This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to annotated tag org.apache.sling.jcr.jackrabbit.usermanager-2.2.2 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-jackrabbit-usermanager.git
commit b8a913af776bc3dd45b86a752c89b90262e0ccbf Author: Eric Norman <[email protected]> AuthorDate: Wed Nov 30 03:05:52 2011 +0000 SLING-2308 Remove user password digesting from sling git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/jackrabbit-usermanager@1208229 13f79535-47bb-0310-9956-ffa450edef68 --- .../impl/post/AbstractUserPostServlet.java | 65 +--------------------- .../impl/post/ChangeUserPasswordServlet.java | 2 +- .../usermanager/impl/post/CreateUserServlet.java | 2 +- 3 files changed, 5 insertions(+), 64 deletions(-) diff --git a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/AbstractUserPostServlet.java b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/AbstractUserPostServlet.java index c3e188e..8d0d1e2 100644 --- a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/AbstractUserPostServlet.java +++ b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/AbstractUserPostServlet.java @@ -16,12 +16,7 @@ */ package org.apache.sling.jackrabbit.usermanager.impl.post; -import java.io.UnsupportedEncodingException; -import java.security.NoSuchAlgorithmException; -import java.util.Dictionary; - import org.apache.felix.scr.annotations.Component; -import org.apache.jackrabbit.util.Text; import org.osgi.service.component.ComponentContext; /** @@ -30,70 +25,16 @@ import org.osgi.service.component.ComponentContext; @Component (componentAbstract=true) public abstract class AbstractUserPostServlet extends AbstractAuthorizablePostServlet { - private static final long serialVersionUID = -8401210711297654453L; - - /** - * To be used for the encryption. E.g. for passwords in - * {@link javax.jcr.SimpleCredentials#getPassword()} SimpleCredentials} - * - * @scr.property valueRef="DEFAULT_PASSWORD_DIGEST_ALGORITHM" - */ - private static final String PROP_PASSWORD_DIGEST_ALGORITHM = "password.digest.algorithm"; - - private static final String DEFAULT_PASSWORD_DIGEST_ALGORITHM = "sha1"; - private String passwordDigestAlgoritm = null; + private static final long serialVersionUID = 8292047684552692610L; - // ---------- SCR Integration ---------------------------------------------- + // ---------- SCR Integration ---------------------------------------------- - protected void activate(ComponentContext context) { + protected void activate(ComponentContext context) { super.activate(context); - - Dictionary<?, ?> props = context.getProperties(); - - Object propValue = props.get(PROP_PASSWORD_DIGEST_ALGORITHM); - if (propValue instanceof String) { - passwordDigestAlgoritm = (String) propValue; - } else { - passwordDigestAlgoritm = DEFAULT_PASSWORD_DIGEST_ALGORITHM; - } } protected void deactivate(ComponentContext context) { super.deactivate(context); - passwordDigestAlgoritm = null; } - - /** - * Digest the given password using the configured digest algorithm - * - * @param pwd the value to digest - * @return the digested value - * @throws IllegalArgumentException - */ - protected String digestPassword(String pwd) throws IllegalArgumentException { - return digestPassword(pwd, passwordDigestAlgoritm); - } - - /** - * Digest the given password using the given digest algorithm - * - * @param pwd the value to digest - * @param digest the digest algorithm to use for digesting - * @return the digested value - * @throws IllegalArgumentException - */ - protected String digestPassword(String pwd, String digest) throws IllegalArgumentException { - try { - StringBuffer password = new StringBuffer(); - password.append("{").append(digest).append("}"); - password.append(Text.digest(digest, pwd.getBytes("UTF-8"))); - return password.toString(); - } catch (NoSuchAlgorithmException e) { - throw new IllegalArgumentException(e.toString()); - } catch (UnsupportedEncodingException e) { - throw new IllegalArgumentException(e.toString()); - } - } - } diff --git a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/ChangeUserPasswordServlet.java b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/ChangeUserPasswordServlet.java index 3b473c0..1f18201 100644 --- a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/ChangeUserPasswordServlet.java +++ b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/ChangeUserPasswordServlet.java @@ -233,7 +233,7 @@ public class ChangeUserPasswordServlet extends AbstractUserPostServlet implement } try { - ((User) authorizable).changePassword(digestPassword(newPassword)); + ((User) authorizable).changePassword(newPassword); String userPath = AuthorizableResourceProvider.SYSTEM_USER_MANAGER_GROUP_PREFIX + user.getID(); diff --git a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java index c7abaf6..638bcbd 100644 --- a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java +++ b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java @@ -293,7 +293,7 @@ public class CreateUserServlet extends AbstractUserPostServlet implements Create "A principal already exists with the requested name: " + name); } else { - user = userManager.createUser(name, digestPassword(password)); + user = userManager.createUser(name, password); String userPath = AuthorizableResourceProvider.SYSTEM_USER_MANAGER_USER_PREFIX + user.getID(); -- To stop receiving notification emails like this one, please contact "[email protected]" <[email protected]>.
