[jira] [Updated] (SHIRO-471) shiro-core tests jar is needed by shiro-web
[ https://issues.apache.org/jira/browse/SHIRO-471?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated SHIRO-471: -- Attachment: shiro-471.patch Patch submitted. Looks like it got commented out accidentally when commenting out the maven bundle plugin. Colm. shiro-core tests jar is needed by shiro-web --- Key: SHIRO-471 URL: https://issues.apache.org/jira/browse/SHIRO-471 Project: Shiro Issue Type: Bug Reporter: Erik Martino Hansen Attachments: shiro-471.patch But packaging is commented out in core/pom.xml Index: core/pom.xml === --- core/pom.xml (revision 1545287) +++ core/pom.xml (working copy) @@ -34,7 +34,7 @@ build plugins !-- collect the test classes so they can be referenced by other modules -- -!-- plugin +plugin groupIdorg.apache.maven.plugins/groupId artifactIdmaven-jar-plugin/artifactId executions @@ -44,7 +44,7 @@ /goals /execution /executions -/plugin -- +/plugin !-- plugin groupIdorg.apache.felix/groupId artifactIdmaven-bundle-plugin/artifactId -- This message was sent by Atlassian JIRA (v6.1.4#6159)
[jira] [Updated] (SHIRO-445) Mechanism needed to secure passwords in shiro.ini
[ https://issues.apache.org/jira/browse/SHIRO-445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Richard J. Barbalace updated SHIRO-445: --- Attachment: mypatch2.txt Please see the updated mypatch2.txt. This is an improvement over the original submission. Mechanism needed to secure passwords in shiro.ini - Key: SHIRO-445 URL: https://issues.apache.org/jira/browse/SHIRO-445 Project: Shiro Issue Type: New Feature Components: Authentication (log-in), Specification API Affects Versions: 1.2.2 Environment: Any. Reporter: Richard J. Barbalace Fix For: 1.2.3 Attachments: mypatch.txt, mypatch2.txt Original Estimate: 24h Remaining Estimate: 24h There should be a mechanism to secure passwords stored in shiro.ini for accessing databases or other data sources, as described in this Shiro user forum post: http://shiro-user.582556.n2.nabble.com/How-to-secure-database-password-in-shiro-ini-td7578763.html A flexible and extensible approach should allow for passwords to be stored in other INI or properties files, JNDI resources, databases, key stores, key servers, or other data sources. Passwords might be encrypted using a master key, which could likewise be stored in various data sources. I already have an initial patch prepared that allows for passwords to be stored (plaintext or encrypted with a master key) in other INI files, similar to a shadow password file. This can be further extended to use other data sources as needs arise. -- This message was sent by Atlassian JIRA (v6.1.4#6159)
[jira] [Commented] (SHIRO-445) Mechanism needed to secure passwords in shiro.ini
[ https://issues.apache.org/jira/browse/SHIRO-445?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13847971#comment-13847971 ] Richard J. Barbalace commented on SHIRO-445: The new patch addresses the issue described here: shiro-user.582556.n2.nabble.com/Best-practice-for-managing-different-shiro-ini-files-for-different-environment-td7579099.html I have been using this patch for a couple months now in production. (For the submission, I had to change the logging in IniFactory.java to match that used in Shiro, but that is all.) The two packages included in this patch allow the inclusion of data from a separate INI file (or other data source) aside from shiro.ini. The details and use cases are described in the package-info.java files. The org.apache.shiro.config.external package can be used to allow configuration settings to be read into shiro.ini from a separate config.ini file (which is useful for server configurations when you want to check shiro.ini into version control, but have per-server customizations) and the org.apache.shiro.config.password package allows for the encryption of such plain text configuration. This patch should be able to be incorporated into the Shiro project with minimal change. (As noted in a previous comment, some @override statements might be dropped depending on the Java version used.) Also, see the TODO note around lines 144-150 of IniFactory.java. Mechanism needed to secure passwords in shiro.ini - Key: SHIRO-445 URL: https://issues.apache.org/jira/browse/SHIRO-445 Project: Shiro Issue Type: New Feature Components: Authentication (log-in), Specification API Affects Versions: 1.2.2 Environment: Any. Reporter: Richard J. Barbalace Fix For: 1.2.3 Attachments: mypatch.txt, mypatch2.txt Original Estimate: 24h Remaining Estimate: 24h There should be a mechanism to secure passwords stored in shiro.ini for accessing databases or other data sources, as described in this Shiro user forum post: http://shiro-user.582556.n2.nabble.com/How-to-secure-database-password-in-shiro-ini-td7578763.html A flexible and extensible approach should allow for passwords to be stored in other INI or properties files, JNDI resources, databases, key stores, key servers, or other data sources. Passwords might be encrypted using a master key, which could likewise be stored in various data sources. I already have an initial patch prepared that allows for passwords to be stored (plaintext or encrypted with a master key) in other INI files, similar to a shadow password file. This can be further extended to use other data sources as needs arise. -- This message was sent by Atlassian JIRA (v6.1.4#6159)
