Re: Can I hash my passwords
The server log file is at var/log/geronimo.log -- it's usually the best place to look for stack traces, error messages, etc. Thanks, Aaron On 4/10/06, Rohit Rai <[EMAIL PROTECTED]> wrote: > > Tried it and it did work. Sorry didn't put a mail. But another application a > bit complicated one, for the authentication and authorisation system didn't > work. It did deploy but didn't start or run. > > Where can I check the errors or problem that might have occured. > > Regards, > > Rohit
Re: Can I hash my passwords
Tried it and it did work. Sorry didn't put a mail. But another application a bit complicated one, for the authentication and authorisation system didn't work. It did deploy but didn't start or run. Where can I check the errors or problem that might have occured. Regards, Rohit
Re: Can I hash my passwords
I'm not sure what you mean by "added it to the common libraries", but you may want to just put JSTL and JSF together in your WEB-INF/lib. Thanks, Aaron On 4/9/06, Rohit Rai <[EMAIL PROTECTED]> wrote: > > Thanks Aaron, > > I went through your reply and will check it out. > Actually I am working on the second solution you said of not directly > submitting to j_security_check. > > Now another problem I am facing is, > I have made a hello world application in Java Studio Creator. Simple one > page example which should ideally run even on tomacat with JSTL installed. > I was not sure about JSTL being present in Geronimo so I downloaded and > added it to the common libraries. > > When I try to run this example it gives this error. . . > > > > type Exception report > > message > > description The server encountered an internal error () that prevented it > from fulfilling this request. > > exception javax.servlet.ServletException: Servlet execution threw an > exception > com.sun.rave.web.ui.util.UploadFilter.doFilter(UploadFilter.java:194) > > > > > > root cause java.lang.NoClassDefFoundError: > javax/servlet/jsp/jstl/core/Config > com.sun.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:123) > com.sun.rave.web.ui.appbase.faces.ViewHandlerImpl.renderView(ViewHandlerImpl.java:311) > com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:87) > com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:221) > com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:117) > javax.faces.webapp.FacesServlet.service(FacesServlet.java:198) > com.sun.rave.web.ui.util.UploadFilter.doFilter(UploadFilter.java:194) > > > > > > note The full stack trace of the root cause is available in the Apache > Tomcat/5.5.9 logs. > > > > Will appreciate any help or guidance on this > > Regards, > > Rohit > > > >
Re: Can I hash my passwords
Thanks Aaron, I went through your reply and will check it out. Actually I am working on the second solution you said of not directly submitting to j_security_check. Now another problem I am facing is, I have made a hello world application in Java Studio Creator. Simple one page example which should ideally run even on tomacat with JSTL installed. I was not sure about JSTL being present in Geronimo so I downloaded and added it to the common libraries. When I try to run this example it gives this error. . . type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception javax.servlet.ServletException: Servlet execution threw an exception com.sun.rave.web.ui.util.UploadFilter.doFilter(UploadFilter.java:194) root cause java.lang.NoClassDefFoundError: javax/servlet/jsp/jstl/core/Config com.sun.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:123) com.sun.rave.web.ui.appbase.faces.ViewHandlerImpl.renderView(ViewHandlerImpl.java:311) com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:87) com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:221) com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:117) javax.faces.webapp.FacesServlet.service(FacesServlet.java:198) com.sun.rave.web.ui.util.UploadFilter.doFilter(UploadFilter.java:194) note The full stack trace of the root cause is available in the Apache Tomcat/5.5.9 logs. Will appreciate any help or guidance on this Regards, Rohit
Re: Can I hash my passwords
On 4/7/06, Rohit Rai <[EMAIL PROTECTED]> wrote: > Thanks Aaron for the reply. > > By your reply I understand that I'll have to modify the server code itself. > But that is not possible. No, not in the server code really. You need to make a custom JAAS LoginModule, which is part of a security realm. It would work with any app server supporting JAAS (and most of them do). I was suggesting you copy one of ours to start with since that would save you 95% of the code, but you could create one from scratch if you wanted to. > Am trying to find a work around in my application code. Well, for a strictly application solution, your application could hash the password before submitting it to the security realm, and then the security realm could contain the hashed passwords, so as far as the security realm was concerned the hashed passwords would be the "real" passwords, but your application would know better. I think I can dig up an example of this if you like (IIRC it uses form based login, and the form doesn't submit to j_security_check, but instead to a servlet that hashes the password and redirects with the username and hashed password to j_security_check). > Will keep you people updated. > > Will be glad to see it as a regular feature in Geronimo. > How do I join Geronimo Jira? Go to http://issues.apache.org/jira/secure/BrowseProject.jspa?id=10220 and click the "Log In" link and I believe the screen there has a link to sign up for an account. Thanks, Aaron
Can I hash my passwords
Thanks Aaron for the reply. By your reply I understand that I'll have to modify the server code itself. But that is not possible. Am trying to find a work around in my application code. Will keep you people updated. Will be glad to see it as a regular feature in Geronimo. How do I join Geronimo Jira? Regards, Rohit-- Dream like you're never gonna die, Live like you're gonna die today!
Re: Can I hash my passwords
Yes you can... but at the moment you'd need to write a bit of code. For example, if you copy the code for org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule, you could just add a tiny bit to hash the password before comparing it to the entry in the Properties, and then use your favorite tool to add the hashed entries to the file. You could also add an "Improvement" JIRA since this is a feature we've talked about making standard a number of times, but we've never actually gotten around to it. Thanks, Aaron On 4/6/06, Rohit Rai <[EMAIL PROTECTED]> wrote: > > Hello everyone, > > another minor thing but couldn't find it anywhere on net or docs. > > Our web application saves the rgistered user passwords 'Hashed' in the > database. The hash algorithm is negotiable but the passwords ARE TO BE > HASHED. > > We want to use the standard J2EE container security. I plan to configure > Geronimo to use the standard SQL Security realm for this. Now on some other > servers I have seen support for password hash, like JBoss has > or some similar tag to define what type of hash is to be used. > > Can I acheive this some how in Geronimo??? > > Thanks in advance > > Regards, > Rohit Rai > > -- > Dream like you're never gonna die, Live like you're gonna die today!
Can I hash my passwords
Hello everyone, another minor thing but couldn't find it anywhere on net or docs. Our web application saves the rgistered user passwords 'Hashed' in the database. The hash algorithm is negotiable but the passwords ARE TO BE HASHED. We want to use the standard J2EE container security. I plan to configure Geronimo to use the standard SQL Security realm for this. Now on some other servers I have seen support for password hash, like JBoss has or some similar tag to define what type of hash is to be used. Can I acheive this some how in Geronimo??? Thanks in advance Regards, Rohit Rai-- Dream like you're never gonna die, Live like you're gonna die today!