PasswordPlaceholderConfigurer#encrypt will get right password.

from PasswordPlaceholderConfigure#resolvePlaceholder you can see any
placeholder with 'password' need encrypt.

On Wed, Feb 3, 2016 at 10:01 PM, Wu XIANG <[email protected]> wrote:

> thanks jian,
>
>   I managed to integrate LDAP by invoke "PasswordPlaceholderConfigurer#
> encrypt" to encrypt my passwords. I'm not sure if it's the correct way.
>
>   If encryption is needed, is it possible to expose "
> PasswordPlaceholderConfigurer#encrypt" as a CLI tool or just make "
> PasswordPlaceholderConfigurer#key" configurable ?
>
> thanks
> wu
>
>
> On Wed, Feb 3, 2016 at 8:38 PM, Jian Zhong <[email protected]> wrote:
>
>> Will update to doc,thank you
>>
>>
>> On Wednesday, February 3, 2016, Jian Zhong <[email protected]>
>> wrote:
>>
>>> Yes, encrypted is required.
>>>
>>>
>>>
>>> On Wednesday, February 3, 2016, Wu XIANG <[email protected]> wrote:
>>>
>>>> Hi all,
>>>>
>>>>    I'm configuring LDAP integration for Kylin. However, I got the
>>>> following error when I start Kylin server:
>>>>
>>>> *"Invalid bean definition with name 'ldapSource' defined in class path
>>>> resource [kylinSecurity.xml]: Input length must be multiple of 16 when
>>>> decrypting with padded cipher"*
>>>>
>>>>    After a little bit of digging, I found this was due to "
>>>> *PasswordPlaceholderConfigurer*", which tries to decrypt passwords in
>>>> kylin.properties file. Does this mean passwords like "ldap.password"
>>>> in kylin.properties should be encrypted ? If so, I hope it's documented in
>>>> tutorial.
>>>>
>>>>   // PasswordPlaceholderConfigurer.java:Line71
>>>>
>>>> protected String resolvePlaceholder(String placeholder, Properties
>>>> props) {
>>>>
>>>>   if (placeholder.toLowerCase().contains("password")) {
>>>>
>>>>       return decrypt(props.getProperty(placeholder));
>>>>
>>>>   } else {
>>>>
>>>>       return props.getProperty(placeholder);
>>>>
>>>>   }
>>>>
>>>> }
>>>>
>>>>
>>>> p.s.
>>>>
>>>> Kylin Branch: v1.2-release
>>>>
>>>>
>>>> thanks
>>>> *wu*
>>>>
>>>
>
>
> --
>
> *wu*
>

Reply via email to