ioannis.anagnostopoulos Posted August 7, 2013 Share Posted August 7, 2013 Hello, I am trying to configure an external database authentication but my spring knowledge is limited. I assume though that somehow I must provide in the xml file an implementation of the PasswordEncoder (probably Md5PasswordEncoder) as part of the validator to perform the encryption of the clear text and make the comparison. My external password are in the form of {SMD5}xxxxxxAre there any examples available?Kind RegardsY Link to comment Share on other sites More sharing options...
ernestoo Posted August 8, 2013 Share Posted August 8, 2013 Not sure if the scenario is covered, but have you checked the sample configurations that come with the server?ls jasperreports-server-5.2-bin/samples/externalAuth-sample-config/sample-applicationContext-externalAuth-CAS-LDAP-mt.xml sample-applicationContext-externalAuth-LDAP-mt.xmlsample-applicationContext-externalAuth-sso-mt.xmlsample-applicationContext-externalAuth-CAS-db-mt.xmlsample-applicationContext-externalAuth-db-mt.xmlsample-applicationContext-externalAuth-template-mt.xml Link to comment Share on other sites More sharing options...
ioannis.anagnostopoulos Posted August 8, 2013 Author Share Posted August 8, 2013 The scenario in question is : sample-applicationContext-externalAuth-db-mt.xml but it does not cover SMD5 passwords neither the manual exaplains how to implement other security policies. It just mentions something about Implementing the PasswordEncoder spring security interface. So before I start reading about Spring (which I wouldn't like to be my priority right now) I hope for an answer here.RegardsY Link to comment Share on other sites More sharing options...
ioannis.anagnostopoulos Posted August 9, 2013 Author Share Posted August 9, 2013 I think I have sorted the problem myself. However I would like to list the steps I took for verification as the solution might not be 100% correct. Please note that the only reference to the custom encryption issue in the manual is the following one at page 54: "If your database uses a different encryption algorithm, you can configure your own password encoder using the Spring implementations of the PasswordEncoder interface." This assumes, wrongly to my opinion, that the developer has spring framework knowledge and provides no guidance as to what needs to be done and where the configuration should be applied. So, to implement custom encryption the following steps must be performed: 1. Create a new class that implements the Spring PasswordEncoder interface. 2. Import the spring libraries to the project from Jasper 3. Import the custom encryption library (in our case it was jasypt.jar) 4. Implement the PasswordEncoder:encodePassord method, essentially wrapping in it the calls to the custom library to encode the password and return the encrypted password. 5. Implement the PasswordEncoder:isPasswordValid method, i.e. wrap the equivalent method of the custom encryption library and return true or false. 6. Build the new class and place it to the web-inf/lib or /classes of jasperserver-pro context along with the jar file of the custom library 7. Edit the applicationContext-externalAuth-db-mt.xml and replace the passwordValidator class with the namespace.className of the custom implementation. 7a. Remove any non applicable properties from the bean by commenting them out (in my case no properties were necessary) 8. Restart jasper As I said, this seems to be the minimum solution to my problem. I would really appreciate if someone could verify it. I must emphasise though that I would have expected a manual labeled as Cookbook to include some information along these lines. Kind Regards Yiannis Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now