passwordValidator for SMD5

[ioannis.anagnostopoulos]

Hello, I am trying to configure an external database authentication but my spring knowledge is limited. I assume though that somehow I must provide in the xml file an implementation of the PasswordEncoder (probably Md5PasswordEncoder) as part of the validator to perform the encryption of the clear text and make the comparison. My external password are in the form of {SMD5}xxxxxx

Are there any examples available?

Kind Regards

Y

[ernestoo]

Not sure if the scenario is covered, but have you checked the sample configurations that come with the server?

ls jasperreports-server-5.2-bin/samples/externalAuth-sample-config/

sample-applicationContext-externalAuth-CAS-LDAP-mt.xml

sample-applicationContext-externalAuth-LDAP-mt.xml

sample-applicationContext-externalAuth-sso-mt.xml

sample-applicationContext-externalAuth-CAS-db-mt.xml

sample-applicationContext-externalAuth-db-mt.xml

sample-applicationContext-externalAuth-template-mt.xml

[ioannis.anagnostopoulos]

The scenario in question is : sample-applicationContext-externalAuth-db-mt.xml but it does not cover SMD5 passwords neither the manual exaplains how to implement other security policies. It just mentions something about Implementing the PasswordEncoder  spring security interface. So before I start reading about Spring (which I wouldn't like to be my priority right now) I hope for an answer here.

Regards

Y

[ioannis.anagnostopoulos]

I think I have sorted the problem myself. However I would like to list the steps I took for verification as the solution might not be 100% correct. Please note that the only reference to the custom encryption issue in the manual is the following one at page 54:

 

"If your database uses a different encryption algorithm, you can configure your own password encoder using the

Spring implementations of the PasswordEncoder interface."

 

This assumes, wrongly to my opinion, that the developer has spring framework knowledge and provides no guidance as to what needs to be done and where the configuration should be applied. So, to implement custom encryption the following steps must be performed:

 

1. Create a new class that implements the Spring PasswordEncoder interface.

2. Import the spring libraries to the project from Jasper

3. Import the custom encryption library (in our case it was jasypt.jar)

4. Implement the PasswordEncoder:encodePassord method, essentially wrapping in it the calls to the custom library to encode the password and return the encrypted password.

5. Implement the PasswordEncoder:isPasswordValid method, i.e. wrap the equivalent method of the custom encryption library and return true or false.

6. Build the new class and place it to the web-inf/lib or /classes of jasperserver-pro context along with the jar file of the custom library

7. Edit the applicationContext-externalAuth-db-mt.xml and replace the passwordValidator class with the namespace.className of the custom implementation.

7a. Remove any non applicable properties from the bean by commenting them out (in my case no properties were necessary)

8. Restart jasper

 

As I said, this seems to be the minimum solution to my problem. I would really appreciate if someone could verify it. I must emphasise though that I would have expected a manual labeled as Cookbook to include some information along these lines.

Kind Regards

Yiannis