Not sure on the torque, maybe a question to ask on the torque mailing list? I know with Hibernate that the same type of problem exists.. insert a 256 characters string into a 10 character field and you only get the first 10! Maybe a jdbc/database thing to just truncate?
ERic > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 02, 2004 3:42 PM > To: Turbine Users List; [EMAIL PROTECTED] > Subject: Re: RE: RE: Problem with encrypted password in turbine 2.3 > > > > Thanks to Eric, I've logged the BaseSecurityService and find > out my own > mistake. The clone custom_user from turbine_user was not realy a clone > of. The attribute password_value was to short;\( > > But, why is there no exception in torque when I store a value which is > to long? > > Eric Pugh <[EMAIL PROTECTED]> schrieb am 01.03.2004, 12:12:17: > > Here are some example unit tests to get you started. Not > sure why you are > > removing the commons-codec, as that seems to generate a > missing class.. > > > > Look at this unit test in CVS HEAD: > > > /src/org/apache/turbine/services/crypto/CryptoRunningInECMTest > . You can > > basically plagerise this test and the BaseTestCase so you > start up your > > version of Turbine, and verify the encryption. You can > also look into using > > Cactus to startup your webapp and test it. > > > > Also check out > org.apache.turbine.modules.ActionLoaderTest.. You could > > plagerise this to test out your CreateNewUserAndConfirm > test as well. The > > idea is to cut out all the extra cruft to get a > clean/simple unit test that > > helps you find the bug.. > > > > I know, it can take some doing to get there, but the > rewards are worth it. > > > > Eric > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > Sent: Saturday, February 28, 2004 5:02 PM > > > To: Turbine Users List; [EMAIL PROTECTED] > > > Subject: Re: RE: Problem with encrypted password in turbine 2.3 > > > > > > > > > > > > How can I start this unit test? I don't know what to do > for this:-( > > > > > > I've removed the JAR commons-codec-1.1.jar from > WEB-INF/lib. I could > > > see, that in both cases - new user, login user - the same > > > methode called > > > by the action. The different is the calling of methode > > > BaseSecurityService.encryptPassword twice when create user. > > > > > > > ---------------------------------------------------------------------- > > > case 1: create user > > > > > > 2004-02-28 16:49:28,659 [HttpProcessor[8080][4]] ERROR > > > de.soltics.falconBase.modules.actions.CreateNewUserAndConfirm - > > > Invokation of public void > > > de.soltics.falconBase.modules.actions.CreateNewUserAndConfirm. > > > doCreate(org.apache.turbine.util.RunData,org.apache.velocity.c > > > ontext.Context) > > > throws java.lang.Exception > > > java.lang.NoClassDefFoundError: > org/apache/commons/codec/base64/Base64 > > > at > > > org.apache.turbine.services.crypto.provider.JavaCrypt.encrypt( > > > JavaCrypt.java:151) > > > at > > > org.apache.turbine.services.security.BaseSecurityService.encry > > > ptPassword(BaseSecurityService.java:207) > > > at > > > org.apache.turbine.services.security.BaseSecurityService.encry > > > ptPassword(BaseSecurityService.java:162) > > > at > > > org.apache.turbine.services.security.TurbineSecurity.encryptPa > > > ssword(TurbineSecurity.java:124) > > > > -------------------------------------------------------------------- > > > case 2: Login > > > > > > java.lang.NoClassDefFoundError: > org/apache/commons/codec/base64/Base64 > > > at > > > org.apache.turbine.services.crypto.provider.JavaCrypt.encrypt( > > > JavaCrypt.java:151) > > > at > > > org.apache.turbine.services.security.BaseSecurityService.encry > > > ptPassword(BaseSecurityService.java:207) > > > at > > > org.apache.turbine.services.security.BaseSecurityService.check > > > Password(BaseSecurityService.java:236) > > > at > > > org.apache.turbine.services.security.TurbineSecurity.checkPass > > > word(TurbineSecurity.java:155) > > > at > > > de.soltics.falconBase.modules.actions.FalconBaseLogin.doPerfor > > > m(FalconBaseLogin.java:97) > > > > > > Andreas > > > > > > > > > > > > Eric Pugh schrieb am 25.02.2004, 14:20:31: > > > > I would try and write a unit test that isolates as much as > > > possible just the > > > > passwords, to make sure the encryption is properly working. > > > There are unit > > > > tests in Turbine CVS that demonstrate that encryption is > > > working properly. > > > > > > > > Eric > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > > > Sent: Wednesday, February 25, 2004 1:52 PM > > > > > To: [EMAIL PROTECTED] > > > > > Subject: Problem with encrypted password in turbine 2.3 > > > > > > > > > > > > > > > > > > > > Hallo, > > > > > > > > > > > > > > > I'm using turbine 2.3 with the Torque Security Service. > > > > > I've created an extended user table, have made the changes in > > > > > TR.properties, took from file > > > > > http://jakarta.apache.org/turbine/turbine-2.3/services/torque- > > > > > security-service.html. > > > > > > > > > > ----snip---- > > > > > services.SecurityService.classname = > > > > > > org.apache.turbine.services.security.torque.TorqueSecurityService > > > > > services.SecurityService.user.manager = > > > > > org.apache.turbine.services.security.torque.TorqueUserManager > > > > > > > > > > # Class for User. Default: > > > org.apache.turbine.om.security.TurbineUser > > > > > services.SecurityService.user.class = > > > > > de.soltics.falconBase.modules.util.ExtendedUser > > > > > > > > > > # This is the Peer class used to access the user peer > > > > > > (org.apache.turbine.services.security.torque.om.TurbineUserPeer) > > > > > services.SecurityService.torque.userPeer.class = > > > > > de.soltics.falconBase.om.CustomUserPeer > > > > > > > > > > # Class for Group. Default: > > > > > org.apache.turbine.om.security.TurbineGroup > > > > > #services.SecurityService.group.class=org.apache.turbine.om.se > > > > > curity.TurbineGroup > > > > > services.SecurityService.group.class=org.apache.turbine.servic > > > > > es.security.torque.TorqueGroup > > > > > > > > > > # Class for Role. Default: > > > org.apache.turbine.om.security.TurbineRole > > > > > #services.SecurityService.role.class=org.apache.turbine.om.sec > > > > > urity.TurbineRole > > > > > services.SecurityService.role.class=org.apache.turbine.service > > > > > s.security.torque.TorqueRole > > > > > > > > > > # Class for Permission. Default: > > > > > org.apache.turbine.om.security.TurbinePermission > > > > > #services.SecurityService.permission.class=org.apache.turbine. > > > > > om.security.TurbinePermission > > > > > services.SecurityService.permission.class=org.apache.turbine.s > > > > > ervices.security.torque.TorquePermission > > > > > > > > > > # > > > > > # This is the class that implements the ACL interface. > > > > > # You want to override this setting only if you want your ACL > > > > > # implementation to provide application specific addtional > > > > > # functionality. > > > > > # > > > > > > > > > > # Default: > > > org.apache.turbine.util.security.TurbineAccessControlList > > > > > services.SecurityService.acl.class = > > > > > org.apache.turbine.util.security.TurbineAccessControlList > > > > > > > > > > ----snip---- > > > > > > > > > > This works fine with unsafe passwords. > > > > > > > > > > When I'm setting secure password to true, an new user 'll > > > be created > > > > > with an encrypted password. > > > > > However, when I try login to my application, the > > > > > TorqueUserManager.authenticate fails with an > > > > > Exception. > > > > > > > > > > Exception: > > > org.apache.turbine.util.security.PasswordMismatchException: > > > > > The passwords do not match > > > > > > org.apache.turbine.util.security.PasswordMismatchException: The > > > > > passwords do not match > > > > > at > > > > > org.apache.turbine.services.security.torque.TorqueUserManager. > > > > > authenticate(TorqueUserManager.java:387) > > > > > > > > > > > > > > > What is wrong? > > > > > > > > > > > > > > > Help, Please > > > > > > > > > > > > > > > Andreas > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: > > > [EMAIL PROTECTED] > > > > > For additional commands, e-mail: > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > > For additional commands, e-mail: > > > [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
