Hitachi Vantara Pentaho Community Forums
Results 1 to 2 of 2

Thread: Change password encoder for Jackrabbit

  1. #1
    Join Date
    Mar 2013
    Posts
    22

    Question Change password encoder for Jackrabbit

    Hi,

    I'm trying to change the password encoder from
    Code:
    org.pentaho.platform.repository2.userroledao.jackrabbit.security.DefaultPentahoPasswordEncoder
    to
    Code:
    org.springframework.security.providers.encoding.ShaPasswordEncoder
    . I didn't find any description how this can be done correctly. So I had to try.

    So I changed
    * password encoder in /biserver-ce/pentaho-solutions/system/applicationContext-spring-security-jackrabbit.xml by replacing just the classname in <bean id="jackrabbitPasswordEncoder" class="
    * Additionally I changed the default password in /biserver-ce/pentaho-solutions/system/defaultUser.spring.properties to the SHA1-Hash for "password" --> 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
    * And the password in /biserver-ce/pentaho-solutions/system/repository.spring.properties for "system" to the same SHA1-Hash

    before the first start.

    Now I cannot login anymore with "admin" and "password". Where did I miss something?
    Already tried to have a look into jackrabbit by copying the repository to an external directory and trying to open it with jackrabbit-standalone-2.10.4.jar. But no luck. Unable to login with "admin/password". Additionally I tried to open the H2 database - but no users inside there.

    ---

    When this is fixed, my next problem will be, how to insert already encrypted passwords to Jackrabbit. When I use
    Code:
    PUT pentaho/api/userroledao/createUser
    the "hash" will be the password.

    Best regards,
    Markus

  2. #2
    Join Date
    Mar 2013
    Posts
    22

    Default

    Hi,

    we solved it by ourselves. The problem was, when adding the users via Pentaho-API, Pentaho needs the passwords in clear text and then encodes them.

    But the passwords transferred by us were already SHA1 encoded. So I created a new password encoder based on DefaultPentahoPasswordEncoder (derived) which - when the isPasswordValid of the super class is false - encodes the password additionally with sha1 and validates then again. Then it was successful.

    Example code:
    Code:
    public boolean isPasswordValid(final String encodedPass, final String rawPass, final Object salt) throws DataAccessException
        {
            boolean result = super.isPasswordValid(encodedPass, rawPass, salt);
    
            // if password is not valid using DefaultPentahoPasswordEncoder logic, try again with additional SHA1
            if (!result)
            {
                // your password verification here
            }
            
            return result;
        }

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2019 Hitachi Vantara Corporation. All Rights Reserved.