-
1. Re: Userpassword with hash doesnt seem to work
mwohlf Feb 12, 2009 12:32 PM (in response to cash1981)not sure what your pu.setPasswordHash() method is doing, probably it doesn't apply the hashing, I use identityManager to create Users and the hashing is applied to the passwd:
identityManager.createUser(
login
,passwd
,firstname
,lastname
)You can even implement Your own hash function by extending
org.jboss.seam.security.management.PasswordHash -
2. Re: Userpassword with hash doesnt seem to work
cash1981 Feb 12, 2009 1:16 PM (in response to cash1981)I didn't know I needed to manually apply hash.
This is my getter/setter
@UserPassword(hash = "md5") public String getPasswordHash() { return passwordHash; } public void setPasswordHash(String passwordHash) { this.passwordHash = passwordHash; }
The setPasswordHash isnt doing anything special, but I thought that would be done automatically for us.
Is there an annotation I can use? Or do I need to do it programatically? -
3. Re: Userpassword with hash doesnt seem to work
marcioendo.marcioendo.gmail.com Feb 12, 2009 3:41 PM (in response to cash1981)For automatic hashing to occur you have to go through the IdentityManager interface.
As Michael pointed out, you HAVE to use the IdentityManager methods to CRUD your users
identityManager.createUser("login","passwd","firstname","lastname")
If you just use the
EntityManager.persist(pu)
No hashing will occur.
-
4. Re: Userpassword with hash doesnt seem to work
cash1981 Feb 12, 2009 4:30 PM (in response to cash1981)Whatever I do, I get it wrong. I mainly have two problems.
First of all, I want to create a hash password that I can put in import.sql. However I cannot do that because IdentityManager requires for me to be logged in.So I have to change from md5 to none '@UserPassword(hash=
none
)'
When I do this, and login, then I go to my user registration form which works fine withouth using identityManager.When I try to say identityManager.createUser(...)
I get a org.jboss.seam.security.AuthorizationException: Authorization check failed for permission seam.user,createSo there is my current problem...
If you need to see the ProcessUser entity and my form and action component let me know.
-
5. Re: Userpassword with hash doesnt seem to work
cash1981 Feb 12, 2009 5:17 PM (in response to cash1981)I changed the debug levels of Seam and found out that jpaIdentityStore component is not found. I wonder why!
I have in components.xml written:<security:rule-based-permission-resolver security-rules="#{securityRules}"/> <!-- using seams jpaIdentity store --> <security:identity-manager identity-store="#{jpaIdentityStore}"/> <security:jpa-identity-store user-class="no.saksapp.model.ProcessUser" role-class="no.saksapp.model.Role"/>
Here is what log4j said:
12 Feb 09 16:58:13, DEBUG org.jboss.seam.contexts.Contexts:lookupInStatefulContexts:202 found in session context: org.jboss.seam.security.identity 12 Feb 09 16:58:13, DEBUG org.jboss.seam.Component:getValueToInject:2260 trying to inject with hierarchical context search: identityManager 12 Feb 09 16:58:13, TRACE org.jboss.seam.Component:newInstance:2079 instantiating Seam component: org.jboss.seam.security.identityManager 12 Feb 09 16:58:13, TRACE org.jboss.seam.Component:initialize:1487 initializing new instance of: org.jboss.seam.security.identityManager 12 Feb 09 16:58:13, TRACE org.jboss.seam.core.Events:raiseEvent:62 Processing event:org.jboss.seam.preSetVariable.org.jboss.seam.security.identityManager 12 Feb 09 16:58:13, TRACE org.jboss.seam.core.Events:raiseEvent:62 Processing event:org.jboss.seam.postSetVariable.org.jboss.seam.security.identityManager 12 Feb 09 16:58:13, TRACE org.jboss.seam.Component:initialize:1487 initializing new instance of: org.jboss.seam.security.identityManager 12 Feb 09 16:58:13, DEBUG org.jboss.seam.Component:getInstance:1984 seam component not found: jpaIdentityStore
-
6. Re: Userpassword with hash doesnt seem to work
marcioendo.marcioendo.gmail.com Feb 12, 2009 7:44 PM (in response to cash1981)
When I try to say identityManager.createUser(...)
I get a org.jboss.seam.security.AuthorizationException: Authorization check failed for permission seam.user,createThat is not an error and is the expected behavior.
You need to make sure the user you are logged in with an user which has that kind of permission.
You should look here for more info on that.
Another option is to hash the password yourself. As from the JpaIdentityStore source code:
PasswordHash.instance().generateSaltedHash(password, salt);
where salt is the user's username.
-
7. Re: Userpassword with hash doesnt seem to work
cash1981 Feb 13, 2009 11:44 AM (in response to cash1981)I see. So IdentityManager is using drools as rules engine?
I have thought about hashing my self with the Observer JpaIdentityStore.EVENT_PRE_PERSIST_USER.
However I would like a JpaIdentityStore.BEFORE_USER_AUTHENTICATED or something similar, so that I can convert the hash manually. But there is nothing called BEFORE_USER_AUTHENTICATED. I only find JpaIdentityStore.EVENT_USER_AUTHENTICATED. Can I use this Observer? -
8. Re: Userpassword with hash doesnt seem to work
cash1981 Feb 13, 2009 1:59 PM (in response to cash1981)Thank you Marcio. I do the hashing manually now and that worked just great!
-
9. Re: Userpassword with hash doesnt seem to work
uesker Feb 13, 2009 3:26 PM (in response to cash1981)Click HELP for text formatting instructions. Then edit this text and check the preview.
Hi!
Is There a way to run the method identityManager.createUser(...) that doesn´t required the user to be authenticated?
Thanks! -
10. Re: Userpassword with hash doesnt seem to work
marcioendo.marcioendo.gmail.com Feb 13, 2009 5:19 PM (in response to cash1981)
Is There a way to run the method identityManager.createUser(...) that doesn´t required the user to be authenticated?
Thanks!I don't think there is. You will have to extend IdentityManager and override the method so it doesn't call checkPermission(...).
And you can always create a separate component and call IdentityStore directly or bypass it entirely...
Just take a look at the IdentityManager source code.