Eclipse Community Forums: Eclipse Scout » DataSourceSecurityFilter

Help

Home

Home » Eclipse Projects » Eclipse Scout » DataSourceSecurityFilter

Show: Today's Messages :: Show Polls :: Message Navigator

DataSourceSecurityFilter [message #1065735]

Thu, 27 June 2013 10:13

marco giudici

Messages: 204
Registered: February 2013
Location: Italy

Senior Member

Hi All,
I have a little problem with DataSourceSecurityFilter.
I configured this type of filter (see below the deatils), but when start my application and insert a correct username and password on Login form, the system doesn't continue and re-submit the Login form.

In Config.ini, I insert this rows:

### Servlet Filter Runtime Configuration
org.eclipse.scout.http.servletfilter.security.BasicSecurityFilter#active=false
org.eclipse.scout.http.servletfilter.security.BasicSecurityFilter#realm=APP  Development
org.eclipse.scout.http.servletfilter.security.BasicSecurityFilter#users=admin\=admin,adminEN\=adminEN,adminIT\=adminIT,test\=test

org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#active=true
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#realm=APP Development
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#jdbcDriverName=oracle.jdbc.OracleDriver
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#jdbcMappingName=jdbc:oracle:thin:@DB:1535:DB
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#jdbcUsername=***
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#jdbcPassword=***
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#selectUserPass=SELECT USERACCOUNT FROM MYUSERTABLE WHERE LOWER(USERACCOUNT)=? AND PASSWORD=?


org.eclipse.scout.http.servletfilter.security.AnonymousSecurityFilter#active=false

In the plugin.xml, I added the follow rows:

      <service
            factory="org.eclipse.scout.rt.server.services.ServerServiceFactory"
            class="org.APP.server.services.custom.security.AccessControlService"
            session="org.APP.server.ServerSession">
      </service>

	<filter
        aliases="/process"
        class="org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter"
        ranking="40">
  	</filter>

Surely there is something that escapes me or I don't see the mistake that I made.
Someone can give me a hint or an explanation to solve this problem?

Thanks in advance for any help or explanation

Report message to a moderator

Re: DataSourceSecurityFilter [message #1065741 is a reply to message #1065735]

Thu, 27 June 2013 11:01

Stephan Leicht Vogt

Messages: 104
Registered: July 2015

Senior Member

Hi Marco

I'll look over your problem this evening.

Greetings
Stephan

Report message to a moderator

Re: DataSourceSecurityFilter [message #1065766 is a reply to message #1065741]

Thu, 27 June 2013 12:38

Eclipse User

Ensure your passwords are stored encrypted in the database (See: 'org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter.negotiate(HttpServletRequest, HttpServletResponse, PrincipalHolder)' and the encryptPass method in the same class). If you want to store plain passwords create your own extension of DataSourceSecurityFileter and register this subclass as filter. Override the encryptPass method with empty or what ever else content.
To get encrypted passwords the 'org.eclipse.scout.commons.Base64Utility.decode(String)' may be used from a simple main class.

Does this help to solve your issues?

-andreas

Report message to a moderator

Re: DataSourceSecurityFilter [message #1065775 is a reply to message #1065766]

Thu, 27 June 2013 12:52

marco giudici

Messages: 204
Registered: February 2013
Location: Italy

Senior Member

Hi Andreas,
yes, in my database password are stored encrypted with base64.
I made a double check with the method that you suggest me and they are corrected encrypted.

The default DataSource Security Filter is Ok for me, at least for the moment.

[Updated on: Thu, 27 June 2013 12:52]

Report message to a moderator

Re: DataSourceSecurityFilter [message #1065808 is a reply to message #1065775]

Thu, 27 June 2013 14:32

Eclipse User

Ok that was a try. Now could you provide some more information. Do you get any exception or error? Are you able to reach a breakpoint in 'org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter.negotiate(HttpServletRequest, HttpServletResponse, PrincipalHolder) . return STATUS_CONTINUE_WITH_PRINCIPAL;'?
-andreas

Report message to a moderator

Re: DataSourceSecurityFilter [message #1065900 is a reply to message #1065808]

Fri, 28 June 2013 08:13

marco giudici

Messages: 204
Registered: February 2013
Location: Italy

Senior Member

Hi Andreas,
I haven't any exception or error.
But I don't understand where I can find the row that you have reported?
Can you give me an explanation about it?

Report message to a moderator

Re: DataSourceSecurityFilter [message #1068136 is a reply to message #1065900]

Fri, 12 July 2013 11:09

Chris Monty

Messages: 26
Registered: July 2013

Junior Member

I might be able to help you here, as I was also having some problems with DataSourceSecurityFilter. I managed to solve them by setting breakpoints in the DataSourceSecurityFilter class and looking at what being passed from the login dialog to the server and back.

You can find the DataSourceSecurityFilter.negotiate() method using the Navigate -> Open Type (or just Ctrl + Shift + T) window and typing DataSourceSecurityFilter into it.
I recommend setting breakpoints in navigate(), isValidUser() and encryptPass().

I noticed that Base64Utility.encode(EncryptionUtility.signMD5()) generates a different password digest when called within Scout, compared with running from the main method of a stand-alone java app. Not sure why, but as long as it is called from within Scout it remains consistent.

Report message to a moderator

Re: DataSourceSecurityFilter [message #1068165 is a reply to message #1068136]

Fri, 12 July 2013 13:38

marco giudici

Messages: 204
Registered: February 2013
Location: Italy

Senior Member

Thank you Chris for your suggestions, they have been very helpful.
I have found that the problem is in the encoding of the password, as you have observed.

Report message to a moderator

Re: DataSourceSecurityFilter [message #1690903 is a reply to message #1068165]

Tue, 31 March 2015 20:23

Uwe Degel

Messages: 10
Registered: March 2015

Junior Member

Hi,
very usefull!!!
How can I decode the password?

Report message to a moderator

Re: DataSourceSecurityFilter [message #1692948 is a reply to message #1690903]

Mon, 20 April 2015 18:46

Jeremie Bresson

Messages: 1252
Registered: October 2011

Senior Member

Uwe Degel wrote on Tue, 31 March 2015 22:23

How can I decode the password?

Not sure to know what you mean.

As explained by Andreas, you can
1/ use:

org.eclipse.scout.commons.Base64Utility.decode(String)

Where you need it.

2/ create a subclass of DataSourceSecurityFilter
With your own implementation of the encryptPass method. (empty implementation or whatever else content). Here an example:

@Override
protected String encryptPass(String s) throws ServletException {
  return s;
}

This way the password will not be encrypted.

See also this thread:
DataSourceSecurityFilter and RAP Client.

Report message to a moderator

Previous Topic:	java.lang.SecurityException: /rap request is not authenticated with a Subject
Next Topic:	How to get scout server services outside the scout client scope?

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Apr 19 08:58:51 GMT 2024

.:: Contact :: Home ::.

Breadcrumbs

Sign up to our Newsletter