Thanks to Eric, I've logged the BaseSecurityService and find out my own mistake. The clone custom_user from turbine_user was not realy a clone of. The attribute password_value was to short;\(
But, why is there no exception in torque when I store a value which is to long? Eric Pugh <[EMAIL PROTECTED]> schrieb am 01.03.2004, 12:12:17: > Here are some example unit tests to get you started. Not sure why you are > removing the commons-codec, as that seems to generate a missing class.. > > Look at this unit test in CVS HEAD: > /src/org/apache/turbine/services/crypto/CryptoRunningInECMTest. You can > basically plagerise this test and the BaseTestCase so you start up your > version of Turbine, and verify the encryption. You can also look into using > Cactus to startup your webapp and test it. > > Also check out org.apache.turbine.modules.ActionLoaderTest.. You could > plagerise this to test out your CreateNewUserAndConfirm test as well. The > idea is to cut out all the extra cruft to get a clean/simple unit test that > helps you find the bug.. > > I know, it can take some doing to get there, but the rewards are worth it. > > Eric > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Saturday, February 28, 2004 5:02 PM > > To: Turbine Users List; [EMAIL PROTECTED] > > Subject: Re: RE: Problem with encrypted password in turbine 2.3 > > > > > > > > How can I start this unit test? I don't know what to do for this:-( > > > > I've removed the JAR commons-codec-1.1.jar from WEB-INF/lib. I could > > see, that in both cases - new user, login user - the same > > methode called > > by the action. The different is the calling of methode > > BaseSecurityService.encryptPassword twice when create user. > > > > ---------------------------------------------------------------------- > > case 1: create user > > > > 2004-02-28 16:49:28,659 [HttpProcessor[8080][4]] ERROR > > de.soltics.falconBase.modules.actions.CreateNewUserAndConfirm - > > Invokation of public void > > de.soltics.falconBase.modules.actions.CreateNewUserAndConfirm. > > doCreate(org.apache.turbine.util.RunData,org.apache.velocity.c > > ontext.Context) > > throws java.lang.Exception > > java.lang.NoClassDefFoundError: org/apache/commons/codec/base64/Base64 > > at > > org.apache.turbine.services.crypto.provider.JavaCrypt.encrypt( > > JavaCrypt.java:151) > > at > > org.apache.turbine.services.security.BaseSecurityService.encry > > ptPassword(BaseSecurityService.java:207) > > at > > org.apache.turbine.services.security.BaseSecurityService.encry > > ptPassword(BaseSecurityService.java:162) > > at > > org.apache.turbine.services.security.TurbineSecurity.encryptPa > > ssword(TurbineSecurity.java:124) > > -------------------------------------------------------------------- > > case 2: Login > > > > java.lang.NoClassDefFoundError: org/apache/commons/codec/base64/Base64 > > at > > org.apache.turbine.services.crypto.provider.JavaCrypt.encrypt( > > JavaCrypt.java:151) > > at > > org.apache.turbine.services.security.BaseSecurityService.encry > > ptPassword(BaseSecurityService.java:207) > > at > > org.apache.turbine.services.security.BaseSecurityService.check > > Password(BaseSecurityService.java:236) > > at > > org.apache.turbine.services.security.TurbineSecurity.checkPass > > word(TurbineSecurity.java:155) > > at > > de.soltics.falconBase.modules.actions.FalconBaseLogin.doPerfor > > m(FalconBaseLogin.java:97) > > > > Andreas > > > > > > > > Eric Pugh schrieb am 25.02.2004, 14:20:31: > > > I would try and write a unit test that isolates as much as > > possible just the > > > passwords, to make sure the encryption is properly working. > > There are unit > > > tests in Turbine CVS that demonstrate that encryption is > > working properly. > > > > > > Eric > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > > Sent: Wednesday, February 25, 2004 1:52 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: Problem with encrypted password in turbine 2.3 > > > > > > > > > > > > > > > > Hallo, > > > > > > > > > > > > I'm using turbine 2.3 with the Torque Security Service. > > > > I've created an extended user table, have made the changes in > > > > TR.properties, took from file > > > > http://jakarta.apache.org/turbine/turbine-2.3/services/torque- > > > > security-service.html. > > > > > > > > ----snip---- > > > > services.SecurityService.classname = > > > > org.apache.turbine.services.security.torque.TorqueSecurityService > > > > services.SecurityService.user.manager = > > > > org.apache.turbine.services.security.torque.TorqueUserManager > > > > > > > > # Class for User. Default: > > org.apache.turbine.om.security.TurbineUser > > > > services.SecurityService.user.class = > > > > de.soltics.falconBase.modules.util.ExtendedUser > > > > > > > > # This is the Peer class used to access the user peer > > > > (org.apache.turbine.services.security.torque.om.TurbineUserPeer) > > > > services.SecurityService.torque.userPeer.class = > > > > de.soltics.falconBase.om.CustomUserPeer > > > > > > > > # Class for Group. Default: > > > > org.apache.turbine.om.security.TurbineGroup > > > > #services.SecurityService.group.class=org.apache.turbine.om.se > > > > curity.TurbineGroup > > > > services.SecurityService.group.class=org.apache.turbine.servic > > > > es.security.torque.TorqueGroup > > > > > > > > # Class for Role. Default: > > org.apache.turbine.om.security.TurbineRole > > > > #services.SecurityService.role.class=org.apache.turbine.om.sec > > > > urity.TurbineRole > > > > services.SecurityService.role.class=org.apache.turbine.service > > > > s.security.torque.TorqueRole > > > > > > > > # Class for Permission. Default: > > > > org.apache.turbine.om.security.TurbinePermission > > > > #services.SecurityService.permission.class=org.apache.turbine. > > > > om.security.TurbinePermission > > > > services.SecurityService.permission.class=org.apache.turbine.s > > > > ervices.security.torque.TorquePermission > > > > > > > > # > > > > # This is the class that implements the ACL interface. > > > > # You want to override this setting only if you want your ACL > > > > # implementation to provide application specific addtional > > > > # functionality. > > > > # > > > > > > > > # Default: > > org.apache.turbine.util.security.TurbineAccessControlList > > > > services.SecurityService.acl.class = > > > > org.apache.turbine.util.security.TurbineAccessControlList > > > > > > > > ----snip---- > > > > > > > > This works fine with unsafe passwords. > > > > > > > > When I'm setting secure password to true, an new user 'll > > be created > > > > with an encrypted password. > > > > However, when I try login to my application, the > > > > TorqueUserManager.authenticate fails with an > > > > Exception. > > > > > > > > Exception: > > org.apache.turbine.util.security.PasswordMismatchException: > > > > The passwords do not match > > > > org.apache.turbine.util.security.PasswordMismatchException: The > > > > passwords do not match > > > > at > > > > org.apache.turbine.services.security.torque.TorqueUserManager. > > > > authenticate(TorqueUserManager.java:387) > > > > > > > > > > > > What is wrong? > > > > > > > > > > > > Help, Please > > > > > > > > > > > > Andreas > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
