You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-user@portals.apache.org by Nikola Djakovic <ni...@asw.eu> on 2016/06/23 12:34:48 UTC

Password algorithm

Hi,

I would like to redirect my new application to user username/password in 
jetspeed portal.
I can not find algorithm that Jetspeed use.
In webapps/jetspeed/WEB-INF/assembly, i found security-spi.xml and line:

/<bean id="org.apache.jetspeed.security.CredentialPasswordEncoder"//
//class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">//
//    <meta key="j2:cat" value="default or security" />//
//    <constructor-arg index="0">//
//      <value>SHA-1</value>//
//    </constructor-arg>//
//  </bean>/

But when I generate password with SHA-1 it does not match as in jetspeed 
database

Thanks

-- 
*Nikola \u0110akovi\u0107*

Re: Password algorithm

Posted by DavidSeanTaylor <da...@bluesunrise.com>.

> On Jun 23, 2016, at 5:34 AM, Nikola Djakovic <ni...@asw.eu> wrote:
> 
> Hi,
> 
> I would like to redirect my new application to user username/password in jetspeed portal.
> I can not find algorithm that Jetspeed use.
> In webapps/jetspeed/WEB-INF/assembly, i found security-spi.xml and line:
> 
> /<bean id="org.apache.jetspeed.security.CredentialPasswordEncoder"//
> //class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">//
> //    <meta key="j2:cat" value="default or security" />//
> //    <constructor-arg index="0">//
> //      <value>SHA-1</value>//
> //    </constructor-arg>//
> //  </bean>/
> 

Not sure what those comments // are doing in your XML, but it will break it

> But when I generate password with SHA-1 it does not match as in jetspeed database
> 

The Message digests are secure one-way hash functions. We use SHA-1 out of the box.  You can find the algorithm in the implementation class listed above:

http://grepcode.com/file/repo1.maven.org/maven2/org.apache.portals.jetspeed-2/jetspeed-security/2.3.0/org/apache/jetspeed/security/spi/impl/MessageDigestCredentialPasswordEncoder.java <http://grepcode.com/file/repo1.maven.org/maven2/org.apache.portals.jetspeed-2/jetspeed-security/2.3.0/org/apache/jetspeed/security/spi/impl/MessageDigestCredentialPasswordEncoder.java>