Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » scout » DataSourceSecurityFilter
icon4.gif  DataSourceSecurityFilter [message #1065735] Thu, 27 June 2013 06:13 Go to next message
marco giudici is currently offline marco giudici
Messages: 121
Registered: February 2013
Senior Member
Hi All,
I have a little problem with DataSourceSecurityFilter.
I configured this type of filter (see below the deatils), but when start my application and insert a correct username and password on Login form, the system doesn't continue and re-submit the Login form.

In Config.ini, I insert this rows:
### Servlet Filter Runtime Configuration
org.eclipse.scout.http.servletfilter.security.BasicSecurityFilter#active=false
org.eclipse.scout.http.servletfilter.security.BasicSecurityFilter#realm=APP  Development
org.eclipse.scout.http.servletfilter.security.BasicSecurityFilter#users=admin\=admin,adminEN\=adminEN,adminIT\=adminIT,test\=test

org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#active=true
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#realm=APP Development
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#jdbcDriverName=oracle.jdbc.OracleDriver
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#jdbcMappingName=jdbc:oracle:thin:@DB:1535:DB
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#jdbcUsername=***
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#jdbcPassword=***
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#selectUserPass=SELECT USERACCOUNT FROM MYUSERTABLE WHERE LOWER(USERACCOUNT)=? AND PASSWORD=?


org.eclipse.scout.http.servletfilter.security.AnonymousSecurityFilter#active=false


In the plugin.xml, I added the follow rows:
      <service
            factory="org.eclipse.scout.rt.server.services.ServerServiceFactory"
            class="org.APP.server.services.custom.security.AccessControlService"
            session="org.APP.server.ServerSession">
      </service>

	<filter
        aliases="/process"
        class="org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter"
        ranking="40">
  	</filter>



Surely there is something that escapes me or I don't see the mistake that I made.
Someone can give me a hint or an explanation to solve this problem?

Thanks in advance for any help or explanation
Re: DataSourceSecurityFilter [message #1065741 is a reply to message #1065735] Thu, 27 June 2013 07:01 Go to previous messageGo to next message
Stephan Leicht Vogt is currently offline Stephan Leicht Vogt
Messages: 102
Registered: February 2010
Location: Baden Switzerland
Senior Member

Hi Marco

I'll look over your problem this evening.

Greetings
Stephan
Re: DataSourceSecurityFilter [message #1065766 is a reply to message #1065741] Thu, 27 June 2013 08:38 Go to previous messageGo to next message
Andreas Hoegger is currently offline Andreas Hoegger
Messages: 173
Registered: February 2010
Senior Member
Ensure your passwords are stored encrypted in the database (See: 'org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter.negotiate(HttpServletRequest, HttpServletResponse, PrincipalHolder)' and the encryptPass method in the same class). If you want to store plain passwords create your own extension of DataSourceSecurityFileter and register this subclass as filter. Override the encryptPass method with empty or what ever else content.
To get encrypted passwords the 'org.eclipse.scout.commons.Base64Utility.decode(String)' may be used from a simple main class.

Does this help to solve your issues?

-andreas
Re: DataSourceSecurityFilter [message #1065775 is a reply to message #1065766] Thu, 27 June 2013 08:52 Go to previous messageGo to next message
marco giudici is currently offline marco giudici
Messages: 121
Registered: February 2013
Senior Member
Hi Andreas,
yes, in my database password are stored encrypted with base64.
I made a double check with the method that you suggest me and they are corrected encrypted.

The default DataSource Security Filter is Ok for me, at least for the moment.

[Updated on: Thu, 27 June 2013 08:52]

Report message to a moderator

Re: DataSourceSecurityFilter [message #1065808 is a reply to message #1065775] Thu, 27 June 2013 10:32 Go to previous messageGo to next message
Andreas Hoegger is currently offline Andreas Hoegger
Messages: 173
Registered: February 2010
Senior Member
Ok that was a try. Now could you provide some more information. Do you get any exception or error? Are you able to reach a breakpoint in 'org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter.negotiate(HttpServletRequest, HttpServletResponse, PrincipalHolder) . return STATUS_CONTINUE_WITH_PRINCIPAL;'?
-andreas
Re: DataSourceSecurityFilter [message #1065900 is a reply to message #1065808] Fri, 28 June 2013 04:13 Go to previous messageGo to next message
marco giudici is currently offline marco giudici
Messages: 121
Registered: February 2013
Senior Member
Hi Andreas,
I haven't any exception or error.
But I don't understand where I can find the row that you have reported?
Can you give me an explanation about it?
Re: DataSourceSecurityFilter [message #1068136 is a reply to message #1065900] Fri, 12 July 2013 07:09 Go to previous messageGo to next message
Chris Monty is currently offline Chris Monty
Messages: 24
Registered: July 2013
Junior Member
I might be able to help you here, as I was also having some problems with DataSourceSecurityFilter. I managed to solve them by setting breakpoints in the DataSourceSecurityFilter class and looking at what being passed from the login dialog to the server and back.

You can find the DataSourceSecurityFilter.negotiate() method using the Navigate -> Open Type (or just Ctrl + Shift + T) window and typing DataSourceSecurityFilter into it.
I recommend setting breakpoints in navigate(), isValidUser() and encryptPass().

I noticed that Base64Utility.encode(EncryptionUtility.signMD5()) generates a different password digest when called within Scout, compared with running from the main method of a stand-alone java app. Not sure why, but as long as it is called from within Scout it remains consistent.
Re: DataSourceSecurityFilter [message #1068165 is a reply to message #1068136] Fri, 12 July 2013 09:38 Go to previous message
marco giudici is currently offline marco giudici
Messages: 121
Registered: February 2013
Senior Member
Thank you Chris for your suggestions, they have been very helpful.
I have found that the problem is in the encoding of the password, as you have observed.
Previous Topic:Info-Field inside a form
Next Topic:Drag and Drop TransferType issue?
Goto Forum:
  


Current Time: Wed Aug 20 04:55:10 EDT 2014

Powered by FUDForum. Page generated in 0.01854 seconds