]
Marek Novotny closed JBSEAM-3942.
---------------------------------
closing as cleanup
LdapIdentityStore should crypt password
---------------------------------------
Key: JBSEAM-3942
URL:
https://issues.jboss.org/browse/JBSEAM-3942
Project: Seam 2
Issue Type: Feature Request
Components: Security
Affects Versions: 2.1.0.SP1, 2.1.1.CR1, 2.1.1.CR2, 2.1.1.GA
Reporter: Raimund Hölle
Assignee: Shane Bryzak
Priority: Minor
LdapIdentityStore.changePassword() stores the new password always as plain text in the
LDAP database.
To allow crypted passwords, i suggest the following modifications (currently tested only
with OpenLDAP, MS AD may need encoding "UTF16-EL"):
New bean properties (along with getter / setter):
private String passwordCryptAlgorithm = ""; // Default: plain text as
previous releases, set it to "SHA", "MD5", ... in components.xml (see
java.security.MessageDigest)
private String passwordEncoding = "UTF-8"; // Needed only if
algorithm != ""
Extend changePassword() by one additional line:
public boolean changePassword(String name, String password)
{
InitialLdapContext ctx = null;
try
{
ctx = initialiseContext();
// crypt password if not already done
password = cryptPwIfNeeded(password);
BasicAttribute passwordAttrib = new BasicAttribute(getUserPasswordAttribute(),
password);
New Helpers method:
private Pattern cryptedPwRegexp = Pattern.compile("^[{].+[}].+");
private String cryptPwIfNeeded(String password) {
// only crypt if requested by algorithm and not already done!
if (getPasswordCryptAlgorithm() != null
&& ! getPasswordCryptAlgorithm().equals("")
&& ! cryptedPwRegexp.matcher(password).matches()) {
try {
MessageDigest md;
md = MessageDigest.getInstance(getPasswordCryptAlgorithm());
md.reset();
md.update(password.getBytes(getPasswordEncoding()));
byte[] result = md.digest();
password = "{" + getPasswordCryptAlgorithm() + "}" + (new
BASE64Encoder()).encode(result);
} catch ( NoSuchAlgorithmException e ) {
throw new IdentityManagementException(
"Configuration problem - can not crypt password with algorithm
" + getPasswordCryptAlgorithm(), e);
} catch ( UnsupportedEncodingException e ) {
throw new IdentityManagementException(
"Configuration problem - can not encode password with " +
getPasswordEncoding(), e);
}
}
return password;
}
Many regards, Raimund
--
This message is automatically generated by JIRA.
For more information on JIRA, see: