Hello Maxim,
checked out fresh 3.3.x code and compiled it.
########################################################
# Openmeetings is up #
# 3.3.0-SNAPSHOT 5889b5beda3299418cf80ee68846ea5ce54ee9ed
2017/06/19 09:33 #
# and ready to use #
########################################################
Import backup works so far, Login ended up in "Internal Error Page".
Belonging Error in the log underneath.
DEBUG 06-19 12:00:03.155 UserDao.java 162929 642
org.apache.openmeetings.db.dao.user.UserDao
[http-nio-0.0.0.0-5080-exec-7] - login:: 1 users were found
DEBUG 06-19 12:00:03.169 CryptProvider.java 162943 36
org.apache.openmeetings.util.crypt.CryptProvider
[http-nio-0.0.0.0-5080-exec-7] - getInstanceOfCrypt::
configKeyCryptClassName:
org.apache.openmeetings.util.crypt.MD5Implementation
ERROR 06-19 12:00:03.174 CryptProvider.java 162948 40
org.apache.openmeetings.util.crypt.CryptProvider
[http-nio-0.0.0.0-5080-exec-7] - [getInstanceOfCrypt]
java.lang.ClassCastException:
org.apache.openmeetings.util.crypt.MD5Implementation cannot be cast to
org.apache.openmeetings.util.crypt.ICrypt
at
org.apache.openmeetings.util.crypt.CryptProvider.get(CryptProvider.java:38)
at
org.apache.openmeetings.db.dao.user.UserDao.verifyPassword(UserDao.java:473)
at org.apache.openmeetings.db.dao.user.UserDao.login(UserDao.java:650)
at
org.apache.openmeetings.db.dao.user.UserDao$$FastClassBySpringCGLIB$$1492ba5a.invoke(<generated>)
at
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:721)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at
org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
at
org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
at
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:656)
at
org.apache.openmeetings.db.dao.user.UserDao$$EnhancerBySpringCGLIB$$ae5af194.login(<generated>)
at
org.apache.openmeetings.web.app.WebSession.signIn(WebSession.java:336)
at
org.apache.openmeetings.web.pages.auth.SignInDialog.onSubmit(SignInDialog.java:188)
at
com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDialog$DialogFormSubmitter.onSubmit(AbstractFormDialog.java:294)
at
org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.java:1248)
at org.apache.wicket.markup.html.form.Form.process(Form.java:946)
at
org.apache.wicket.markup.html.form.StatelessForm.process(StatelessForm.java:100)
at
org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form.java:770)
at
com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDialog.internalOnClick(AbstractFormDialog.java:215)
at
com.googlecode.wicket.jquery.ui.widget.dialog.AbstractDialog$1.onClick(AbstractDialog.java:413)
at
com.googlecode.wicket.jquery.ui.widget.dialog.DialogBehavior.onAjax(DialogBehavior.java:188)
at
com.googlecode.wicket.jquery.core.ajax.JQueryAjaxBehavior.respond(JQueryAjaxBehavior.java:173)
at
org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:598)
at
org.apache.wicket.core.request.handler.ListenerRequestHandler.internalInvoke(ListenerRequestHandler.java:308)
at
org.apache.wicket.core.request.handler.ListenerRequestHandler.invoke(ListenerRequestHandler.java:282)
at
org.apache.wicket.core.request.handler.ListenerRequestHandler.invokeListener(ListenerRequestHandler.java:224)
at
org.apache.wicket.core.request.handler.ListenerRequestHandler.respond(ListenerRequestHandler.java:210)
at
org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:912)
at
org.apache.wicket.request.RequestHandlerExecutor.execute(RequestHandlerExecutor.java:65)
at
org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:283)
at
org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:253)
at
org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:221)
at
org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:70)
at
org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:204)
at
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:286)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.red5.logging.LoggerContextFilter.doFilter(LoggerContextFilter.java:84)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1441)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
ERROR 06-19 12:00:03.191 DefaultExceptionMapper.java 162965 170
org.apache.wicket.DefaultExceptionMapper [http-nio-0.0.0.0-5080-exec-7]
- Unexpected error occurred
java.lang.NullPointerException: null
at
org.apache.openmeetings.db.dao.user.UserDao.verifyPassword(UserDao.java:474)
at org.apache.openmeetings.db.dao.user.UserDao.login(UserDao.java:650)
at
org.apache.openmeetings.db.dao.user.UserDao$$FastClassBySpringCGLIB$$1492ba5a.invoke(<generated>)
at
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:721)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at
org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
at
org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
at
org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:656)
at
org.apache.openmeetings.db.dao.user.UserDao$$EnhancerBySpringCGLIB$$ae5af194.login(<generated>)
at
org.apache.openmeetings.web.app.WebSession.signIn(WebSession.java:336)
at
org.apache.openmeetings.web.pages.auth.SignInDialog.onSubmit(SignInDialog.java:188)
at
com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDialog$DialogFormSubmitter.onSubmit(AbstractFormDialog.java:294)
at
org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.java:1248)
at org.apache.wicket.markup.html.form.Form.process(Form.java:946)
at
org.apache.wicket.markup.html.form.StatelessForm.process(StatelessForm.java:100)
at
org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form.java:770)
at
com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDialog.internalOnClick(AbstractFormDialog.java:215)
at
com.googlecode.wicket.jquery.ui.widget.dialog.AbstractDialog$1.onClick(AbstractDialog.java:413)
at
com.googlecode.wicket.jquery.ui.widget.dialog.DialogBehavior.onAjax(DialogBehavior.java:188)
at
com.googlecode.wicket.jquery.core.ajax.JQueryAjaxBehavior.respond(JQueryAjaxBehavior.java:173)
at
org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:598)
at
org.apache.wicket.core.request.handler.ListenerRequestHandler.internalInvoke(ListenerRequestHandler.java:308)
at
org.apache.wicket.core.request.handler.ListenerRequestHandler.invoke(ListenerRequestHandler.java:282)
at
org.apache.wicket.core.request.handler.ListenerRequestHandler.invokeListener(ListenerRequestHandler.java:224)
at
org.apache.wicket.core.request.handler.ListenerRequestHandler.respond(ListenerRequestHandler.java:210)
at
org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:912)
at
org.apache.wicket.request.RequestHandlerExecutor.execute(RequestHandlerExecutor.java:65)
at
org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:283)
at
org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:253)
at
org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:221)
at
org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:70)
at
org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:204)
at
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:286)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.red5.logging.LoggerContextFilter.doFilter(LoggerContextFilter.java:84)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:783)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:798)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1441)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Any Ideas?
Greetings Peter
Am 17.06.2017 um 08:15 schrieb Maxim Solodovnik:
Hello Peter,
I have implemented #3
http://git-wip-us.apache.org/repos/asf/openmeetings/diff/156bcc79
The only difference: Password re-hashing is not being emailed but logged
with WARN level
Would appreciate if you can test it and let me know your thoughts :)
Build 36+ from here:
https://builds.apache.org/view/M-R/view/OpenMeetings/job/Openmeetings%203.3.x/
On Fri, Jun 16, 2017 at 2:43 PM, Maxim Solodovnik <[email protected]>
wrote:
Both external and LDAP users would not be affected
Will try to implement 3) as you have described, looks doable :)
Thanks!
On Fri, Jun 16, 2017 at 2:34 PM, Peter Dähn <[email protected]> wrote:
Hi Maxim,
We have a lot external user in our system and just a few "real" user. Am
I right that this doesn't apply to external user or does this case also be
handled?
1 and 2 wouldn't be my favorites.
I would prefer 3 and has an alternative if 3 isn't possible.
3) We hat a similar change in our system. They did it in the following
way.
- user login -> check password with sha256
- if this doesn't match check password against md5
- if this match store sha256-hash for further logins and send an
e-mail to that user "Rewrote password for security-reasons. If you didin't
login right now, inform your system-admin" or something like that.
- if both hashes doesn't match deny login.
This would be the most user-friendly way I think.
4) Alternatively one could reset all passwords and if a user try to login
with empty password one get a popup "Your password need to renewed. You got
an e-mail". The system sends an e-mail with a link to create a new password.
This are out ideas so far.
Greetings Peter
Am 14.06.2017 um 09:07 schrieb Maxim Solodovnik:
Sure, have to fix some issues
Will try to finish everything until next week-end :)
So no rush right now :)
My ideas were:
1) Add Admin function "reset all passwords" (not sure how users should be
notified on new password in this case)
2) Add Admin function: "Email all users" general email "Please reset your
passwords" will be sent to all users
3) Allow login with old password and require user to change it, possible
but seems to be tricky
Will wait for the results of your discussion :)
On Wed, Jun 14, 2017 at 2:00 PM, Peter Dähn <[email protected]> wrote:
Hi Maxim,
you are right, this point is left....
I think I try to discuss this with a colleague of mine. Maybe we get an
idea...
Back later the or most likely on Friday. I hope this is on time.
Greetings Peter
Am 14.06.2017 um 07:43 schrieb Maxim Solodovnik:
Thanks a lot Peter,
Now I'm back and ready to help :)
Would appreciate to hear any thought regarding "soft" changing of
password
hash function
On Mon, Jun 12, 2017 at 6:40 PM, Peter Dähn <[email protected]> <
[email protected]> wrote:
so.. now it is time I think...
Congratulations! I hope you had a nice wedding and a few relaxing
days...
Greetings Peter
Am 24.05.2017 um 12:03 schrieb Peter Dähn:
ok.. then good luck...
and best wishes when you are back... ;-)
Am 24.05.2017 um 11:57 schrieb Maxim Solodovnik:
Thanks :)
I'll be on vacation for the next 2 weeks, with rare access to the email
from my phone, so no rush :)
On Wed, May 24, 2017 at 4:55 PM, Peter Dähn <[email protected]> <
[email protected]> wrote:
ok.. need to think about it... ;-)
I will be back in office next week... maybe with "THE IDEA".. or maybe
not... ;-)
Greetings Peter
Am 24.05.2017 um 11:21 schrieb Maxim Solodovnik:
It is all discussible :)
3.0.7 still uses MD5CryptImplementation<https:/
/github.com/apache/openmeetings/blob/3.0.x/src/util/
java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java> <
https://github.com/apache/openmeetings/blob/3.0.x/src/util/
java/org/apache/openmeetings/util/crypt/MD5CryptImplementation.java>
which
is not secure at all :(((
We can add back SHA256Implementation<https://g
ithub.com/apache/openmeetings/blob/3.1.x/openmeeti
ngs-util/src/main/java/org/apache/openmeetings/util/
crypt/SHA256Implementation.java> <https://github.com/apache/ope
nmeetings/blob/3.1.x/openmeetings-util/src/main/java/org/apa
che/openmeetings/util/crypt/SHA256Implementation.java>
(
available since 3.1.x) for compatibility reasons, but I'm afraid there
is
no clean way to perform backup and preserve passwords .....
I thought maybe we can add "Reset All passwords" admin function, but
it is
totally insecure :(
Any ideas are appreciated :)
On Wed, May 24, 2017 at 4:15 PM, Peter Dähn <[email protected]> <
[email protected]> wrote:
Hi,
I think further investigation is not needed. I just didn't see it
before...
Is this behavior the final state? Then it will be difficult to
update my
installation (3.0.7). This also should the problem with any
installation
before 3.3.0. Isn't it?
Greetings Peter
Am 24.05.2017 um 11:07 schrieb Maxim Solodovnik:
Hello Peter,
these debug messages are OK during import (I can perform further
investigation, but I believe this is not an issue)
Current 4.0.0 contains backported code from 3.3.0 which has stronger
Password rules ...
You were unable to login after restore from backup since Password
Crypt
was
changed to the SCrypt, which is stronger than SHA512 used before
On Wed, May 24, 2017 at 3:50 PM, Peter Dähn <[email protected]> <
[email protected]> wrote:
I tried to reset the password. I got following message:
"Weak' password: at least 1 special symbol '!@#$%^&*][' is required"
Could this be the Problem? I think this shouldn't be like that,
because
there wasn't such restriction before.
Greetings Peter
Am 24.05.2017 um 10:21 schrieb Peter Dähn:
Hi Maxim,
I wanted to try out html5 video components...
While importing my backup (worked before) I got a lot of these
messages
below.
DEBUG 05-24 10:06:49.592 AuthLevelUtil.java 56867 40
org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
Login ::
[GRANTED]
DEBUG 05-24 10:06:49.601 AuthLevelUtil.java 56876 40
org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
Login ::
[DENIED]
DEBUG 05-24 10:06:49.609 AuthLevelUtil.java 56884 40
org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
Login ::
[DENIED]
DEBUG 05-24 10:06:49.615 AuthLevelUtil.java 56890 40
org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
Login ::
[DENIED]
DEBUG 05-24 10:06:49.622 AuthLevelUtil.java 56897 40
org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
Login ::
[DENIED]
DEBUG 05-24 10:06:49.629 AuthLevelUtil.java 56904 40
org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
Login ::
[DENIED]
DEBUG 05-24 10:06:49.636 AuthLevelUtil.java 56911 40
org.apache.openmeetings.db.util.AuthLevelUtil [main] - Level
Login ::
[DENIED]
I never noticed these ones before. After starting the server, I
couldn't
login with my admin user. "Username/email and/or password are
incorrect."
Any Ideas?
Greetings Peter
--
B.Sc. Peter Dähn
Virtueller Campus Rheinland-Pfalz <http://www.vcrp.de/>
Postfach 3049
67653 Kaiserslautern
Tel: 0631/205-4944
Olat <https://olat.vcrp.de/>
--
B.Sc. Peter Dähn
Virtueller Campus Rheinland-Pfalz <http://www.vcrp.de/>
Postfach 3049
67653 Kaiserslautern
Tel: 0631/205-4944
Olat <https://olat.vcrp.de/>
--
WBR
Maxim aka solomax
