DataSourceSecurityFilter [message #1065735] |
Thu, 27 June 2013 10:13 |
|
Hi All,
I have a little problem with DataSourceSecurityFilter.
I configured this type of filter (see below the deatils), but when start my application and insert a correct username and password on Login form, the system doesn't continue and re-submit the Login form.
In Config.ini, I insert this rows:
### Servlet Filter Runtime Configuration
org.eclipse.scout.http.servletfilter.security.BasicSecurityFilter#active=false
org.eclipse.scout.http.servletfilter.security.BasicSecurityFilter#realm=APP Development
org.eclipse.scout.http.servletfilter.security.BasicSecurityFilter#users=admin\=admin,adminEN\=adminEN,adminIT\=adminIT,test\=test
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#active=true
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#realm=APP Development
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#jdbcDriverName=oracle.jdbc.OracleDriver
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#jdbcMappingName=jdbc:oracle:thin:@DB:1535:DB
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#jdbcUsername=***
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#jdbcPassword=***
org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter#selectUserPass=SELECT USERACCOUNT FROM MYUSERTABLE WHERE LOWER(USERACCOUNT)=? AND PASSWORD=?
org.eclipse.scout.http.servletfilter.security.AnonymousSecurityFilter#active=false
In the plugin.xml, I added the follow rows:
<service
factory="org.eclipse.scout.rt.server.services.ServerServiceFactory"
class="org.APP.server.services.custom.security.AccessControlService"
session="org.APP.server.ServerSession">
</service>
<filter
aliases="/process"
class="org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter"
ranking="40">
</filter>
Surely there is something that escapes me or I don't see the mistake that I made.
Someone can give me a hint or an explanation to solve this problem?
Thanks in advance for any help or explanation
|
|
|
|
Re: DataSourceSecurityFilter [message #1065766 is a reply to message #1065741] |
Thu, 27 June 2013 12:38 |
Eclipse User |
|
|
|
Ensure your passwords are stored encrypted in the database (See: 'org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter.negotiate(HttpServletRequest, HttpServletResponse, PrincipalHolder)' and the encryptPass method in the same class). If you want to store plain passwords create your own extension of DataSourceSecurityFileter and register this subclass as filter. Override the encryptPass method with empty or what ever else content.
To get encrypted passwords the 'org.eclipse.scout.commons.Base64Utility.decode(String)' may be used from a simple main class.
Does this help to solve your issues?
-andreas
|
|
|
|
Re: DataSourceSecurityFilter [message #1065808 is a reply to message #1065775] |
Thu, 27 June 2013 14:32 |
Eclipse User |
|
|
|
Ok that was a try. Now could you provide some more information. Do you get any exception or error? Are you able to reach a breakpoint in 'org.eclipse.scout.http.servletfilter.security.DataSourceSecurityFilter.negotiate(HttpServletRequest, HttpServletResponse, PrincipalHolder) . return STATUS_CONTINUE_WITH_PRINCIPAL;'?
-andreas
|
|
|
|
|
|
|
|
Powered by
FUDForum. Page generated in 0.04388 seconds