ibrahimhamza Posted April 8, 2009 Share Posted April 8, 2009 Dear AllCan I change the jasperserver to save passwordsin sha1 to be more securethanks Link to comment Share on other sites More sharing options...
anandharaj Posted April 9, 2009 Share Posted April 9, 2009 JasperServer already have this feature and this is enabled by default in JS-3.5 If you using version prior to this, please refer to my blog www.raj2u.net on how to enable this feature. Link to comment Share on other sites More sharing options...
ibrahimhamza Posted April 9, 2009 Author Share Posted April 9, 2009 I have jasper server 3.1I search your site with sha and sha1 and no resultsI add the nest section to applicationContext-security.xml <bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.ShaPasswordEncoder"> <property name="encodeHashAsBase64"><value>false</value></property> </bean> and commented the old <bean id="passwordEncoder" class="com.jaspersoft.jasperserver.api.metadata.common.service.impl.PasswordCipherer">and then i make userand hashed its password "1" which is 356a192b7913b04c54574d18c28d46e6395428ab Link to comment Share on other sites More sharing options...
ibrahimhamza Posted April 9, 2009 Author Share Posted April 9, 2009 Now it worksand here is the steps to make the passswords hashed with sha1Modify the apache-tomcatwebappsjasperserverWEB-INFapplicationContext-security.xml1- comment or remove the bean which starts with <bean id="passwordEncoder"to be <!-- <bean id="passwordEncoder" class="com.jaspersoft.jasperserver.api.metadata.common.service.impl.PasswordCipherer"> <property name="allowEncoding"><value>false</value></property> <property name="keyInPlainText"><value>false</value></property> <property name="secretKey"><value>0xC8 0x43 0x29 0x49 0xAE 0x25 0x2F 0xA1 0xC1 0xF2 0xC8 0xD9 0x31 0x01 0x2C 0x52 0x54 0x0B 0x5E 0xEA 0x9E 0x37 0xA8 0x61</value></property> <property name="secretKeyAlgorithm"><value>DESede</value></property> <property name="cipherTransformation"><value>DESede/CBC/PKCS5Padding</value></property> </bean>-->2- but this instead <bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.ShaPasswordEncoder"> <property name="encodeHashAsBase64"><value>false</value></property> </bean>3- make sure that <property name="passwordEncoder"><ref local="passwordEncoder"/></property>is not commented remove th comment by delete <!-- and -->4- connect using sql to update jasperadmin user passwordUPDATE JIUSERSET PASSWORD = '4899a849f6a3cee79e2ad5b7dd93d0a7f276d493' WHERE USERNAME = 'jasperadmin';now login with jasperadmin and password jasperadmin Post Edited by ibrahim hamza at 04/09/09 07:36Post Edited by ibrahim hamza at 04/12/09 07:35 Link to comment Share on other sites More sharing options...
huwtrimet.org Posted January 8, 2010 Share Posted January 8, 2010 Does this SHA encryption work with CE version JS 3.5 at all? I have followed the instructions to the teeth, but apparently, all passwords are stored in the database as clear text now. Did I need to include some acegi libary? Thanks in advance. Link to comment Share on other sites More sharing options...
huwtrimet.org Posted January 8, 2010 Share Posted January 8, 2010 I think this may be a bug.I can set the SHA encrypted password like the jasperadmin in the database, and I can login just fine.But, when I use the user manager interface to change the password to ''mypassword", then the clear text is stored in the database, then I can not login use the password because the login page uses the password Encoder. Link to comment Share on other sites More sharing options...
huwtrimet.org Posted January 12, 2010 Share Posted January 12, 2010 I found the issue was reported in the tracker as number 0004375, status open. With SHA encryption, we can not use this tool to connect to PCI(Payment Card Industry, aka, credit card type) database for reporting needs. Link to comment Share on other sites More sharing options...
huwtrimet.org Posted January 13, 2010 Share Posted January 13, 2010 Hi Sherman, will this bug be fixed in version 3.7 Tracker 0004375 ? Thanks in advance Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now