Skip to main content


Eclipse Community Forums

      Home
Home » Eclipse Projects » Eclipse Scout » DataSourceSecurityFilter
icon4.gif  DataSourceSecurityFilter [message #1065735] Thu, 27 June 2013 06:13 Go to next message
Eclipse UserFriend
Hi All,
I have a little problem with DataSourceSecurityFilter.
I configured this type of filter (see below the deatils), but when start my application and insert a correct username and password on Login form, the system doesn't continue and re-submit the Login form.

In Config.ini, I insert this rows:
### Servlet Filter Runtime Configuration
org.eclipse.scout.http.servletfilter.security.BasicSecurityFilter#active=false
org.eclipse.scout.http.servletfilter.security.BasicSecurityFilter#realm=APP  Development
org.eclipse.scout.http.servletfilter.security.BasicSecurityFilter#users=admin\=admin,adminEN\=adminEN,adminIT\=adminIT,test\=test

org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#active=true
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#realm=APP Development
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#jdbcDriverName=oracle.jdbc.OracleDriver
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#jdbcMappingName=jdbc:oracle:thin:@DB:1535:DB
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#jdbcUsername=***
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#jdbcPassword=***
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#selectUserPass=SELECT USERACCOUNT FROM MYUSERTABLE WHERE LOWER(USERACCOUNT)=? AND PASSWORD=?


org.eclipse.scout.http.servletfilter.security.AnonymousSecurityFilter#active=false


In the plugin.xml, I added the follow rows:
      <service
            factory="org.eclipse.scout.rt.server.services.ServerServiceFactory"
            class="org.APP.server.services.custom.security.AccessControlService"
            session="org.APP.server.ServerSession">
      </service>


	<filter
        aliases="/process"
        class="org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter"
        ranking="40">
  	</filter>


Surely there is something that escapes me or I don't see the mistake that I made.
Someone can give me a hint or an explanation to solve this problem?

Thanks in advance for any help or explanation
Re: DataSourceSecurityFilter [message #1065741 is a reply to message #1065735] Thu, 27 June 2013 07:01 Go to previous messageGo to next message
Eclipse UserFriend
Hi Marco

I'll look over your problem this evening.

Greetings
Stephan
Re: DataSourceSecurityFilter [message #1065766 is a reply to message #1065741] Thu, 27 June 2013 08:38 Go to previous messageGo to next message
Eclipse UserFriend
Ensure your passwords are stored encrypted in the database (See: 'org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter.negotiate(HttpServletRequest, HttpServletResponse, PrincipalHolder)' and the encryptPass method in the same class). If you want to store plain passwords create your own extension of DataSourceSecurityFileter and register this subclass as filter. Override the encryptPass method with empty or what ever else content.
To get encrypted passwords the 'org.eclipse.scout.commons.Base64Utility.decode(String)' may be used from a simple main class.

Does this help to solve your issues?

-andreas
Re: DataSourceSecurityFilter [message #1065775 is a reply to message #1065766] Thu, 27 June 2013 08:52 Go to previous messageGo to next message
Eclipse UserFriend
Hi Andreas,
yes, in my database password are stored encrypted with base64.
I made a double check with the method that you suggest me and they are corrected encrypted.

The default DataSource Security Filter is Ok for me, at least for the moment.

[Updated on: Thu, 27 June 2013 08:52] by Moderator

Re: DataSourceSecurityFilter [message #1065808 is a reply to message #1065775] Thu, 27 June 2013 10:32 Go to previous messageGo to next message
Eclipse UserFriend
Ok that was a try. Now could you provide some more information. Do you get any exception or error? Are you able to reach a breakpoint in 'org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter.negotiate(HttpServletRequest, HttpServletResponse, PrincipalHolder) . return STATUS_CONTINUE_WITH_PRINCIPAL;'?
-andreas
Re: DataSourceSecurityFilter [message #1065900 is a reply to message #1065808] Fri, 28 June 2013 04:13 Go to previous messageGo to next message
Eclipse UserFriend
Hi Andreas,
I haven't any exception or error.
But I don't understand where I can find the row that you have reported?
Can you give me an explanation about it?
Re: DataSourceSecurityFilter [message #1068136 is a reply to message #1065900] Fri, 12 July 2013 07:09 Go to previous messageGo to next message
Eclipse UserFriend
I might be able to help you here, as I was also having some problems with DataSourceSecurityFilter. I managed to solve them by setting breakpoints in the DataSourceSecurityFilter class and looking at what being passed from the login dialog to the server and back.

You can find the DataSourceSecurityFilter.negotiate() method using the Navigate -> Open Type (or just Ctrl + Shift + T) window and typing DataSourceSecurityFilter into it.
I recommend setting breakpoints in navigate(), isValidUser() and encryptPass().

I noticed that Base64Utility.encode(EncryptionUtility.signMD5()) generates a different password digest when called within Scout, compared with running from the main method of a stand-alone java app. Not sure why, but as long as it is called from within Scout it remains consistent.
Re: DataSourceSecurityFilter [message #1068165 is a reply to message #1068136] Fri, 12 July 2013 09:38 Go to previous messageGo to next message
Eclipse UserFriend
Thank you Chris for your suggestions, they have been very helpful.
I have found that the problem is in the encoding of the password, as you have observed.
Re: DataSourceSecurityFilter [message #1690903 is a reply to message #1068165] Tue, 31 March 2015 16:23 Go to previous messageGo to next message
Eclipse UserFriend
Hi,
very usefull!!!
How can I decode the password?
Re: DataSourceSecurityFilter [message #1692948 is a reply to message #1690903] Mon, 20 April 2015 14:46 Go to previous message
Eclipse UserFriend
Uwe Degel wrote on Tue, 31 March 2015 22:23
How can I decode the password?


Not sure to know what you mean.

As explained by Andreas, you can
1/ use: 
org.eclipse.scout.commons.Base64Utility.decode(String)

Where you need it.

2/ create a subclass of DataSourceSecurityFilter
With your own implementation of the encryptPass method. (empty implementation or whatever else content). Here an example:
@Override
protected String encryptPass(String s) throws ServletException {
  return s;
}

This way the password will not be encrypted.

See also this thread:
DataSourceSecurityFilter and RAP Client.
Previous Topic:java.lang.SecurityException: /rap request is not authenticated with a Subject
Next Topic:How to get scout server services outside the scout client scope?
Goto Forum:
  


Current Time: Wed Jul 23 16:46:01 EDT 2025

Powered by FUDForum. Page generated in 0.05760 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly