Regarding password hash.
I think we need at least to mention how to configure it in the sandbox.xml
(users don't like to dig deep).
<provider>
<role>authentication</role>
<name>ShiroProvider</name>
<enabled>true</enabled>
<param><name>main.iniRealm.credentialsMatcher</**name><value>org.apache.shiro.authc.credential.Sha256CredentialsMatcher</**value></param>
<param><name>users.guest</**name><value>2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b</**value></param>
<param><name>urls./**</name><**value>authcBasic</value></**param>
</provider>
And explain how to create hash:
http://shiro.apache.org/command-line-hasher.html
On Thu, Oct 10, 2013 at 6:31 PM, Kevin Minder
<[email protected]>wrote:
> I partiuclarly enjoy not having to mess with starting the LDAP server for
> verification testing.
> Note that there are very easy ways to use a hash instead of the clear text
> password but this defeats the purpose in my mind.
>
>
> On 10/10/13 11:25 AM, larry mccay wrote:
>
>> Nice.
>> Very easy for out of the box testing for adding users without messing with
>> LDIF and the ApacheDS instance.
>> It will obviously require the redeploy of the toplogy for any change and
>> is
>> not really an example of enterprise security in anyway. It does however
>> allow for easy functional testing for consuming the Hadoop REST services
>> through Knox.
>>
>> To be clear though, it is not consider a good practice to have passwords
>> in
>> clear text inside of an application deployment artifact which is exactly
>> what this ends up doing. The users that are put into a test environment
>> like this should not be actual credentials for anyone.
>>
>>
>>
>> On Thu, Oct 10, 2013 at 10:38 AM, Kevin Minder <
>> [email protected]
>>
>>> wrote:
>>> This uses the deafult Shiro IniRealm implementation.
>>> Obviously not secure but possibly not bad for an out of the box demo.
>>> We would need to make it very clear that this was for demo purposes.
>>> Just to be clear this works with 0.3.0 by changing just the sandbox.xml
>>> topo file.
>>>
>>> <provider>
>>> <role>authentication</role>
>>> <name>ShiroProvider</name>
>>> <enabled>true</enabled>
>>> <param><name>users.guest</****name><value>guest-password</****
>>> value></param>
>>> <param><name>urls./**</name><****value>authcBasic</value></****param>
>>> </provider>
>>>
>>>
>>> --
>>> CONFIDENTIALITY NOTICE
>>> NOTICE: This message is intended for the use of the individual or entity
>>> to which it is addressed and may contain information that is
>>> confidential,
>>> privileged and exempt from disclosure under applicable law. If the reader
>>> of this message is not the intended recipient, you are hereby notified
>>> that
>>> any printing, copying, dissemination, distribution, disclosure or
>>> forwarding of this communication is strictly prohibited. If you have
>>> received this communication in error, please contact the sender
>>> immediately
>>> and delete it from your system. Thank You.
>>>
>>>
>
> --
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity
> to which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
