You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by Giacomo Morri <gi...@cone.it> on 2017/01/30 16:00:46 UTC
How to decode stored passwords
Hi, i'm trying to implement a function that permit to login in jetspeed
"as a user".
I've tried to decode users password using the "PasswordEncodingService",
but trying to enable it i retrieve an error in jetspeed log:
"Error creating bean with name 'PortalServices' defined in
ServletContext resource [/WEB-INF/assembly/jetspeed-services.xml]:
Cannot resolve reference to bean
'org.apache.jetspeed.security.PasswordEncodingService' while setting
constructor argument with key [TypedStringValue: value
[PasswordEncodingService], target type [null]]; nested exception is
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean
named 'org.apache.jetspeed.security.PasswordEncodingService' is defined"
How can i enable the api PasswordEncodingService?
Best regards,
Giacomo Morri
Re: How to decode stored passwords
Posted by DavidSeanTaylor <da...@bluesunrise.com>.
Did you also uncomment org.apache.jetspeed.security.PasswordEncodingService in security-spi-atn.xml?
There are 2 beans to choose from there:
1.
<!-- A Two-way encoding password service which also implements CredentialPasswordEncoder
this Service can be used instead of for example the default provided MessageDigestCredentialPasswordEncoder
<bean id="org.apache.jetspeed.security.PasswordEncodingService"
name="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
class="org.apache.jetspeed.security.spi.impl.PBEPasswordService">
<constructor-arg index="0">
<!- secret PBE key password ->
<value>********</value>
</constructor-arg>
</bean>
-->
2.
<!-- A Two-way encoding password service which also implements CredentialPasswordEncoder
Furthermore, this extension of the PBEPasswordService supports lazy upgrading from an old CredentialPasswordEncoder
like the default provided MessageDigestCredentialPasswordEncoder
->
<bean id="org.apache.jetspeed.security.PasswordEncodingService"
name="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
class="org.apache.jetspeed.security.spi.impl.AlgorithmUpgradePBEPasswordService">
<constructor-arg index="0">
<!- secret PBE key password ->
<value>********</value>
</constructor-arg>
<constructor-arg index="1">
<!- old MessageDigestCredentialPasswordEncoder to be upgrading from, using SHA-1 ->
<bean class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
<constructor-arg index="0"><value>SHA-1</value></constructor-arg>
</bean>
</constructor-arg>
<constructor-arg index="2">
<!- startPBEPasswordEncodingService: date before which old encoded passwords need to be recoded (on authentication)
(SimpleDateFormat) format: yyyy-MM-dd HH:mm:ss
->
<value>2006-07-02 15:00:00</value>
</constructor-arg>
</bean>
-->
> On Jan 30, 2017, at 8:00 AM, Giacomo Morri <gi...@cone.it> wrote:
>
> Hi, i'm trying to implement a function that permit to login in jetspeed "as a user".
> I've tried to decode users password using the "PasswordEncodingService", but trying to enable it i retrieve an error in jetspeed log:
>
> "Error creating bean with name 'PortalServices' defined in ServletContext resource [/WEB-INF/assembly/jetspeed-services.xml]: Cannot resolve reference to bean 'org.apache.jetspeed.security.PasswordEncodingService' while setting constructor argument with key [TypedStringValue: value [PasswordEncodingService], target type [null]]; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'org.apache.jetspeed.security.PasswordEncodingService' is defined"
>
> How can i enable the api PasswordEncodingService?
>
> Best regards,
> Giacomo Morri
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: How to decode stored passwords
Posted by DavidSeanTaylor <da...@bluesunrise.com>.
Additionally, you need to first commend out the current CredentialPasswordEncode around line 27 of security-spi-atn.xml:
<!-- MessageDigest encode passwords using SHA-1 -->
<!--
<bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
<meta key="j2:cat" value="default or security" />
<constructor-arg index="0">
<value>SHA-1</value>
</constructor-arg>
</bean>
—>
And then uncomment the replacement encoder further down in the same file. You have two choices, I went with the backward compatibility one (line 79, not line 67:
Make sure you enter a PBE key for constructor index 0, and a timestamp (see below) for constructor index 2:
<!-- A Two-way encoding password service which also implements CredentialPasswordEncoder
Furthermore, this extension of the PBEPasswordService supports lazy upgrading from an old CredentialPasswordEncoder
like the default provided MessageDigestCredentialPasswordEncoder
-->
<bean id="org.apache.jetspeed.security.PasswordEncodingService"
name="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
class="org.apache.jetspeed.security.spi.impl.AlgorithmUpgradePBEPasswordService">
<constructor-arg index="0">
<!-- secret PBE key password -->
<value>jetspeed</value>
</constructor-arg>
<constructor-arg index="1">
<!-- old MessageDigestCredentialPasswordEncoder to be upgrading from, using SHA-1 -->
<bean class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
<constructor-arg index="0"><value>SHA-1</value></constructor-arg>
</bean>
</constructor-arg>
<constructor-arg index="2">
<!-- startPBEPasswordEncodingService: date before which old encoded passwords need to be recoded (on authentication)
(SimpleDateFormat) format: yyyy-MM-dd HH:mm:ss
-->
<value>2017-01-30 15:00:00</value>
</constructor-arg>
</bean>
This seems to work for me and was backward compatible (tested on 2.3.2. trunk)
> On Jan 30, 2017, at 8:00 AM, Giacomo Morri <gi...@cone.it> wrote:
>
> Hi, i'm trying to implement a function that permit to login in jetspeed "as a user".
> I've tried to decode users password using the "PasswordEncodingService", but trying to enable it i retrieve an error in jetspeed log:
>
> "Error creating bean with name 'PortalServices' defined in ServletContext resource [/WEB-INF/assembly/jetspeed-services.xml]: Cannot resolve reference to bean 'org.apache.jetspeed.security.PasswordEncodingService' while setting constructor argument with key [TypedStringValue: value [PasswordEncodingService], target type [null]]; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'org.apache.jetspeed.security.PasswordEncodingService' is defined"
>
> How can i enable the api PasswordEncodingService?
>
> Best regards,
> Giacomo Morri
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org