james.cassady Posted December 27, 2013 Share Posted December 27, 2013 I configured my jasper reports server to use stronger passwords.I restarted Jasper then created new users ensuring the passwords for those users met the new requirements.Then I go to delete one of the users, as a result I get an error saying Weak Password, with a huge value that looks like an encrypted version of said password and then my regex for the allowed passwords.How do I go about fixing this? Link to comment Share on other sites More sharing options...
ogavavka Posted December 27, 2013 Share Posted December 27, 2013 HiPlease supply additional info:Apllication serverJRS Versionyour regex<<<<<< This comment was blocked and unpublished because Project Honeypot indicates it came from a suspicious IP address. Link to comment Share on other sites More sharing options...
elizam Posted December 30, 2013 Share Posted December 30, 2013 what version are you using and exactly which file(s) did you edit? Link to comment Share on other sites More sharing options...
james.cassady Posted December 30, 2013 Author Share Posted December 30, 2013 Version: Community Edition 5.5 File Edits: WEB-INFapplicationContext.xml allowedPasswordPattern jsexeptions_messages.properties exception.remote.weak.password WEB-INFjasperserver-servlet.xml allowUserPasswordChange WEB-INFapplicationContext-security-web.xml passwordExpirationInDays Link to comment Share on other sites More sharing options...
dlitvak Posted January 4, 2014 Share Posted January 4, 2014 Could you please post a stack trace? Some config excerpts could be helpful too. Link to comment Share on other sites More sharing options...
james.cassady Posted January 9, 2014 Author Share Posted January 9, 2014 For some reason when I try to post any code and an image it doesn't upload. Let me try for a fouth time. ApplicationContext.xml <bean id="userAuthorityService" class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.UserAuthorityServiceImpl"> <property name="sessionFactory" ref="sessionFactory"/> <property name="objectMappingFactory" ref="mappingResourceFactory"/> <property name="persistentClassFactory" ref="persistentMappings"/> <property name="profileAttributeService" ref="profileAttributeService"/> <property name="defaultInternalRoles"> <list> <value>ROLE_USER</value> </list> </property> <property name="tenantPersistenceResolver"><ref bean="${bean.hibernateTenantService}"/></property> <property name="auditContext" ref="${bean.auditContext}"/> <property name="databaseCharactersEscapeResolver" ref="databaseCharactersEscapeResolver"/> <property name="usernameCaseSensitive" value="false"/> <!-- Allows to change regular expression, which validates password complexity. You should also change "exception.remote.weak.password" message in jsexeptions_messages.properties file according to your password policy--> <property name="allowedPasswordPattern" value="^.*(?=^.{8,}$)((?=.*d)|(?=.*W+))(?![.n])(?=.*[A-Z])(?=.*[a-z]).*$"></property> </bean>[/code]jasperserver-servlet.xml <!-- js common controller --> <bean id="jsCommContr" class="com.jaspersoft.jasperserver.war.control.JSCommonController"> <property name="methodNameResolver" ref="paramResolver"/> <property name="repository"> <ref bean="${bean.repositoryService}"/> </property> <property name="userAuthService"> <ref bean="${bean.internalUserAuthorityService}"/> </property> <property name="objPermService" ref="objectPermissionService"/> <property name="timezones"> <ref bean="userTimeZonesList"/> </property> <property name="locales"> <ref bean="userLocalesList"/> </property> <property name="allowUserPasswordChange" value="true" /> <!-- note: if passwordExpirationInDays is positive, it will overwrite the above allowUserPasswordChange and the password changing UI will be displayed --> <property name="passwordExpirationInDays" value="90" /> <!-- Turn off/on login form auto completion. true = user can use saved data for the login form false = user cannot use saved login form data; user must type it in --> <property name="autoCompleteLoginForm" value="false" /> <property name="heartbeat"> <ref bean="concreteHeartbeatBean"/> </property> </bean>[/code] Once those changes were made, I restarted the server. Once back up, create a new user using required password, then attempt to delete the same new user.As you can see in the attached message, the "WeakPassword" in the message is not what I used as a password, the password I used for the new user that fit the requirements was P@ssW0rd Link to comment Share on other sites More sharing options...
dlitvak Posted January 27, 2014 Share Posted January 27, 2014 Try with a simpler regex first to see if it works. ^d{5,}$ for example. Most likely it won't, but still. Have you enable some js password encryption? encryption.on=true in security-config.properties? Link to comment Share on other sites More sharing options...
dlitvak Posted January 28, 2014 Share Posted January 28, 2014 Sounds like a bug, logging it. Link to comment Share on other sites More sharing options...
james.cassady Posted January 28, 2014 Author Share Posted January 28, 2014 I attempted to use ^d{5,}$ as well, but when attempting to delete it still says Weak Password. Link to comment Share on other sites More sharing options...
james.cassady Posted January 28, 2014 Author Share Posted January 28, 2014 Also my value in security-config.properties is: # Turns encryption of encryption.param's defined below on or off. encryption.on=false Link to comment Share on other sites More sharing options...
dlitvak Posted January 30, 2014 Share Posted January 30, 2014 James,It's a definite bug which was introduced in 5.1. I opened an issue and linked it to the original bug, which I re-opened.So far, the engineer works to make it fixed in 5.6.Sorry for any inconvenience.Dmitriy Link to comment Share on other sites More sharing options...
dlitvak Posted January 30, 2014 Share Posted January 30, 2014 sorry, d{5,} should not work as the encrypted passwords are hex. It's a bug anyways. Link to comment Share on other sites More sharing options...
gsteiner Posted June 12, 2014 Share Posted June 12, 2014 Dlitvak, do you know for sure if this was fixed in 5.6 or not? I'd like to know prior to upgrading. Thanks! Link to comment Share on other sites More sharing options...
dlitvak Posted June 17, 2014 Share Posted June 17, 2014 It is fixed in 5.6 according to defect 35935 records that I filed. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now