Additionally, you need to first commend out the current
CredentialPasswordEncode around line 27 of security-spi-atn.xml:
<!-- MessageDigest encode passwords using SHA-1 -->
<!--
<bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
<meta key="j2:cat" value="default or security" />
<constructor-arg index="0">
<value>SHA-1</value>
</constructor-arg>
</bean>
—>
And then uncomment the replacement encoder further down in the same file. You
have two choices, I went with the backward compatibility one (line 79, not line
67:
Make sure you enter a PBE key for constructor index 0, and a timestamp (see
below) for constructor index 2:
<!-- A Two-way encoding password service which also implements
CredentialPasswordEncoder
Furthermore, this extension of the PBEPasswordService supports lazy
upgrading from an old CredentialPasswordEncoder
like the default provided MessageDigestCredentialPasswordEncoder
-->
<bean id="org.apache.jetspeed.security.PasswordEncodingService"
name="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
class="org.apache.jetspeed.security.spi.impl.AlgorithmUpgradePBEPasswordService">
<constructor-arg index="0">
<!-- secret PBE key password -->
<value>jetspeed</value>
</constructor-arg>
<constructor-arg index="1">
<!-- old MessageDigestCredentialPasswordEncoder to be upgrading from, using
SHA-1 -->
<bean
class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
<constructor-arg index="0"><value>SHA-1</value></constructor-arg>
</bean>
</constructor-arg>
<constructor-arg index="2">
<!-- startPBEPasswordEncodingService: date before which old encoded
passwords need to be recoded (on authentication)
(SimpleDateFormat) format: yyyy-MM-dd HH:mm:ss
-->
<value>2017-01-30 15:00:00</value>
</constructor-arg>
</bean>
This seems to work for me and was backward compatible (tested on 2.3.2. trunk)
> On Jan 30, 2017, at 8:00 AM, Giacomo Morri <[email protected]> wrote:
>
> Hi, i'm trying to implement a function that permit to login in jetspeed "as a
> user".
> I've tried to decode users password using the "PasswordEncodingService", but
> trying to enable it i retrieve an error in jetspeed log:
>
> "Error creating bean with name 'PortalServices' defined in ServletContext
> resource [/WEB-INF/assembly/jetspeed-services.xml]: Cannot resolve reference
> to bean 'org.apache.jetspeed.security.PasswordEncodingService' while setting
> constructor argument with key [TypedStringValue: value
> [PasswordEncodingService], target type [null]]; nested exception is
> org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean
> named 'org.apache.jetspeed.security.PasswordEncodingService' is defined"
>
> How can i enable the api PasswordEncodingService?
>
> Best regards,
> Giacomo Morri
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
