You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@turbine.apache.org by Eric Pugh <ep...@upstate.com> on 2004/03/01 12:12:17 UTC
RE: RE: Problem with encrypted password in turbine 2.3
Here are some example unit tests to get you started. Not sure why you are
removing the commons-codec, as that seems to generate a missing class..
Look at this unit test in CVS HEAD:
/src/org/apache/turbine/services/crypto/CryptoRunningInECMTest. You can
basically plagerise this test and the BaseTestCase so you start up your
version of Turbine, and verify the encryption. You can also look into using
Cactus to startup your webapp and test it.
Also check out org.apache.turbine.modules.ActionLoaderTest.. You could
plagerise this to test out your CreateNewUserAndConfirm test as well. The
idea is to cut out all the extra cruft to get a clean/simple unit test that
helps you find the bug..
I know, it can take some doing to get there, but the rewards are worth it.
Eric
> -----Original Message-----
> From: andreas@haertel-net.de [mailto:andreas@haertel-net.de]
> Sent: Saturday, February 28, 2004 5:02 PM
> To: Turbine Users List; epugh@upstate.com
> Subject: Re: RE: Problem with encrypted password in turbine 2.3
>
>
>
> How can I start this unit test? I don't know what to do for this:-(
>
> I've removed the JAR commons-codec-1.1.jar from WEB-INF/lib. I could
> see, that in both cases - new user, login user - the same
> methode called
> by the action. The different is the calling of methode
> BaseSecurityService.encryptPassword twice when create user.
>
> ----------------------------------------------------------------------
> case 1: create user
>
> 2004-02-28 16:49:28,659 [HttpProcessor[8080][4]] ERROR
> de.soltics.falconBase.modules.actions.CreateNewUserAndConfirm -
> Invokation of public void
> de.soltics.falconBase.modules.actions.CreateNewUserAndConfirm.
> doCreate(org.apache.turbine.util.RunData,org.apache.velocity.c
> ontext.Context)
> throws java.lang.Exception
> java.lang.NoClassDefFoundError: org/apache/commons/codec/base64/Base64
> at
> org.apache.turbine.services.crypto.provider.JavaCrypt.encrypt(
> JavaCrypt.java:151)
> at
> org.apache.turbine.services.security.BaseSecurityService.encry
> ptPassword(BaseSecurityService.java:207)
> at
> org.apache.turbine.services.security.BaseSecurityService.encry
> ptPassword(BaseSecurityService.java:162)
> at
> org.apache.turbine.services.security.TurbineSecurity.encryptPa
> ssword(TurbineSecurity.java:124)
> --------------------------------------------------------------------
> case 2: Login
>
> java.lang.NoClassDefFoundError: org/apache/commons/codec/base64/Base64
> at
> org.apache.turbine.services.crypto.provider.JavaCrypt.encrypt(
> JavaCrypt.java:151)
> at
> org.apache.turbine.services.security.BaseSecurityService.encry
> ptPassword(BaseSecurityService.java:207)
> at
> org.apache.turbine.services.security.BaseSecurityService.check
> Password(BaseSecurityService.java:236)
> at
> org.apache.turbine.services.security.TurbineSecurity.checkPass
> word(TurbineSecurity.java:155)
> at
> de.soltics.falconBase.modules.actions.FalconBaseLogin.doPerfor
> m(FalconBaseLogin.java:97)
>
> Andreas
>
>
>
> Eric Pugh <ep...@upstate.com> schrieb am 25.02.2004, 14:20:31:
> > I would try and write a unit test that isolates as much as
> possible just the
> > passwords, to make sure the encryption is properly working.
> There are unit
> > tests in Turbine CVS that demonstrate that encryption is
> working properly.
> >
> > Eric
> >
> > > -----Original Message-----
> > > From: andreas@haertel-net.de [mailto:andreas@haertel-net.de]
> > > Sent: Wednesday, February 25, 2004 1:52 PM
> > > To: turbine-user@jakarta.apache.org
> > > Subject: Problem with encrypted password in turbine 2.3
> > >
> > >
> > >
> > > Hallo,
> > >
> > >
> > > I'm using turbine 2.3 with the Torque Security Service.
> > > I've created an extended user table, have made the changes in
> > > TR.properties, took from file
> > > http://jakarta.apache.org/turbine/turbine-2.3/services/torque-
> > > security-service.html.
> > >
> > > ----snip----
> > > services.SecurityService.classname =
> > > org.apache.turbine.services.security.torque.TorqueSecurityService
> > > services.SecurityService.user.manager =
> > > org.apache.turbine.services.security.torque.TorqueUserManager
> > >
> > > # Class for User. Default:
> org.apache.turbine.om.security.TurbineUser
> > > services.SecurityService.user.class =
> > > de.soltics.falconBase.modules.util.ExtendedUser
> > >
> > > # This is the Peer class used to access the user peer
> > > (org.apache.turbine.services.security.torque.om.TurbineUserPeer)
> > > services.SecurityService.torque.userPeer.class =
> > > de.soltics.falconBase.om.CustomUserPeer
> > >
> > > # Class for Group. Default:
> > > org.apache.turbine.om.security.TurbineGroup
> > > #services.SecurityService.group.class=org.apache.turbine.om.se
> > > curity.TurbineGroup
> > > services.SecurityService.group.class=org.apache.turbine.servic
> > > es.security.torque.TorqueGroup
> > >
> > > # Class for Role. Default:
> org.apache.turbine.om.security.TurbineRole
> > > #services.SecurityService.role.class=org.apache.turbine.om.sec
> > > urity.TurbineRole
> > > services.SecurityService.role.class=org.apache.turbine.service
> > > s.security.torque.TorqueRole
> > >
> > > # Class for Permission. Default:
> > > org.apache.turbine.om.security.TurbinePermission
> > > #services.SecurityService.permission.class=org.apache.turbine.
> > > om.security.TurbinePermission
> > > services.SecurityService.permission.class=org.apache.turbine.s
> > > ervices.security.torque.TorquePermission
> > >
> > > #
> > > # This is the class that implements the ACL interface.
> > > # You want to override this setting only if you want your ACL
> > > # implementation to provide application specific addtional
> > > # functionality.
> > > #
> > >
> > > # Default:
> org.apache.turbine.util.security.TurbineAccessControlList
> > > services.SecurityService.acl.class =
> > > org.apache.turbine.util.security.TurbineAccessControlList
> > >
> > > ----snip----
> > >
> > > This works fine with unsafe passwords.
> > >
> > > When I'm setting secure password to true, an new user 'll
> be created
> > > with an encrypted password.
> > > However, when I try login to my application, the
> > > TorqueUserManager.authenticate fails with an
> > > Exception.
> > >
> > > Exception:
> org.apache.turbine.util.security.PasswordMismatchException:
> > > The passwords do not match
> > > org.apache.turbine.util.security.PasswordMismatchException: The
> > > passwords do not match
> > > at
> > > org.apache.turbine.services.security.torque.TorqueUserManager.
> > > authenticate(TorqueUserManager.java:387)
> > >
> > >
> > > What is wrong?
> > >
> > >
> > > Help, Please
> > >
> > >
> > > Andreas
> > >
> > >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail:
> turbine-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail:
> turbine-user-help@jakarta.apache.org
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> turbine-user-help@jakarta.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: turbine-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org