Dear,
I met problem when I try to change Password Encryption Algorithm of
Jetspeed Portal, the version of the Jetspeed I am using is Jetspeed 2.2.2
Can you tell me the exact procedure of how to override the password
encoding algorithm?
These are the procedures I have tried, but Jetspeed doesn't change its
behavior.
1. modify security-spi.xml(webapps\jetspeed\WEB-INF\assembly)
change the constructor value from SHA-1 to MD5
<bean id="org.apache.jetspeed.security.CredentialPasswordEncoder"
class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
<meta key="j2:cat" value="default or security" />
<constructor-arg index="0">
<value>MD5</value>
</constructor-arg>
</bean>
2.modify security-spi-atn.xml(webapps\jetspeed\WEB-INF\assembly), change
the constructor value from SHA-1 to MD5
<bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
<meta key="j2:cat" value="default or security" />
<constructor-arg index="0">
<value>MD5</value>
</constructor-arg>
</bean>
3. restart jetspeed server, create a new user as admin, login as a new
user, load a portlet application that use jetspeed user manager service to
retreive the encrypted password, it seems that the newly created user's
password is still encrypted by SHA-1
4. What I really want is to override the credential password encoder
implementation to use our own encryption algorithm.
Then I try to write a new password encoding class that implements
CredentialPasswordEncoder,
(See attached file: SHA256PasswordEncoder.java)(I package the program to
jar file under webapps\jetspeed\WEB-INF\lib )
and I change the name of the class from
org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder
to my encoding class, restart the server, the encryption algorithm also
didn't change.
5.I also tried to create a xml file in the override folder to override the
bean
<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd";>
<bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
class="com.ibm.gbsc.arema.security.SHA256PasswordEncoder">
</bean>
</beans>
it also failed in changing the encoding behavior.
Can you give me some suggestions? I will be greatly appreciated of your
help, since this solution is very crucial to our project.
Best regards,
Ying Wen Zhang
GBSC
Software Engineer
GBS Solutions and Assets
isg
Office Phone: +86 10-8245-1193
Mobile: 15210895280
Email: zying...@cn.ibm.com
gbscbrandcolor
Visit:
GBS
Solution
Maps
<<inline: 18222454.jpg>>
<<inline: 18039324.gif>>
--------------------------------------------------------------------- To unsubscribe, e-mail: jetspeed-user-unsubscr...@portals.apache.org For additional commands, e-mail: jetspeed-user-h...@portals.apache.org
