Hi,
thanks for your reply. It's working now with the digest passwords.
<!-- This Spring Security-friendly PasswordEncoder implementation will -->
<!-- wrap the PasswordEncryptor instance so that it can be used from -->
<!-- the security framework. -->
<bean id="jasyptPasswordEncryptor"
class="org.jasypt.util.password.StrongPasswordEncryptor"/>
<bean id="passwordEncoder"
class="org.jasypt.spring.security3.PasswordEncoder">
<property name="passwordEncryptor">
<ref bean="jasyptPasswordEncryptor"/>
</property>
</bean>
<!-- bind user service to the manager and use the password encoder for the
digest encoding -->
<security:authentication-manager>
<security:authentication-provider
user-service-ref="customAuthenticationProvider">
<!-- Use Digest Passwords to login -->
<security:password-encoder ref="passwordEncoder"/>
</security:authentication-provider>
</security:authentication-manager>
And I will use JDBC to access the security datastore.
Daniel
________________________________________
Von: christian.muel...@nvoe.at [christian.muel...@nvoe.at]
Gesendet: Dienstag, 31. Juli 2012 16:36
An: Daniel Tuerk
Cc: geoserver-users@lists.sourceforge.net
Betreff: Re: [Geoserver-users] geoserver 2.2. Beta - digest authorization (doc
for access authentication)
Hi Daniel, answers inside
Zitat von Daniel Tuerk <daniel.tu...@jambit.com>:
> Hi,
>
> we are using the BETA to get the new authoritzation features.
>
> The password encryption is set to 'Digest' in my JDBC User Group Service.
>
> Now the problem:
> We have a second webapp which are using the same data from the DB
> and also have Spring Security.
>
> To login by the UserService I have to know which implementation is
> used by the geoserver.
> How to compare the stored and transmitted password?
Geoserver uses jasypt version 1.8 for password encoding
(http://www.jasypt.org/). You have to put the jar file on your
classpath.
Look at the method "createCharEncoder" for the parameters.
(https://github.com/geoserver/geoserver/blob/master/src/main/src/main/java/org/geoserver/security/password/GeoServerDigestPasswordEncoder.java
). This encoder is for passwords stored in char arrays.
(recommended).
If you store your passwords in Strings, look at the method
"createStringEncoder".
>
> The hash for the digest is that one in the 'masterpw.digest' file?
The content of the the this file is the digest for the master
password. (defaults to "geoserver"). The prefix "digest1:" is
Geoserver specific, ignore this prefix in your logic.
Be aware that we use random salts, digesting the identical password n
times produces n different values.
>
>
> And another problem with the generated tables by the JDBC User Group Service:
> It use the name of the user as primary key. I will use GeoTools to
> access the data and to store new features.
> But today I don't know how to store a new feature with the feature
> builder if I had a dot in my username. (the generated featureId use
> dots for internal usage)
>
> userFeatureBuilder.featureUserData(Hints.USE_PROVIDED_FID, true);
> SimpleFeature feature = userFeatureBuilder.buildFeature(user.getUsername());
>
I am not sure if I understand your problem. Do you want to populate
the security tables with the feature builder ?. This was never
intended. If you want to modify the security tables programmatically,
use the jdbc interface.
> Thanks for your help!
Hope this helped :-)
Christian
>
> Daniel
>
> ________________________________
>
> Daniel Tuerk, Software Architect
> Phone: +49.89.45 23 47 - 214
> PGP-Fingerprint: F530B24F06047CE967BE739F15DD03CB4E9E400B
>
> jambit Software Development & Management GmbH
> Erika-Mann-Str. 63, 80636 München
> Phone: +49.89.45 23 47-0 Fax: +49.89.45 23 47-70
>
> http://www.jambit.com where innovation works
>
> Geschäftsführer: Peter F. Fellinger, Markus Hartinger
> Sitz: München; Registergericht: München, HRB 129139
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
