Exemplo n.º 1
0
 @Test
 public void testIsHashed() {
   assertTrue(PasswordHelper.isHashed("{SSHA}foo"));
   assertTrue(PasswordHelper.isHashed("{SMD5}foo"));
   assertFalse(PasswordHelper.isHashed("{foo}bar"));
   assertFalse(PasswordHelper.isHashed("foo"));
 }
Exemplo n.º 2
0
 /**
  * 修改密码
  *
  * @param userId
  * @param newPassword
  */
 @Transactional(readOnly = false)
 public void changePassword(Integer userId, String newPassword) {
   User user = findOne(userId);
   user.setPassword(newPassword);
   passwordHelper.encryptPassword(user);
   update(user);
 }
  public void save() {
    lock.lock();

    configurationFile.getParentFile().mkdirs();

    Writer fw = null;

    try {
      // this is sort of dirty...
      String clearPass = null;

      // change the password to be encrypted
      if (configuration.getConnectionInfo() != null
          && StringUtils.isNotEmpty(configuration.getConnectionInfo().getSystemPassword())) {
        try {
          clearPass = configuration.getConnectionInfo().getSystemPassword();
          configuration.getConnectionInfo().setSystemPassword(passwordHelper.encrypt(clearPass));
        } catch (PlexusCipherException e) {
          getLogger().error("Failed to encrypt password while storing configuration file", e);
        }
      }

      fw = new OutputStreamWriter(new FileOutputStream(configurationFile));

      LdapConfigurationXpp3Writer writer = new LdapConfigurationXpp3Writer();

      writer.write(fw, configuration);

      // now reset the password
      if (configuration.getConnectionInfo() != null) {
        configuration.getConnectionInfo().setSystemPassword(clearPass);
      }

    } catch (IOException e) {
      getLogger().error("IOException while storing configuration file", e);
    } finally {
      if (fw != null) {
        try {
          fw.flush();

          fw.close();
        } catch (IOException e) {
          // just closing if open
        }
      }

      lock.unlock();
    }

    // fire clear cache event
    this.applicationEventMulticaster.notifyEventListeners(new LdapClearCacheEvent(null));
  }
Exemplo n.º 4
0
 @Test
 public void testHash() {
   String password = "******";
   String hashed;
   hashed = PasswordHelper.hashPassword(password, null);
   assertEquals(password, hashed);
   assertTrue(PasswordHelper.verifyPassword(password, hashed));
   hashed = PasswordHelper.hashPassword(password, PasswordHelper.SSHA);
   assertTrue(hashed.startsWith("{SSHA}"));
   assertTrue(PasswordHelper.verifyPassword(password, hashed));
   hashed = PasswordHelper.hashPassword(password, PasswordHelper.SMD5);
   assertTrue(hashed.startsWith("{SMD5}"));
   assertTrue(PasswordHelper.verifyPassword(password, hashed));
 }
Exemplo n.º 5
0
 @Transactional(readOnly = false)
 public User create(User user) {
   passwordHelper.encryptPassword(user);
   return systemDaos.userDao.save(user);
 }
Exemplo n.º 6
0
 /**
  * 修改密码
  *
  * @param userId
  * @param newPassword
  */
 public void changePassword(Long userId, String newPassword) {
   User user = userDao.findOne(userId);
   user.setPassword(newPassword);
   passwordHelper.encryptPassword(user);
   userDao.updateUser(user);
 }
Exemplo n.º 7
0
 /**
  * 创建用户
  *
  * @param user
  */
 public User createUser(User user) {
   // 加密密码
   passwordHelper.encryptPassword(user);
   return userDao.createUser(user);
 }
Exemplo n.º 8
0
 @Test
 public void testVerify() {
   assertTrue(PasswordHelper.verifyPassword("abcd", "abcd"));
   assertTrue(
       PasswordHelper.verifyPassword("abcd", "{SSHA}WPvqVeSt0Mr2llICYmAX9+pjtPH271eznDHvrw=="));
   assertTrue(PasswordHelper.verifyPassword("abcd", "{SMD5}/wZ7JQUARlCBq4JFHI57AfbvV7OcMe+v"));
   assertFalse(PasswordHelper.verifyPassword("1234", "abcd"));
   assertFalse(
       PasswordHelper.verifyPassword("1234", "{SSHA}WPvqVeSt0Mr2llICYmAX9+pjtPH271eznDHvrw=="));
   assertFalse(PasswordHelper.verifyPassword("1234", "{SMD5}/wZ7JQUARlCBq4JFHI57AfbvV7OcMe+v"));
   assertFalse(PasswordHelper.verifyPassword(" abcd", "abcd"));
   assertFalse(PasswordHelper.verifyPassword("abcd", "{SSHA}WPvqVeS"));
   assertFalse(PasswordHelper.verifyPassword("abcd", "{SSHA}/wZ7JQUAR"));
   assertFalse(PasswordHelper.verifyPassword("abcd", "{SSHA}WXYZ"));
   assertFalse(
       PasswordHelper.verifyPassword(
           "abcd", "{SSHA}WPvqVeSt0Mr2llICYmAX9+pjtPH271eznDHvrwfghijkl"));
   assertFalse(PasswordHelper.verifyPassword("abcd", "{SSHA}/wZ7JQUARlC*"));
 }
  private Configuration getConfiguration() {
    Reader fr = null;
    FileInputStream is = null;

    try {

      lock.lock();

      if (configuration != null) {
        return configuration;
      }

      is = new FileInputStream(configurationFile);

      LdapConfigurationXpp3Reader reader = new LdapConfigurationXpp3Reader();

      fr = new InputStreamReader(is);

      configuration = reader.read(fr);

      ValidationResponse vr = validator.validateModel(new ValidationRequest(configuration));

      if (vr.getValidationErrors().size() > 0) {
        // TODO need to code the handling of invalid config
        configuration = new Configuration();
      }

      // decrypt the password, if it fails assume the password is clear text.
      // If the password is wrong the the LDAP Realm will not work, which is no different. If the
      // user typed in the
      // password wrong.
      if (configuration.getConnectionInfo() != null
          && StringUtils.isNotEmpty(configuration.getConnectionInfo().getSystemPassword())) {
        try {
          configuration
              .getConnectionInfo()
              .setSystemPassword(
                  passwordHelper.decrypt(configuration.getConnectionInfo().getSystemPassword()));
        } catch (PlexusCipherException e) {
          this.getLogger()
              .error(
                  "Failed to decrypt password, assuming the password in file: '"
                      + configurationFile.getAbsolutePath()
                      + "' is clear text.",
                  e);
        }
      }

    } catch (FileNotFoundException e) {
      // This is ok, may not exist first time around
      configuration = this.getDefaultConfiguration();
    } catch (IOException e) {
      getLogger().error("IOException while retrieving configuration file", e);
    } catch (XmlPullParserException e) {
      getLogger().error("Invalid XML Configuration", e);
    } finally {
      if (fr != null) {
        try {
          fr.close();
        } catch (IOException e) {
          // just closing if open
        }
      }

      if (is != null) {
        try {
          is.close();
        } catch (IOException e) {
          // just closing if open
        }
      }

      lock.unlock();
    }

    return configuration;
  }