 used before
>
>
>
> On Wed, May 24, 2017 at 3:50 PM, Peter Dähn <da...@vcrp.de> <da...@vcrp.de> wrote:
>
> I tried to reset the password. I got following message:
>
> "Weak' password: at least 1 special symbol '!@#$%^&*][' is required"
>
> Could this be the Problem? I think this shouldn't be like that,
> because
> there wasn't such restriction before.
>
> Greetings Peter
>
>
>
>
> Am 24.05.2017 um 10:21 schrieb Peter Dähn:
>
> Hi Maxim,
>
> I wanted to try out html5 video components...
>
> While importing my backup (worked before) I got a lot of these
> messages
> below.
>
> DEBUG 05-24 10:06:49.592 AuthLevelUtil.java 56867 40
> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
> Login ::
> [GRANTED]
> DEBUG 05-24 10:06:49.601 AuthLevelUtil.java 56876 40
> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
> Login ::
> [DENIED]
> DEBUG 05-24 10:06:49.609 AuthLevelUtil.java 56884 40
> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
> Login ::
> [DENIED]
> DEBUG 05-24 10:06:49.615 AuthLevelUtil.java 56890 40
> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
> Login ::
> [DENIED]
> DEBUG 05-24 10:06:49.622 AuthLevelUtil.java 56897 40
> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
> Login ::
> [DENIED]
> DEBUG 05-24 10:06:49.629 AuthLevelUtil.java 56904 40
> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
> Login ::
> [DENIED]
> DEBUG 05-24 10:06:49.636 AuthLevelUtil.java 56911 40
> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
> Login ::
> [DENIED]
>
> I never noticed these ones before. After starting the server, I
> couldn't
> login with my admin user. "Username/email and/or password are
> incorrect."
>
> Any Ideas?
>
> Greetings Peter
>
>
>
>
>
>
>
>
>
> --
> B.Sc. Peter Dähn
> Virtueller Campus Rheinland-Pfalz <http://www.vcrp.de/>
> Postfach 3049
> 67653 Kaiserslautern
> Tel: 0631/205-4944
> Olat <https://olat.vcrp.de/>
>
--
WBR
Maxim aka solomax
Re: Error while import backup
Posted by Maxim Solodovnik <so...@gmail.com>.
Thanks a lot Peter,
Now I'm back and ready to help :)
Would appreciate to hear any thought regarding "soft" changing of password
hash function
On Mon, Jun 12, 2017 at 6:40 PM, Peter Dähn <da...@vcrp.de> wrote:
> so.. now it is time I think...
>
> Congratulations! I hope you had a nice wedding and a few relaxing days...
>
> Greetings Peter
>
>
> Am 24.05.2017 um 12:03 schrieb Peter Dähn:
>
>> ok.. then good luck...
>>
>> and best wishes when you are back... ;-)
>>
>>
>>
>> Am 24.05.2017 um 11:57 schrieb Maxim Solodovnik:
>>
>>> Thanks :)
>>>
>>> I'll be on vacation for the next 2 weeks, with rare access to the email
>>> from my phone, so no rush :)
>>>
>>> On Wed, May 24, 2017 at 4:55 PM, Peter Dähn <da...@vcrp.de> wrote:
>>>
>>> ok.. need to think about it... ;-)
>>>>
>>>> I will be back in office next week... maybe with "THE IDEA".. or maybe
>>>> not... ;-)
>>>>
>>>> Greetings Peter
>>>>
>>>> Am 24.05.2017 um 11:21 schrieb Maxim Solodovnik:
>>>>
>>>> It is all discussible :)
>>>>>
>>>>> 3.0.7 still uses MD5CryptImplementation
>>>>> <https://github.com/apache/openmeetings/blob/3.0.x/src/util/
>>>>> java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java>
>>>>> which
>>>>> is not secure at all :(((
>>>>> We can add back SHA256Implementation
>>>>> <https://github.com/apache/openmeetings/blob/3.1.x/openmeeti
>>>>> ngs-util/src/main/java/org/apache/openmeetings/util/
>>>>> crypt/SHA256Implementation.java>
>>>>>
>>>>> (
>>>>> available since 3.1.x) for compatibility reasons, but I'm afraid there
>>>>> is
>>>>> no clean way to perform backup and preserve passwords .....
>>>>>
>>>>> I thought maybe we can add "Reset All passwords" admin function, but
>>>>> it is
>>>>> totally insecure :(
>>>>> Any ideas are appreciated :)
>>>>>
>>>>> On Wed, May 24, 2017 at 4:15 PM, Peter Dähn <da...@vcrp.de> wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>>> I think further investigation is not needed. I just didn't see it
>>>>>> before...
>>>>>>
>>>>>> Is this behavior the final state? Then it will be difficult to
>>>>>> update my
>>>>>> installation (3.0.7). This also should the problem with any
>>>>>> installation
>>>>>> before 3.3.0. Isn't it?
>>>>>>
>>>>>> Greetings Peter
>>>>>>
>>>>>> Am 24.05.2017 um 11:07 schrieb Maxim Solodovnik:
>>>>>>
>>>>>> Hello Peter,
>>>>>>
>>>>>>> these debug messages are OK during import (I can perform further
>>>>>>> investigation, but I believe this is not an issue)
>>>>>>>
>>>>>>> Current 4.0.0 contains backported code from 3.3.0 which has stronger
>>>>>>> Password rules ...
>>>>>>> You were unable to login after restore from backup since Password
>>>>>>> Crypt
>>>>>>> was
>>>>>>> changed to the SCrypt, which is stronger than SHA512 used before
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, May 24, 2017 at 3:50 PM, Peter Dähn <da...@vcrp.de> wrote:
>>>>>>>
>>>>>>> I tried to reset the password. I got following message:
>>>>>>>
>>>>>>> "Weak' password: at least 1 special symbol '!@#$%^&*][' is required"
>>>>>>>>
>>>>>>>> Could this be the Problem? I think this shouldn't be like that,
>>>>>>>> because
>>>>>>>> there wasn't such restriction before.
>>>>>>>>
>>>>>>>> Greetings Peter
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Am 24.05.2017 um 10:21 schrieb Peter Dähn:
>>>>>>>>
>>>>>>>> Hi Maxim,
>>>>>>>>
>>>>>>>> I wanted to try out html5 video components...
>>>>>>>>>
>>>>>>>>> While importing my backup (worked before) I got a lot of these
>>>>>>>>> messages
>>>>>>>>> below.
>>>>>>>>>
>>>>>>>>> DEBUG 05-24 10:06:49.592 AuthLevelUtil.java 56867 40
>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>> Login ::
>>>>>>>>> [GRANTED]
>>>>>>>>> DEBUG 05-24 10:06:49.601 AuthLevelUtil.java 56876 40
>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>> Login ::
>>>>>>>>> [DENIED]
>>>>>>>>> DEBUG 05-24 10:06:49.609 AuthLevelUtil.java 56884 40
>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>> Login ::
>>>>>>>>> [DENIED]
>>>>>>>>> DEBUG 05-24 10:06:49.615 AuthLevelUtil.java 56890 40
>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>> Login ::
>>>>>>>>> [DENIED]
>>>>>>>>> DEBUG 05-24 10:06:49.622 AuthLevelUtil.java 56897 40
>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>> Login ::
>>>>>>>>> [DENIED]
>>>>>>>>> DEBUG 05-24 10:06:49.629 AuthLevelUtil.java 56904 40
>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>> Login ::
>>>>>>>>> [DENIED]
>>>>>>>>> DEBUG 05-24 10:06:49.636 AuthLevelUtil.java 56911 40
>>>>>>>>> org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
>>>>>>>>> Login ::
>>>>>>>>> [DENIED]
>>>>>>>>>
>>>>>>>>> I never noticed these ones before. After starting the server, I
>>>>>>>>> couldn't
>>>>>>>>> login with my admin user. "Username/email and/or password are
>>>>>>>>> incorrect."
>>>>>>>>>
>>>>>>>>> Any Ideas?
>>>>>>>>>
>>>>>>>>> Greetings Peter
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>
>>
--
WBR
Maxim aka solomax