You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-user@portals.apache.org by Nikola Djakovic <ni...@asw.eu> on 2016/06/23 12:34:48 UTC
Password algorithm
Hi,
I would like to redirect my new application to user username/password in
jetspeed portal.
I can not find algorithm that Jetspeed use.
In webapps/jetspeed/WEB-INF/assembly, i found security-spi.xml and line:
/<bean id="org.apache.jetspeed.security.CredentialPasswordEncoder"//
//class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">//
// <meta key="j2:cat" value="default or security" />//
// <constructor-arg index="0">//
// <value>SHA-1</value>//
// </constructor-arg>//
// </bean>/
But when I generate password with SHA-1 it does not match as in jetspeed
database
Thanks
--
*Nikola \u0110akovi\u0107*
Re: Password algorithm
Posted by DavidSeanTaylor <da...@bluesunrise.com>.
> On Jun 23, 2016, at 5:34 AM, Nikola Djakovic <ni...@asw.eu> wrote:
>
> Hi,
>
> I would like to redirect my new application to user username/password in jetspeed portal.
> I can not find algorithm that Jetspeed use.
> In webapps/jetspeed/WEB-INF/assembly, i found security-spi.xml and line:
>
> /<bean id="org.apache.jetspeed.security.CredentialPasswordEncoder"//
> //class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">//
> // <meta key="j2:cat" value="default or security" />//
> // <constructor-arg index="0">//
> // <value>SHA-1</value>//
> // </constructor-arg>//
> // </bean>/
>
Not sure what those comments // are doing in your XML, but it will break it
> But when I generate password with SHA-1 it does not match as in jetspeed database
>
The Message digests are secure one-way hash functions. We use SHA-1 out of the box. You can find the algorithm in the implementation class listed above:
http://grepcode.com/file/repo1.maven.org/maven2/org.apache.portals.jetspeed-2/jetspeed-security/2.3.0/org/apache/jetspeed/security/spi/impl/MessageDigestCredentialPasswordEncoder.java <http://grepcode.com/file/repo1.maven.org/maven2/org.apache.portals.jetspeed-2/jetspeed-security/2.3.0/org/apache/jetspeed/security/spi/impl/MessageDigestCredentialPasswordEncoder.java>