Commit ff08d726 authored by Peter Harrison's avatar Peter Harrison

Modify Security & Storage of Password using SHA256 Hash

parent e37598e8
......@@ -66,7 +66,6 @@ public class UserController {
try {
String newId = IdentifierTools.getIdFromNamedModelClass(user);
user.setPath(String.format(URI.USER_URI, newId.toString()));
user.setPasswordhash(user.hash(user.getName(), user.getKey()));
user.setKey(null);
ocm.insert(user);
ocm.save();
......@@ -88,7 +87,9 @@ public class UserController {
if(user==null){
throw new ResourceNotFoundException();
}
}
user.setPasswordhash(null);
} finally {
if(ocm!=null){
......@@ -155,5 +156,4 @@ public class UserController {
}
return false;
}
}
......@@ -88,6 +88,9 @@ public class User extends AbstractNamedModelClass implements Serializable{
*/
public void setKey(String key) {
this.key = key;
if( key!=null){
this.setPasswordhash(hash(this.getName(),key));
}
}
/**
......@@ -100,7 +103,8 @@ public class User extends AbstractNamedModelClass implements Serializable{
public boolean checkPassword(String password){
if( this.passwordhash!=null){
return this.passwordhash.equals( hash(this.getName(), password) );
String hash = hash(this.getName(), password);
return this.passwordhash.equals( hash );
} else {
return true;
}
......@@ -110,5 +114,4 @@ public class User extends AbstractNamedModelClass implements Serializable{
return DigestUtils.sha256Hex(username.substring(0, 2) + password);
}
}
......@@ -21,13 +21,9 @@
package nz.net.orcon.kanban.security;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Resource;
import javax.jcr.Node;
import javax.jcr.Property;
import javax.jcr.PropertyIterator;
import nz.net.orcon.kanban.controllers.URI;
import nz.net.orcon.kanban.model.User;
......@@ -42,7 +38,6 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
//import org.springframework.security.core.authority.GrantedAuthorityImpl;
public class JcrAuthenticationProvider implements AuthenticationProvider {
......
......@@ -192,7 +192,7 @@ public class OcmMapperFactory {
return host;
}
public void setUrl(String host) {
public void setHost(String host) {
this.host = host;
}
......
......@@ -13,8 +13,8 @@
</appender>
<!-- Application Loggers -->
<logger name="org.application">
<level value="debug" />
<logger name="nz.net.orcon.gravity">
<level value="info" />
</logger>
<!-- 3rdparty Loggers -->
......
......@@ -19,6 +19,7 @@
<bean id="ocmFactory" class="nz.net.orcon.kanban.tools.OcmMapperFactory">
<property name="user" value="admin"/>
<property name="password" value="admin"/>
<property name="host" value="${repository.url}"/>
<property name="domainPackage" value="nz.net.orcon.kanban.model"/>
<property name="mainNodes">
<list>
......
......@@ -29,7 +29,7 @@
</global-method-security>
<authentication-manager>
<authentication-provider ref="nullAuthenticationProvider"/>
<authentication-provider ref="jcrAuthenticationProvider"/>
</authentication-manager>
......
package nz.net.orcon.kanban.model;
import static org.junit.Assert.*;
import org.junit.Test;
public class UserTest {
@Test
public void testCheckPassword() throws Exception {
User user = new User();
user.setName("test");
user.setKey("password");
assertTrue( user.checkPassword("password") );
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment