Skip to main content


Eclipse Community Forums

      Home
Home » Eclipse Projects » Eclipse Scout » password with salt
password with salt [message #899529] Wed, 01 August 2012 06:13 Go to next message
Eclipse UserFriend
Hi,

we are using DataSourceSecurityFilter for authentication. We want to add salt to the passwords. Now on login I need to change the way the password is checked by the DataSourceSecurityFilter because the simple select statement (org.eclipse.scout.rt.server.servlet.filter.DataSourceSecurityFilter#selectUserPass=SELECT name FROM account WHERE name=? and password=?
) is not enough anymore

I planned to make a new class that inherits form DataSourceSecurityFilter and then override protected boolean isValidUser(String username, String password) method.

And then register my new class as an extension (servletfilter.filters)

Is this the way to do it?


Regards Bertin
Re: password with salt [message #899766 is a reply to message #899529] Thu, 02 August 2012 05:31 Go to previous messageGo to next message
Eclipse UserFriend
Thats the way i would do it too.
Another variant would be to create a composite filter class that delegates to the database security filter and then delegates to your additional filter.
But in the end it comes to the same result.
Re: password with salt [message #900544 is a reply to message #899766] Tue, 07 August 2012 09:17 Go to previous messageGo to next message
Eclipse UserFriend
Tried to inherit from DataSourceSecurityFilter but that did not work for me. So I directly inherited from AbstractChainableSecurityFilter and copied everything from DataSourceSecurityFilter and changed the implementation where needed.
public class SaltedDataSourceSecurityFilter extends AbstractChainableSecurityFilter {
...
...
}

Now it works with one problem, my configuration parameters are not automatically read.

To read the parameters, the implementation in DataSourceSecurityFilter which I copied is like: 
FilterConfigInjection.FilterConfig config = new FilterConfigInjection(config0, getClass()).getAnyConfig();

But I get an error then:
javax.servlet.ServletException: Missing init-param with name 'jdbcDriverName'.
	at nl.rid.grammastudio6.server.securityfilter.SaltedDataSourceSecurityFilter.getInitParam(SaltedDataSourceSecurityFilter.java:84)
	at nl.rid.grammastudio6.server.securityfilter.SaltedDataSourceSecurityFilter.init(SaltedDataSourceSecurityFilter.java:70)
	at org.eclipse.scout.http.servletfilter.internal.FilterConfigImpl.getFilter(FilterConfigImpl.java:68)

Although my ini file has all the parameters prefixed with SaltedDataSourceSecurityFilter for example:
org.eclipse.scout.rt.server.servlet.filter.SaltedDataSourceSecurityFilter#active=true
org.eclipse.scout.rt.server.servlet.filter.SaltedDataSourceSecurityFilter#jdbcDriverName=com.mysql.jdbc.Driver


So I changed it to use the params of DataSourceSecurityFilter like this:
FilterConfigInjection.FilterConfig config = new FilterConfigInjection(config0, DataSourceSecurityFilter.class).getAnyConfig();

And it works. But I do not like it this way, maybe someone can explain what is going wrong here and how to fix it in a way that I can use the correct prefix which should be my new class name.

Regards Bertin
icon7.gif  Re: password with salt works good now [message #900735 is a reply to message #900544] Wed, 08 August 2012 06:55 Go to previous message
Eclipse UserFriend
Works now,

org.eclipse.scout.rt.server.servlet.filter.SaltedDataSourceSecurityFilter#active=true

of course, my own class is not in this package, but in my own package. After correcting the package name it works.

Regards Bertin
Previous Topic:Multi-Module Applications
Next Topic:Set '*' as a Password Char in a Form Field
Goto Forum:
  


Current Time: Thu Jul 10 01:41:19 EDT 2025

Powered by FUDForum. Page generated in 0.09150 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly