[Acegisecurity-developer] Problem with md5 passwords

[ranieri.oliveira]

Hello,

I'm a user of Pentaho, a BI Solution Open Source. It use Acegi to do 
authentication, and I'm having problems
with authentication with passwords encoded with MD5.
My problem is that when I try to log in with a user that is password encoded 
with md5, it returns Bad
Credentials, but when I try to log in with a user that is password as clear 
text I can log in. I modified my
file application-acegi-security-ldap.xml to use encode md5, but doesn't work.

My acegi file is attached.

I appreciate any help.

Thanks
?xml version=1.0 encoding=UTF-8?
!DOCTYPE beans PUBLIC -//SPRING//DTD BEAN//EN http://www.springframework.org/dtd/spring-beans.dtd;

!--
	- Application context containing LDAP UserDetailsService
	- implementation.
	-
	- Used by all artifacts.
--

beans

	!-- Configuração do servidor LDAP --
	bean id=initialDirContextFactory
		class=org.acegisecurity.ldap.DefaultInitialDirContextFactory
		constructor-arg index=0
			value=ldap://localhost:389/dc=paulinia,dc=com,dc=br; /
		property name=managerDn value=cn=Manager,dc=paulinia,dc=com,dc=br /
		property name=managerPassword value=n2n9u2v5 /
	/bean

	bean id=ldapAuthProvider
		class=org.acegisecurity.providers.ldap.LdapAuthenticationProvider
		constructor-arg
			bean
class=org.acegisecurity.providers.ldap.authenticator.BindAuthenticator
constructor-arg
	ref local=initialDirContextFactory /
/constructor-arg
property name=userSearch
	ref local=userSearch /
/property
			/bean
		/constructor-arg
		constructor-arg
			ref local=populator /
		/constructor-arg
	/bean

	!-- Verifica de quais roles o usuário participa --
	bean id=populator
		class=org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator
		constructor-arg index=0
			ref local=initialDirContextFactory /
		/constructor-arg
		constructor-arg index=1 value=ou=roles /
		property name=groupRoleAttribute value=cn /
		property name=groupSearchFilter value=roleOccupant={0} /
	/bean

	!-- Verifica se o usuário participa do grupo users --
	bean id=userSearch
		class=org.acegisecurity.ldap.search.FilterBasedLdapUserSearch
		constructor-arg index=0 value=ou=users /
 
		constructor-arg index=1 value=cn={0} /
		constructor-arg index=2
			ref local=initialDirContextFactory /
		/constructor-arg
	/bean


	bean id=userDetailsService
		class=com.pentaho.security.ldap.LdapUserDetailsService
		property name=userSearch
			ref local=userSearch /
		/property
		property name=populator
			ref local=populator /
		/property
	/bean


	!-- Como o senha será passada para o LDAP --
	!-- Texto puro --
	bean id=passwordEncoder
		class=org.acegisecurity.providers.encoding.Md5PasswordEncoder /
 
		!--class=org.acegisecurity.providers.encoding.PlaintextPasswordEncoder /
-- 

/beans

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] Problem with md5 passwords

[Luke Taylor]

Please use the forum at

http://forum.springframework.org/forumdisplay.php?f=33

for user questions. You should also supply debug log output.

ranieri.oliveira wrote:
 Hello,
 
 I'm a user of Pentaho, a BI Solution Open Source. It use Acegi to do 
 authentication, and I'm having problems
 with authentication with passwords encoded with MD5.
 My problem is that when I try to log in with a user that is password encoded 
 with md5, it returns Bad
 Credentials, but when I try to log in with a user that is password as clear 
 text I can log in. I modified my
 file application-acegi-security-ldap.xml to use encode md5, but doesn't work.
 
 My acegi file is attached.
 
 I appreciate any help.
 
 Thanks
 
 


-- 
 Luke Taylor.  Monkey Machine Ltd.
 PGP Key ID: 0x57E9523Chttp://www.monkeymachine.ltd.uk


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] Our build is a mess...

[Ben Alex]

Hi all

Carlos and Luke, what's the latest status of the Maven 2 build? Does the
reference documentation build successfully with Maven 2 as-is? I see
acegisecurity.org hasn't built and uploaded since 18 December 2006.
Luke, is that running the Maven 2 build?

We're shooting at releasing 1.0.4 in the next couple of weeks. Vishal
Puri is busily working away on it. In terms of introductions, Vishal
works for Interface21 (the company behind Spring) as a Senior Consultant
and is based here in Sydney with me. So you'll see more of Vishal on
this list, in JIRA and SVN. We're aiming at releasing 1.1.0 final in June.

For 1.0.4 we will stick with the Maven 1.0.x build. For 1.1.0 we will
refactor the Contacts XML and build (as this is desirable anyway due to
the new namespaces support which will be present in 1.1.0) and switch
entirely to Maven 2.

I'd be happy to switch to Maven 2 immediately (ie for 1.0.4) if it is
ready, thus the question above for Luke and Carlos.

Cheers
Ben

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] Jalopy?

[Ben Alex]

Luke Taylor wrote:
 Hey, I spent ages bringing the errors down a while back :). There are
 only 34 at the moment in core and 12 are due to spaces around
 brackets. If we can get someone to nail the file down to what we want
 the code to look like (e.g. our benevolent dictator, Ben?), then we can
 run from there. At the moment it's just an approximation based on my
 best guesses.

   

The consensus seems to be to change, so I agree entirely. Luke or Ray,
can you take care of this? If we use the present Jalopy rules as a
guide, that should maintain reasonable compatibility with past source
code formatting.

Cheers
Ben

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer