Can you try overriding two beans with your class (*SHA256PasswordEncoder)
as follows. You can do this in a 'override' new xml file placed in
overrides directory, you don't actually have to edit security-spi.xml and
security-spi-atn.xml*....
1. security-spi.xml
<bean id="org.apache.jetspeed.security.CredentialPasswordEncoder"
class="com.ibm.gbsc.arema.security.">
<meta key="j2:cat" value="default or security.SHA256PasswordEncoder" />
</bean>
2. security-spi-atn.xml
<!-- MessageDigest encode passwords using SHA-1 -->
<bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
class="com.ibm.gbsc.arema.security.SHA256PasswordEncoder">
<meta key="j2:cat" value="default or security" />
</bean>
And then restart and see if that works.
On Tue, Jul 9, 2013 at 6:47 AM, Ying Wen Z Zhang <[email protected]>wrote:
> Dear,
>
> I met problem when I try to change Password Encryption Algorithm of
> Jetspeed Portal, the version of the Jetspeed I am using is Jetspeed 2.2.2
>
> Can you tell me the exact procedure of how to override the password
> encoding algorithm?
>
> These are the procedures I have tried, but Jetspeed doesn't change its
> behavior.
>
> 1. modify security-spi.xml(webapps\jetspeed\WEB-INF\assembly)
> change the constructor value from SHA-1 to MD5
>
> <bean id="org.apache.jetspeed.security.CredentialPasswordEncoder"
>
> class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
> <meta key="j2:cat" value="default or security" />
> <constructor-arg index="0">
> <value>MD5</value>
> </constructor-arg>
> </bean>
> 2.modify security-spi-atn.xml(webapps\jetspeed\WEB-INF\assembly), change
> the constructor value from SHA-1 to MD5
> <bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
>
> class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
> <meta key="j2:cat" value="default or security" />
> <constructor-arg index="0">
> <value>MD5</value>
> </constructor-arg>
> </bean>
>
> 3. restart jetspeed server, create a new user as admin, login as a new
> user, load a portlet application that use jetspeed user manager service to
> retreive the encrypted password, it seems that the newly created user's
> password is still encrypted by SHA-1
>
> 4. What I really want is to override the credential password encoder
> implementation to use our own encryption algorithm.
>
> Then I try to write a new password encoding class that implements
> CredentialPasswordEncoder,
> *(See attached file: SHA256PasswordEncoder.java)*(I package the program
> to jar file under webapps\jetspeed\WEB-INF\lib )
> and I change the name of the class from
> org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder
> to my encoding class, restart the server, the encryption algorithm also
> didn't change.
>
> 5.I also tried to create a xml file in the override folder to override the
> bean
>
> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-2.5.xsd";>
> <bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
> class="com.ibm.gbsc.arema.security.SHA256PasswordEncoder">
>
> </bean>
> </beans>
>
> it also failed in changing the encoding behavior.
>
> Can you give me some suggestions? I will be greatly appreciated of your
> help, since this solution is very crucial to our project.
>
>
> Best regards,
>
> *Ying Wen Zhang*
> GBSC
> Software Engineer*GBS Solutions and
> Assets*<http://w3.ibm.com/ibm/resource/gbs_solutions.html>
> [image:
> isg]<https://w3-03.sso.ibm.com/services/practitionerportal/assethub/production/sacindex.jsp?&source=signature>
> Office Phone: +86 10-8245-1193
> Mobile: 15210895280
> Email: [email protected][image: gbscbrandcolor]
> Visit: GBS Solution
> Maps<http://w3.ibm.com/ibm/resource/gbs_industry_solution_maps.html>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
--
David
