This content has been marked as final.
Show 4 replies
-
1. Re: login failed, about identity manager, is there any thing I missed?
stenlylee Jan 16, 2009 5:13 AM (in response to stenlylee)I know what is the problem
the password in my database is "11"
but I forget to config the hash="none" in the password annotation
so seam can't find the MD5 password
but there is another problem
when I create a new project, and the first user I insert to the table manual
I can't know what's to input in the password field
I try to get the MD5 of "11":
MD5(11,32) = 6512bd43d9caa6e02c990b0a82652dca
MD5(11,16) = d9caa6e02c990b0a
and insert the value into the table manual(both 16 and 32 char I've tried )
it still tell me login failed -
2. Re: login failed, about identity manager, is there any thing I missed?
buckmin.erdem.agaoglu.gmail.com Jan 16, 2009 11:33 AM (in response to stenlylee)i've had the same exact problem just yesterday,
although i could not find exact cause, i managed a workaround. i was using JpaIdentityStore for both user and role but might give an idea.written a small bean that just creates a user by means of identity manager but bypassing permission checks through direct access to identitystore. then i added a control to login which creates the user, simply
#{someComponent.createUser} ---- @In Credentials credentials; @In IdentityManager identityManager; public void createUser(){ identityManager.getIdentityStore().createUser( credentials.getUsername(),credentials.getPassword(),null,null); }
users created this way are able to login while manual additions to database are not. i double checked database entries for both md5 password hashes and plain texts. there seems to be no problem at that end, but i did not check details.
-
3. Re: login failed, about identity manager, is there any thing I missed?
rave Jan 19, 2009 5:01 PM (in response to stenlylee)Maybe this helps:
Passwords are hashed by default using the user's username as the salt. This is easily overridden by extending JpaIdentityStore and overriding the getUserAccountSalt() method. Oh, and password hashes are themselves generated by a new Seam component called called PasswordHash, which is itself overridable too. So no matter what you want to do, it's customisable at every step.
[found @ http://in.relation.to/Bloggers/SeamSecurityGetsAnUpgrade] -
4. Re: login failed, about identity manager, is there any thing I missed?
twhitehead.twhiteheadjm.hotmail.com Feb 22, 2010 7:25 AM (in response to stenlylee)I see you have
identity-store="#{ldapIdentityStore}"
implying you want to authenticate agains ldap not your database.