Password Encryption

[phlunk3]

By default what encryption method is jasperServer 3.5 using for user creation?

I am attempting to create a script for the user creation after upgrading to 3.5 yesterday and have ran into the problem, any help would be great thank you.

[phlunk3]

I followed these instructios to try set encoding to md5, can anyone tell me why this isnt working and I am still able to login with the old user/pass in the original encoding method?

Code:

G. How to change password encoding to MD5/SHA?Starting from JasperServer 3.5, the password encryption is enabled by default. Since there are quit number of encoding mechanism available, some of us want to change the default encoding to MD5 or SHA.This might be necessary to follow the organization's standard / policy or to synchronize the user details from other system which store the password in MD5 / SHA. To change the encoding, edit the $JASPER_ROOT/WEB-INF/applicationContext-security.xml, look for "passwordEncoder" bean.Original:    <bean id="passwordEncoder" class="com.jaspersoft.jasperserver.api.metadata.common.service.impl.PasswordCipherer" lazy-init="false">        <property name="allowEncoding"><value>true</value></property>        <property name="keyInPlainText"><value>false</value></property>        <property name="secretKey"><value>0xC8 0x43 0x29 0x49 0xAE 0x25 0x2F 0xA1 0xC1 0xF2 0xC8 0xD9 0x31 0x01 0x2C  0x52 0x54 0x0B 0x5E 0xEA 0x9E 0x37 0xA8 0x61</value></property>        <property name="secretKeyAlgorithm"><value>DESede</value></property>        <property name="cipherTransformation"><value>DESede/CBC/PKCS5Padding</value></property>    </bean>MD5:    <bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.Md5PasswordEncoder">    	<property name="encodeHashAsBase64"><value>false</value></property>    </bean>SHA:    <bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.ShaPasswordEncoder">    	<property name="encodeHashAsBase64"><value>false</value></property>    </bean>

[phlunk3]

Okay, I have restarted the jasperServer and logins work properly, however now when I attempt to inspect an OLAP view, I recieve the error that my database connection string is no longer working, how can this be?

[phlunk3]

now its suddenly working again, thanks to whomever wrote the blog, I think anandharaj, was a big help!

[Steve Park]

This is an old thread.  For those looking to implement this solution for JS 3.7 and later, it's important to keep in mind that any class belonging to a package who's name starts with org.acegisecurity should be updated to org.springframework.security.  In this case, the bean definitions provided above should look like this:

 

Code:

[dlitvak]

Please note that password hashing has been broken.  The part that is broken hashing-wise is user creation and user reading from db.

We plan to fix it in 5.6 or 6.0.

Sha-1/MD5 are deprecated for password encryption.  They are considered as broken.  Please use SHA-2 or better.  I have only heard of other possibilities like scrypt, bcrypt.

[fabricerd]

you are saying that password hashing is broken "user reading from db".

Does it mean that

sample-applicationContext-externalAuth-db-mt.xml is completly broken and we can't use external db authentication anymore until 5.6 or 6?

How can we fix it, if we plan to deploy very soon a pro version with externalAuth-db-mt mechanism?

Thanks