You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-dev@portals.apache.org by Giacomo Morri <gi...@cone.it> on 2017/01/30 16:00:46 UTC

How to decode stored passwords

Hi, i'm trying to implement a function that permit to login in jetspeed 
"as a user".
I've tried to decode users password using the "PasswordEncodingService", 
but trying to enable it i retrieve an error in jetspeed log:

"Error creating bean with name 'PortalServices' defined in 
ServletContext resource [/WEB-INF/assembly/jetspeed-services.xml]: 
Cannot resolve reference to bean 
'org.apache.jetspeed.security.PasswordEncodingService' while setting 
constructor argument with key [TypedStringValue: value 
[PasswordEncodingService], target type [null]]; nested exception is 
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean 
named 'org.apache.jetspeed.security.PasswordEncodingService' is defined"

How can i enable the api PasswordEncodingService?

Best regards,
Giacomo Morri

Re: How to decode stored passwords

Posted by DavidSeanTaylor <da...@bluesunrise.com>.

Did you also uncomment org.apache.jetspeed.security.PasswordEncodingService in security-spi-atn.xml?
There are 2 beans to choose from there:

1. 

<!-- A Two-way encoding password service which also implements CredentialPasswordEncoder
    this Service can be used instead of for example the default provided MessageDigestCredentialPasswordEncoder
    <bean id="org.apache.jetspeed.security.PasswordEncodingService"
    name="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
    class="org.apache.jetspeed.security.spi.impl.PBEPasswordService">
    <constructor-arg index="0">
    <!- secret PBE key password ->
    <value>********</value>
    </constructor-arg>       
    </bean>       
  -->

2. 
  <!-- A Two-way encoding password service which also implements CredentialPasswordEncoder
    Furthermore, this extension of the PBEPasswordService supports lazy upgrading from an old CredentialPasswordEncoder
    like the default provided MessageDigestCredentialPasswordEncoder
    ->
    <bean id="org.apache.jetspeed.security.PasswordEncodingService"
    name="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
    class="org.apache.jetspeed.security.spi.impl.AlgorithmUpgradePBEPasswordService">
    <constructor-arg index="0">
    <!- secret PBE key password ->
    <value>********</value>
    </constructor-arg>
    <constructor-arg index="1">
    <!- old MessageDigestCredentialPasswordEncoder to be upgrading from, using SHA-1 ->
    <bean class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
    <constructor-arg index="0"><value>SHA-1</value></constructor-arg>       
    </bean>       
    </constructor-arg>
    <constructor-arg index="2">
    <!- startPBEPasswordEncodingService: date before which old encoded passwords need to be recoded (on authentication)
    (SimpleDateFormat) format: yyyy-MM-dd HH:mm:ss
    ->
    <value>2006-07-02 15:00:00</value>
    </constructor-arg>
    </bean>
  -->

> On Jan 30, 2017, at 8:00 AM, Giacomo Morri <gi...@cone.it> wrote:
> 
> Hi, i'm trying to implement a function that permit to login in jetspeed "as a user".
> I've tried to decode users password using the "PasswordEncodingService", but trying to enable it i retrieve an error in jetspeed log:
> 
> "Error creating bean with name 'PortalServices' defined in ServletContext resource [/WEB-INF/assembly/jetspeed-services.xml]: Cannot resolve reference to bean 'org.apache.jetspeed.security.PasswordEncodingService' while setting constructor argument with key [TypedStringValue: value [PasswordEncodingService], target type [null]]; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'org.apache.jetspeed.security.PasswordEncodingService' is defined"
> 
> How can i enable the api PasswordEncodingService?
> 
> Best regards,
> Giacomo Morri


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org

Re: How to decode stored passwords

Posted by DavidSeanTaylor <da...@bluesunrise.com>.

Additionally, you need to first commend out the current CredentialPasswordEncode around line 27 of security-spi-atn.xml:

 <!-- MessageDigest encode passwords using SHA-1 -->
  <!--
  <bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
    class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
    <meta key="j2:cat" value="default or security" />
    <constructor-arg index="0">
      <value>SHA-1</value>
    </constructor-arg>
  </bean>
  —>

And then uncomment the replacement encoder further down in the same file. You have two choices, I went with the backward compatibility one (line 79, not line 67:

Make sure you enter a PBE key for constructor index 0, and a timestamp (see below) for constructor index 2:

<!-- A Two-way encoding password service which also implements CredentialPasswordEncoder
    Furthermore, this extension of the PBEPasswordService supports lazy upgrading from an old CredentialPasswordEncoder
    like the default provided MessageDigestCredentialPasswordEncoder
    -->
    <bean id="org.apache.jetspeed.security.PasswordEncodingService"
    name="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
    class="org.apache.jetspeed.security.spi.impl.AlgorithmUpgradePBEPasswordService">
    <constructor-arg index="0">
    <!-- secret PBE key password -->
    <value>jetspeed</value>
    </constructor-arg>
    <constructor-arg index="1">
    <!-- old MessageDigestCredentialPasswordEncoder to be upgrading from, using SHA-1 -->
    <bean class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
    <constructor-arg index="0"><value>SHA-1</value></constructor-arg>       
    </bean>       
    </constructor-arg>
    <constructor-arg index="2">
    <!-- startPBEPasswordEncodingService: date before which old encoded passwords need to be recoded (on authentication)
    (SimpleDateFormat) format: yyyy-MM-dd HH:mm:ss
    -->
    <value>2017-01-30 15:00:00</value>
    </constructor-arg>
    </bean>
  
This seems to work for me and was backward compatible (tested on 2.3.2. trunk)

> On Jan 30, 2017, at 8:00 AM, Giacomo Morri <gi...@cone.it> wrote:
> 
> Hi, i'm trying to implement a function that permit to login in jetspeed "as a user".
> I've tried to decode users password using the "PasswordEncodingService", but trying to enable it i retrieve an error in jetspeed log:
> 
> "Error creating bean with name 'PortalServices' defined in ServletContext resource [/WEB-INF/assembly/jetspeed-services.xml]: Cannot resolve reference to bean 'org.apache.jetspeed.security.PasswordEncodingService' while setting constructor argument with key [TypedStringValue: value [PasswordEncodingService], target type [null]]; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'org.apache.jetspeed.security.PasswordEncodingService' is defined"
> 
> How can i enable the api PasswordEncodingService?
> 
> Best regards,
> Giacomo Morri


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org