Using Salted Hash prevents admin user from logging in.

2019-02-04 Thread marc . davenport 

Hello all,

We are migrating an application that was built on Sling 6 & Jackrabbit 
to Sling 10 & Oak. We are using Oak 1.6.8 which is the version used in 
the example sling 10 application.  We had previously built our own 
authenticators & login plugins to use CryptedSimpleCredentials and keep 
passwords encrypted in the JCR. It looks like that is now the standard 
in Oak using CredentialsImpl. I'm trying to decide if we can drop our 
custom code and just configure oak properly. I've set the 
UserConfigurationImpl.config with the following values.


passwordHashAlgorithm="PBKDF2WithHmacSHA256"
passwordHashIterations="1000"
passwordSaltSize="20"

I took the HashAlgorithm key from a comment in 
org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtil.generateHash(...)->generatePBKDF2(...). 
Stepping through the code, I can see that during 
org.apache.jackrabbit.oak.security.user.UserInitializer.Initialize(...) 
the admin user is created (:139).  The hash created for the password 
uses above mentioned methods and produces a hash with salt & iterations 
: 
{PBKDF2WithHmacSHA256}b7dab4b06ad4be41-1000-8675468f4239a321b3dc8b9989a2fae0


However, when trying to login with the admin user, it is not able to 
authenticate the user because the PasswordUtil fails to recognize the 
algorithm when calling extractAlgorithm(hashedPwd) because 
message.digest("PBKDF2WithHmacSHA256") is invalid.


I have not been able to find any other people looking for help with this 
topic, which leads me to believe that maybe I have a fundamental 
misunderstanding that I can't see.  Any and all help would be appreciated.


Regards,
Marc

AUTO: Gaetano Bordin è assente dall'ufficio

2019-02-04 Thread Gaetano Bordin 


I am out of the office from Mon 2019/01/28 until Wed 2019/02/13.




Note: This is an automated response to your message  "Removing very big
node" sent on 28/01/2019 09:55:07.

This is the only notification you will receive while this person is away.

oak-run server support for Oak-Segment-Tar-DS

2019-02-04 Thread Ruben Reusser 

hi

in [1] the readme.md lists a fixture Oak-Segment-Tar-DS for the server 
command. However, this does not work (throws an exception [2]) due to 
the option missing from [3]. Is this option still supported or should it 
be removed from the documentation?


[1] 
https://github.com/apache/jackrabbit-oak/blob/trunk/oak-run/README.md#oak-server-mode
[2] java -jar target\oak-run-1.12-SNAPSHOT.jar server 
http://localhost:8080 Oak-Segment-Tar-DS

Apache Jackrabbit Oak 1.12-SNAPSHOT
Exception in thread "main" java.lang.IllegalArgumentException: 
Unsupported repository setup Oak-Segment-Tar-DS
    at 
org.apache.jackrabbit.oak.run.ServerCommand.execute(ServerCommand.java:130)

    at org.apache.jackrabbit.oak.run.Main.main(Main.java:49)

[3] 
https://github.com/apache/jackrabbit-oak/blob/29f3393341c30aa44d976d998e5613afb6398a23/oak-run/src/main/java/org/apache/jackrabbit/oak/run/ServerCommand.java#L98-L131