I would try and write a unit test that isolates as much as possible just the passwords, to make sure the encryption is properly working. There are unit tests in Turbine CVS that demonstrate that encryption is working properly.
Eric > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 25, 2004 1:52 PM > To: [EMAIL PROTECTED] > Subject: Problem with encrypted password in turbine 2.3 > > > > Hallo, > > > I'm using turbine 2.3 with the Torque Security Service. > I've created an extended user table, have made the changes in > TR.properties, took from file > http://jakarta.apache.org/turbine/turbine-2.3/services/torque- > security-service.html. > > ----snip---- > services.SecurityService.classname = > org.apache.turbine.services.security.torque.TorqueSecurityService > services.SecurityService.user.manager = > org.apache.turbine.services.security.torque.TorqueUserManager > > # Class for User. Default: org.apache.turbine.om.security.TurbineUser > services.SecurityService.user.class = > de.soltics.falconBase.modules.util.ExtendedUser > > # This is the Peer class used to access the user peer > (org.apache.turbine.services.security.torque.om.TurbineUserPeer) > services.SecurityService.torque.userPeer.class = > de.soltics.falconBase.om.CustomUserPeer > > # Class for Group. Default: > org.apache.turbine.om.security.TurbineGroup > #services.SecurityService.group.class=org.apache.turbine.om.se > curity.TurbineGroup > services.SecurityService.group.class=org.apache.turbine.servic > es.security.torque.TorqueGroup > > # Class for Role. Default: org.apache.turbine.om.security.TurbineRole > #services.SecurityService.role.class=org.apache.turbine.om.sec > urity.TurbineRole > services.SecurityService.role.class=org.apache.turbine.service > s.security.torque.TorqueRole > > # Class for Permission. Default: > org.apache.turbine.om.security.TurbinePermission > #services.SecurityService.permission.class=org.apache.turbine. > om.security.TurbinePermission > services.SecurityService.permission.class=org.apache.turbine.s > ervices.security.torque.TorquePermission > > # > # This is the class that implements the ACL interface. > # You want to override this setting only if you want your ACL > # implementation to provide application specific addtional > # functionality. > # > > # Default: org.apache.turbine.util.security.TurbineAccessControlList > services.SecurityService.acl.class = > org.apache.turbine.util.security.TurbineAccessControlList > > ----snip---- > > This works fine with unsafe passwords. > > When I'm setting secure password to true, an new user 'll be created > with an encrypted password. > However, when I try login to my application, the > TorqueUserManager.authenticate fails with an > Exception. > > Exception: org.apache.turbine.util.security.PasswordMismatchException: > The passwords do not match > org.apache.turbine.util.security.PasswordMismatchException: The > passwords do not match > at > org.apache.turbine.services.security.torque.TorqueUserManager. > authenticate(TorqueUserManager.java:387) > > > What is wrong? > > > Help, Please > > > Andreas > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
