You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by la...@apache.org on 2012/12/20 21:12:26 UTC
svn commit: r1424664 - in /airavata/trunk/modules:
commons/utils/src/main/java/org/apache/airavata/common/utils/
registry/airavata-jpa-registry/src/main/java/org/apache/airavata/persistance/registry/jpa/resources/
security/src/main/java/org/apache/aira...
Author: lahiru
Date: Thu Dec 20 20:12:26 2012
New Revision: 1424664
URL: http://svn.apache.org/viewvc?rev=1424664&view=rev
Log:
Fixing AIRAVATA-682. Thanks Amila.
Modified:
airavata/trunk/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/SecurityUtil.java
airavata/trunk/modules/registry/airavata-jpa-registry/src/main/java/org/apache/airavata/persistance/registry/jpa/resources/UserResource.java
airavata/trunk/modules/security/src/main/java/org/apache/airavata/security/util/PasswordDigester.java
Modified: airavata/trunk/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/SecurityUtil.java
URL: http://svn.apache.org/viewvc/airavata/trunk/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/SecurityUtil.java?rev=1424664&r1=1424663&r2=1424664&view=diff
==============================================================================
--- airavata/trunk/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/SecurityUtil.java (original)
+++ airavata/trunk/modules/commons/utils/src/main/java/org/apache/airavata/common/utils/SecurityUtil.java Thu Dec 20 20:12:26 2012
@@ -8,6 +8,8 @@ import java.security.NoSuchAlgorithmExce
*/
public class SecurityUtil {
+ public static final String PASSWORD_HASH_METHOD_PLAINTEXT = "PLAINTEXT";
+
/**
* Creates a hash of given string with the given hash algorithm.
* @param stringToDigest The string to digest.
@@ -18,7 +20,7 @@ public class SecurityUtil {
public static String digestString(String stringToDigest, String digestingAlgorithm)
throws NoSuchAlgorithmException {
- if (digestingAlgorithm == null) {
+ if (digestingAlgorithm == null || digestingAlgorithm.equals(PASSWORD_HASH_METHOD_PLAINTEXT)) {
return stringToDigest;
}
Modified: airavata/trunk/modules/registry/airavata-jpa-registry/src/main/java/org/apache/airavata/persistance/registry/jpa/resources/UserResource.java
URL: http://svn.apache.org/viewvc/airavata/trunk/modules/registry/airavata-jpa-registry/src/main/java/org/apache/airavata/persistance/registry/jpa/resources/UserResource.java?rev=1424664&r1=1424663&r2=1424664&view=diff
==============================================================================
--- airavata/trunk/modules/registry/airavata-jpa-registry/src/main/java/org/apache/airavata/persistance/registry/jpa/resources/UserResource.java (original)
+++ airavata/trunk/modules/registry/airavata-jpa-registry/src/main/java/org/apache/airavata/persistance/registry/jpa/resources/UserResource.java Thu Dec 20 20:12:26 2012
@@ -142,7 +142,15 @@ public class UserResource extends Abstra
throw new RuntimeException("Error reading hash algorithm from configurations", e);
}
if(existingUser != null){
- existingUser.setPassword(password);
+ try {
+ existingUser.setPassword(SecurityUtil.digestString(password,
+ RegistrySettings.getSetting("default.registry.password.hash.method")));
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException("Error hashing default admin password. Invalid hash algorithm.", e);
+ } catch (RegistrySettingsException e) {
+ throw new RuntimeException("Error reading hash algorithm from configurations", e);
+ }
+
user = em.merge(existingUser);
}else {
em.persist(user);
Modified: airavata/trunk/modules/security/src/main/java/org/apache/airavata/security/util/PasswordDigester.java
URL: http://svn.apache.org/viewvc/airavata/trunk/modules/security/src/main/java/org/apache/airavata/security/util/PasswordDigester.java?rev=1424664&r1=1424663&r2=1424664&view=diff
==============================================================================
--- airavata/trunk/modules/security/src/main/java/org/apache/airavata/security/util/PasswordDigester.java (original)
+++ airavata/trunk/modules/security/src/main/java/org/apache/airavata/security/util/PasswordDigester.java Thu Dec 20 20:12:26 2012
@@ -1,5 +1,6 @@
package org.apache.airavata.security.util;
+import org.apache.airavata.common.utils.SecurityUtil;
import org.apache.airavata.security.UserStoreException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -14,8 +15,6 @@ public class PasswordDigester {
protected static Logger log = LoggerFactory.getLogger(PasswordDigester.class);
- public static final String PASSWORD_HASH_METHOD_PLAINTEXT = "PLAINTEXT";
-
private String hashMethod;
/**
@@ -35,7 +34,7 @@ public class PasswordDigester {
*/
public String getPasswordHashValue(String password) throws UserStoreException {
- if (hashMethod.equals(PASSWORD_HASH_METHOD_PLAINTEXT)) {
+ if (hashMethod.equals(SecurityUtil.PASSWORD_HASH_METHOD_PLAINTEXT)) {
return password;
} else {
MessageDigest messageDigest = null;
@@ -54,11 +53,11 @@ public class PasswordDigester {
if (hashMethod == null) {
log.warn("Password hash method is not configured. Setting default to plaintext.");
- hashMethod = PASSWORD_HASH_METHOD_PLAINTEXT;
+ hashMethod = SecurityUtil.PASSWORD_HASH_METHOD_PLAINTEXT;
} else {
// Validating configured hash method is correct.
- if (!hashMethod.equals(PASSWORD_HASH_METHOD_PLAINTEXT)) {
+ if (!hashMethod.equals(SecurityUtil.PASSWORD_HASH_METHOD_PLAINTEXT)) {
try {
MessageDigest.getInstance(hashMethod);
} catch (NoSuchAlgorithmException e) {