You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by bu...@apache.org on 2014/05/06 09:14:20 UTC
svn commit: r908162 - in /websites/staging/directory/trunk/content: ./
apacheds/advanced-ug/6-implementing-interceptor.html
Author: buildbot
Date: Tue May 6 07:14:20 2014
New Revision: 908162
Log:
Staging update by buildbot for directory
Modified:
websites/staging/directory/trunk/content/ (props changed)
websites/staging/directory/trunk/content/apacheds/advanced-ug/6-implementing-interceptor.html
Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Tue May 6 07:14:20 2014
@@ -1 +1 @@
-1592671
+1592673
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/6-implementing-interceptor.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/6-implementing-interceptor.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/6-implementing-interceptor.html Tue May 6 07:14:20 2014
@@ -195,7 +195,7 @@ Password hash. A simple interceptor</p>
<p>In order to build it, simply check it out and type "mvn install".
Implementing the class PasswordHashInterceptor</p>
<p>The following UML class diagram depicts the structure of the little example. Classes in white are given by Apache Directory Server as extension points. The two gray classes comprise the example interceptor.</p>
-<p><a href="passwordHashInterceptor_UML.png"></a></p>
+<p><a href="images/passwordHashInterceptor_UML.png">Password Hash Interceptor UML diagram</a></p>
<p>The class HashTools contains two simple methods w.r.t. hashing. isAlreadyHashed detects whether a value has already been hashed with a known message digest algorithm. applyHashAlgorithm applies a hash algorithm to a sequence of bytes. See the source code and the unit tests of this class for details, it has not that much to do with the interceptor stuff.</p>
<p>The central class is PasswordHashInterceptor. Every interceptor has to implement the Interceptor interface from package org.apache.directory.server.core.interceptor. PasswordHashInterceptor does so by extended the convenience class BaseInterceptor from the same package.</p>
<p>The property hashAlgorithm allows to configure the alhorithm used for hashing the passwords. It defaults to MD5 (Message-Digest algorithm 5). The property passwordAttributeName allows configuration of the attribute type which stores the user password. Its value will be hashed if needed. The property defaults to "userPassword", which is quite common and used for instance in the inetOrgPerson object class.</p>
@@ -374,11 +374,11 @@ Adding it to a standard server installat
<p>Then we add a new attribute userPassword in the entry editor. For the value, a special editor appears:</p>
-<p><a href="passwordHashInterceptor_passwordEditor.png"></a></p>
+<p><a href="images/passwordHashInterceptor_passwordEditor.png"></a></p>
<p>Select "Plaintext" as the hash method and enter a new password. We selected "secret" (see screen shot above). After pressing OK, a modify operation is sent to the server, which will be intercepted by our example class.</p>
-<p><a href="passwordHashInterceptor_modificationLog.png"></a></p>
+<p><a href="images/passwordHashInterceptor_modificationLog.png"></a></p>
<p>After that, the value for userPassword is not "secret", but the MD5 digested value of it.</p>
-<p><a href="passwordHashInterceptor_entryEditor.png"></a></p>
+<p><a href="images/passwordHashInterceptor_entryEditor.png"></a></p>
<p>The user Kate Bush is still capable of authenticating with the password "secret", because Apache Directory Server supports authentication with passwords hashed with this algorithm. You can verify this by connecting with Studio and the using "cn=Kate Bush,ou=users,ou=system" as bind DN.</p>
<p>Here it is demonstrated with the help of the ldapsearch command line tool. The result also shows that the userPassword value is hashed with MD5.</p>
<div class="codehilite"><pre>$ <span class="n">ldapsearch</span> <span class="o">-</span><span class="n">h</span> <span class="n">localhost</span> <span class="o">-</span><span class="n">p</span> 10389 <span class="o">-</span><span class="n">D</span> "<span class="n">cn</span><span class="p">=</span><span class="n">Kate</span> <span class="n">Bush</span><span class="p">,</span><span class="n">ou</span><span class="p">=</span><span class="n">users</span><span class="p">,</span><span class="n">ou</span><span class="p">=</span><span class="n">system</span>" <span class="o">\\</span>