You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@juddi.apache.org by Andy Cutright <An...@borland.com> on 2004/03/19 20:52:28 UTC
RE: JdbcAuthenticator
hi ilias,
i'm not familiar enough with JDBC/SQL to know if MD5 is a SQL standard
function. is this going to be available with all JDBC databases?
so we're on the same page, this class is about using MD5 to
aunthenticate the user via a database, is that correct? it's not
directly tied into the HTTPS/ PKCS stuff you've posted?
cheers,
andy
> -----Original Message-----
> From: Ilias Stergiou [mailto:istergiou@yahoo.co.uk]
> Sent: Wednesday, February 25, 2004 11:17 AM
> To: juddi-dev@ws.apache.org
> Subject: JdbcAuthenticator
>
> Hello all,
> please find attached for your consideration
> - a JdbcAthenticator that authenticates users using
> credentials from the
> database
> - the JdbcAuthenticatorTest.java, a junit test case
> - a build.xml diff for adding the tasks that run and compile
> the test case
> - a JdbcAuthenticator HowTo
>
> The source code has been checkstyled and the howto is in
> Forrest format,
>
> Ilias
>
> Index: build.xml
> ===================================================================
> RCS file: /home/cvspublic/ws-juddi/build.xml,v
> retrieving revision 1.3
> diff -u -r1.3 build.xml
> --- build.xml 2 Feb 2004 21:55:30 -0000 1.3
> +++ build.xml 25 Feb 2004 19:09:01 -0000
> @@ -407,6 +407,44 @@
> </java>
> </target>
> <!--
> ==============================================================
> ===== -->
> + <!-- Compiles JdbcAthenticator
> Tests -->
> + <!--
> ==============================================================
> ===== -->
> + <target name="compile-jdbcauth-tests" depends="jar">
> + <mkdir dir="${build.dir}/unit/classes"/>
> + <javac
> + destdir="${build.dir}/unit/classes"
> + debug="${compile.debug}"
> + deprecation="${compile.deprecation}"
> + optimize="${compile.optimize}">
> + <classpath refid="project.classpath"/>
> + <src path="${src.dir}/junit"/>
> + </javac>
> + </target>
> + <!--
> ==============================================================
> ===== -->
> + <!-- Runs JdbcAthenticator
> Tests -->
> + <!--
> ==============================================================
> ===== -->
> + <target name="run-jdbcauth-tests" depends="compile-uddi4j-tests">
> + <java classname="${test.runner}" fork="true">
> + <jvmarg
> value="-Dorg.uddi4j.TransportClassName=org.uddi4j.transport.Ap
acheAxisTransport"/>
> + <arg value="org.apache.juddi.auth.JdbcAuthenticatorTest"/>
> + <classpath>
> + <pathelement location="${lib.dir}/uddi4j.jar"/>
> + <pathelement location="${lib.dir}/junit.jar"/>
> + <pathelement location="${lib.dir}/axis.jar"/>
> + <pathelement location="${lib.dir}/jaxrpc.jar"/>
> + <pathelement location="${lib.dir}/saaj.jar"/>
> + <pathelement
> location="${lib.dir}/commons-logging.jar"/>
> + <pathelement
> location="${lib.dir}/commons-discovery.jar"/>
> + <pathelement
> location="${lib.dir}/commons-collections.jar"/>
> + <pathelement location="${lib.dir}/commons-dbcp.jar"/>
> + <pathelement location="${lib.dir}/commons-pool.jar"/>
> + <pathelement location="${build.dir}/juddi.jar"/>
> + <pathelement location="${build.dir}/unit/classes"/>
> + <pathelement location="${build.dir}/${jar.file}"/>
> + </classpath>
> + </java>
> + </target>
> + <!--
> ==============================================================
> ===== -->
> <!-- Creates the source
> distribution -->
> <!--
> ==============================================================
> ===== -->
> <target name="source" depends="javadoc">
>
>
>
Re: JdbcAuthenticator
Posted by Ilias Stergiou <is...@yahoo.co.uk>.
Andy,
see response inline.
Andy Cutright wrote:
>MD5 is a SQL standard
>function. is this going to be available with all JDBC databases?
>
>
MD5 is a standard (rfc1321) but it is not part of the SQL-92 standard.
It is commonly used in MySQL, Postgress, Oracle 9 etc. MD5 will just
change the password into a 32 byte message digest (it is computationally
infeasible to produce two messages having the same message digest...)
Saying that, I can change the code to avoid having to use MD5.
>so we're on the same page, this class is about using MD5 to
>aunthenticate the user via a database, is that correct?
>
Yes. Every time someone wants to authenticate, the JdbcAuthenticator
will check the credentials with the credentials stored in the database
table created using the installation instructions. MD5 is used to avoid
storing the actual password to the database (a database-export will not
reveal the user passwords).
>it's not
>directly tied into the HTTPS/ PKCS stuff you've posted?
>
>
No. It is completely different. The HTTPS is if you want the client /
server communication to be encrypted. It is the same with a Web client
to a Web server communication. If you want the username and password of
the Web Client user to be delivered to the Web server encrypted (to
avoid eavesdropping) the usual procedure is to use HTTPS.
To have encrypted client/server communication you need certificates.
PKCS is about certificates.
Usually you give the server a certificate, to allow users verify that
the accessed server is who it claims it is. For instance, if I create a
site (www.ilias.com) and get my PKCS certificate signed by verisign, I
can install it to my server. When users access my site (www.ilias.com),
my certificate will be sent to the client browser. My certificate
authority (verisign) is a known certificate authority to most browsers
therefore the clients will know it is actually me. Then a secure
connection starts and all data sent from both client and server is
encrypted.
If someone does eavesdropping he cannot read the encrypted data sent.
If he spoofs the www.ilias.com to his IP address he will not have my
server certificate to decieve the users to enter their password.
HTTPS is used at the publish service of both the Microsoft and IBM uddi
registries. I have made it work for jUDDI by changing only web.xml and
the tomcat server.xml. The instructions were available at the documents.
I can also send you the diffs to change web.xml to make HTTPS work. I
can also support you juddi-dev and juddi-user with troubleshooting etc.
Sorry for the delayed answer, I live in Greece and that is GMT+2. I
guess you are GMT-6 or -7 or -9 (US time).
Ilias
>cheers,
>andy
>
>
>
>>-----Original Message-----
>>From: Ilias Stergiou [mailto:istergiou@yahoo.co.uk]
>>Sent: Wednesday, February 25, 2004 11:17 AM
>>To: juddi-dev@ws.apache.org
>>Subject: JdbcAuthenticator
>>
>>Hello all,
>> please find attached for your consideration
>>- a JdbcAthenticator that authenticates users using
>>credentials from the
>>database
>>- the JdbcAuthenticatorTest.java, a junit test case
>>- a build.xml diff for adding the tasks that run and compile
>>the test case
>>- a JdbcAuthenticator HowTo
>>
>>The source code has been checkstyled and the howto is in
>>Forrest format,
>>
>>Ilias
>>
>>Index: build.xml
>>===================================================================
>>RCS file: /home/cvspublic/ws-juddi/build.xml,v
>>retrieving revision 1.3
>>diff -u -r1.3 build.xml
>>--- build.xml 2 Feb 2004 21:55:30 -0000 1.3
>>+++ build.xml 25 Feb 2004 19:09:01 -0000
>>@@ -407,6 +407,44 @@
>> </java>
>> </target>
>> <!--
>>==============================================================
>>===== -->
>>+ <!-- Compiles JdbcAthenticator
>>Tests -->
>>+ <!--
>>==============================================================
>>===== -->
>>+ <target name="compile-jdbcauth-tests" depends="jar">
>>+ <mkdir dir="${build.dir}/unit/classes"/>
>>+ <javac
>>+ destdir="${build.dir}/unit/classes"
>>+ debug="${compile.debug}"
>>+ deprecation="${compile.deprecation}"
>>+ optimize="${compile.optimize}">
>>+ <classpath refid="project.classpath"/>
>>+ <src path="${src.dir}/junit"/>
>>+ </javac>
>>+ </target>
>>+ <!--
>>==============================================================
>>===== -->
>>+ <!-- Runs JdbcAthenticator
>>Tests -->
>>+ <!--
>>==============================================================
>>===== -->
>>+ <target name="run-jdbcauth-tests" depends="compile-uddi4j-tests">
>>+ <java classname="${test.runner}" fork="true">
>>+ <jvmarg
>>value="-Dorg.uddi4j.TransportClassName=org.uddi4j.transport.Ap
>>
>>
>acheAxisTransport"/>
>
>
>>+ <arg value="org.apache.juddi.auth.JdbcAuthenticatorTest"/>
>>+ <classpath>
>>+ <pathelement location="${lib.dir}/uddi4j.jar"/>
>>+ <pathelement location="${lib.dir}/junit.jar"/>
>>+ <pathelement location="${lib.dir}/axis.jar"/>
>>+ <pathelement location="${lib.dir}/jaxrpc.jar"/>
>>+ <pathelement location="${lib.dir}/saaj.jar"/>
>>+ <pathelement
>>location="${lib.dir}/commons-logging.jar"/>
>>+ <pathelement
>>location="${lib.dir}/commons-discovery.jar"/>
>>+ <pathelement
>>location="${lib.dir}/commons-collections.jar"/>
>>+ <pathelement location="${lib.dir}/commons-dbcp.jar"/>
>>+ <pathelement location="${lib.dir}/commons-pool.jar"/>
>>+ <pathelement location="${build.dir}/juddi.jar"/>
>>+ <pathelement location="${build.dir}/unit/classes"/>
>>+ <pathelement location="${build.dir}/${jar.file}"/>
>>+ </classpath>
>>+ </java>
>>+ </target>
>>+ <!--
>>==============================================================
>>===== -->
>> <!-- Creates the source
>>distribution -->
>> <!--
>>==============================================================
>>===== -->
>> <target name="source" depends="javadoc">
>>
>>
>>
>>
>>
>
>
>