[jira] [Commented] (ATLAS-3488) Update with Filebased auth password with ShaPasswordEncoder with salt.

Tue, 30 Jun 2020 01:15:57 -0700 


    [ 
https://issues.apache.org/jira/browse/ATLAS-3488?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17148414#comment-17148414
 ] 

yangchengkai commented on ATLAS-3488:
-------------------------------------

Hi,I got this error in logs/application.log when I run ./bin/import_hive.sh:

 

2020-06-30 15:50:24,815 DEBUG - [pool-2-thread-2:] ~ checkPasswordBCrypt() 
(UserDao:159)
2020-06-30 15:50:24,816 DEBUG - [pool-2-thread-2:] ~ checkPasswordBCrypt(): 
failed (UserDao:168)
java.lang.IllegalArgumentException: Invalid salt version
 at org.springframework.security.crypto.bcrypt.BCrypt.hashpw(BCrypt.java:556)
 at org.springframework.security.crypto.bcrypt.BCrypt.checkpw(BCrypt.java:659)
 at org.apache.atlas.web.dao.UserDao.checkPasswordBCrypt(UserDao.java:165)
 at org.apache.atlas.web.dao.UserDao.checkEncrypted(UserDao.java:144)
 at 
org.apache.atlas.web.security.AtlasFileAuthenticationProvider.authenticate(AtlasFileAuthenticationProvider.java:65)
 at 
org.apache.atlas.web.security.AtlasAuthenticationProvider.authenticate(AtlasAuthenticationProvider.java:143)
 at 
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
 at 
org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199)
 at 
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:180)
 at 
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
 at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
 at 
org.apache.atlas.web.filters.AtlasKnoxSSOAuthenticationFilter.doFilter(AtlasKnoxSSOAuthenticationFilter.java:142)
 at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
 at 
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
 at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
 at 
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
 at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
 at 
org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66)
 at 
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
 at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
 at 
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
 at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
 at 
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
 at 
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
 at 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
 at 
org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
 at 
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
 at 
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)
 at 
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
 at 
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1691)
 at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582)
 at 
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
 at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
 at 
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
 at 
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)
 at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512)
 at 
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
 at 
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)
 at 
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
 at 
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
 at org.eclipse.jetty.server.Server.handle(Server.java:534)
 at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320)
 at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
 at 
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)
 at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
 at 
org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
 at 
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)
 at 
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
 at 
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
 at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
 at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
 at java.lang.Thread.run(Thread.java:748)
2020-06-30 15:50:24,816 DEBUG - [pool-2-thread-2:] ~ 
checkPasswordSHA256WithSalt() (UserDao:177)
2020-06-30 15:50:24,816 DEBUG - [pool-2-thread-2:] ~ Cleaning stale 
transactions (StaleTransactionCleanupFilter:53)


I'm pretty sure I entry the correct name and password: admin/admin when the 
import_hive.sh ask me to do this.
I'm using atlas-release-2.1.0-rc1 from github .
Is this a bug? Or am I missing anything?
[~nixon]

> Update with Filebased auth password with ShaPasswordEncoder with salt.
> ----------------------------------------------------------------------
>
>                 Key: ATLAS-3488
>                 URL: https://issues.apache.org/jira/browse/ATLAS-3488
>             Project: Atlas
>          Issue Type: Improvement
>            Reporter: Nixon Rodrigues
>            Assignee: Nixon Rodrigues
>            Priority: Major
>             Fix For: 3.0.0
>
>         Attachments: ATLAS-3488.07.patch, ATLAS-3488.6.patch
>
>
> Current password is encoded with {{sha256 method for filebased 
> authentication.}}
>  
> {{Update the password with }}{{sha256}}{{ with salt encoding which is more 
> secured.}}
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to