Re: [OSGi] - Configuration and classloader
> Steinar Bang : > Francois Papon > : >> Hi Steinar, >> I started some test projects, you can take a look here: >> https://github.com/fpapon/shiro-labs > thanks! I may be able to replace the deprecated > WebIniSecurityManagerFactory with stuff from here: > > https://github.com/fpapon/shiro-labs/blob/master/karaf-jaxrs/src/main/java/fr/openobject/labs/shiro/karaf/jaxrs/ShiroService.java#L48 Well, it got me part of the way. I was able to replace the WebIniSecurityManagerFactory deprecated class, but I was unable to replace the use of the IniFilterChainResolverFactory: https://github.com/steinarb/authservice/blob/master/authservice.web.security/src/main/java/no/priv/bang/authservice/web/security/AuthserviceShiroFilter.java#L90 Much of the logic for setting up a filter chain seems to be in the IniFilterChainResolverFactory and doing it manually looked like I would need to copy a lot of the code of IniFilterChainResolverFactory.
[jira] [Resolved] (SHIRO-552) JdbcRealm in SaltStyle.COLUMN assumes that password column is Base64 but salt column is utf8 bytes
[
https://issues.apache.org/jira/browse/SHIRO-552?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francois Papon resolved SHIRO-552.
--
Resolution: Resolved
[~s...@dod.no] thanks!
> JdbcRealm in SaltStyle.COLUMN assumes that password column is Base64 but salt
> column is utf8 bytes
> --
>
> Key: SHIRO-552
> URL: https://issues.apache.org/jira/browse/SHIRO-552
> Project: Shiro
> Issue Type: Bug
>Affects Versions: 1.2.4
>Reporter: Richard Bradley
>Priority: Major
> Fix For: 1.5.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The {{org.apache.shiro.realm.jdbc.JdbcRealm}} class, when configured with
> SaltStyle.COLUMN, assumes that password column is Base64 but salt column is
> utf8 bytes.
> The password is returned as a {{char[]}} (see JdbcRealm.java:241), which
> {{org.apache.shiro.authc.credential.HashedCredentialsMatcher}} (see
> HashedCredentialsMatcher.java:353):
> {code}
> if (credentials instanceof String || credentials instanceof char[]) {
> //account.credentials were a char[] or String, so
> //we need to do text decoding first:
> if (isStoredCredentialsHexEncoded()) {
> storedBytes = Hex.decode(storedBytes);
> } else {
> storedBytes = Base64.decode(storedBytes);
> }
> }
> {code}
> However, the salt is returned as a {{ByteSource}}, by converting the
> DB-returned String into its UTF-8 bytes. See JdbcRealm.java:224:
> {code}
> if (salt != null) {
> info.setCredentialsSalt(ByteSource.Util.bytes(salt));
> }
> {code}
> This is broken and inconsistent.
> Not all salt byte[]s are valid UTF8 strings, so the default assumption should
> be that the salt column is Base64 encoded.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
[GitHub] [shiro] fpapon merged pull request #138: [SHIRO-552] Support base64 encoded salt in JdbcRealm
fpapon merged pull request #138: [SHIRO-552] Support base64 encoded salt in JdbcRealm URL: https://github.com/apache/shiro/pull/138 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[jira] [Updated] (SHIRO-552) JdbcRealm in SaltStyle.COLUMN assumes that password column is Base64 but salt column is utf8 bytes
[
https://issues.apache.org/jira/browse/SHIRO-552?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francois Papon updated SHIRO-552:
-
Fix Version/s: 1.5.0
> JdbcRealm in SaltStyle.COLUMN assumes that password column is Base64 but salt
> column is utf8 bytes
> --
>
> Key: SHIRO-552
> URL: https://issues.apache.org/jira/browse/SHIRO-552
> Project: Shiro
> Issue Type: Bug
>Affects Versions: 1.2.4
>Reporter: Richard Bradley
>Priority: Major
> Fix For: 1.5.0
>
>
> The {{org.apache.shiro.realm.jdbc.JdbcRealm}} class, when configured with
> SaltStyle.COLUMN, assumes that password column is Base64 but salt column is
> utf8 bytes.
> The password is returned as a {{char[]}} (see JdbcRealm.java:241), which
> {{org.apache.shiro.authc.credential.HashedCredentialsMatcher}} (see
> HashedCredentialsMatcher.java:353):
> {code}
> if (credentials instanceof String || credentials instanceof char[]) {
> //account.credentials were a char[] or String, so
> //we need to do text decoding first:
> if (isStoredCredentialsHexEncoded()) {
> storedBytes = Hex.decode(storedBytes);
> } else {
> storedBytes = Base64.decode(storedBytes);
> }
> }
> {code}
> However, the salt is returned as a {{ByteSource}}, by converting the
> DB-returned String into its UTF-8 bytes. See JdbcRealm.java:224:
> {code}
> if (salt != null) {
> info.setCredentialsSalt(ByteSource.Util.bytes(salt));
> }
> {code}
> This is broken and inconsistent.
> Not all salt byte[]s are valid UTF8 strings, so the default assumption should
> be that the salt column is Base64 encoded.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
[GitHub] [shiro] asf-ci commented on issue #138: Support base64 encoded salt in JdbcRealm
asf-ci commented on issue #138: Support base64 encoded salt in JdbcRealm URL: https://github.com/apache/shiro/pull/138#issuecomment-517761803 Refer to this link for build results (access rights to CI server needed): https://builds.apache.org/job/Shiro-pr/155/ This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [shiro] steinarb commented on issue #138: Support base64 encoded salt in JdbcRealm
steinarb commented on issue #138: Support base64 encoded salt in JdbcRealm URL: https://github.com/apache/shiro/pull/138#issuecomment-517752959 @fpapon rebased, conflict resolved, built with "mvn clean install" with no errors, and branch force-pushed This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [shiro] fpapon commented on issue #138: Support base64 encoded salt in JdbcRealm
fpapon commented on issue #138: Support base64 encoded salt in JdbcRealm URL: https://github.com/apache/shiro/pull/138#issuecomment-517708156 @steinarb yes, thanks! This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [shiro] steinarb commented on issue #138: Support base64 encoded salt in JdbcRealm
steinarb commented on issue #138: Support base64 encoded salt in JdbcRealm URL: https://github.com/apache/shiro/pull/138#issuecomment-517705111 @bdemers @fpapon Should I resolve the conflict and re-push? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
