[Building Sakai] Using the PasswordService from within the user tool
Steve Swinsburg
steve.swinsburg at gmail.com
Fri Sep 21 23:18:10 PDT 2012
If PasswordService doesn't have a public API (i.e. an interface), then you cannot access it externally since the impl's live in a special area of Tomcat and need to be handled specially.
Your best bet would be to spend time on a way to lock/unlock a user account - Mike at UNC has already done this so that would be the best way forward. Duplicating code and moving data around in the database sounds yucky.
Mike, there is a Jira already for this here: https://jira.sakaiproject.org/browse/SAK-16499 - Just reopen it and send your code that way.
cheers,
Steve
On 22/09/2012, at 2:22 PM, Brian Baillargeon <bbailla2 at uwo.ca> wrote:
> Passwords must never be stored unencrypted.
>
> Here's what I was thinking - if you add this dependency to a project:
>> <dependency>
>> <groupId>org.sakaiproject.kernel</groupId>
>> <artifactId>sakai-kernel-impl</artifactId>
>> <version>${sakai.kernel.version}</version>
>> </dependency>
> you should be able to see the class definition for PasswordService inside the sakai-kernel-impl jar in your local maven repository. So I don't see what's preventing java from finding PasswordService's class definition at runtime. I saw that it doesn't appear to be a bean like any other service, so I was trying to call the inherited Object constructor followed by encrypt(). I'm at home (and away from my dev environment), so I can't verify whether this works in any other project, but my conjecture is that java can't find PasswordService due to some kind of naming issue since we're working under the org.sakaiproject.user package, and PasswordService is also under that package.
>
> I see three options
> - Get PasswordService to work in the user tool and proceed with my original plan
> - Clone PasswordService into this project. This means if the encryption strategy changes in a future kernel-impl upgrade, a conflict will exist.
> - Create the account (with a UserEdit) and copy the resulting row from SAKAI_USER into my table, delete the account, wait until the user validates their email address to move them back to SAKAI_USER.
>
> Any ideas on how to get PasswordService working?
>
> On 09/21/12, Matthew Jones <matthew at longsight.com> wrote:
>>
>> Because the PasswordService doesn't have an api in shared (and it isn't itself) in shared, I'm not sure you could do that. You probably could set their password as an random bit of strings though, it doesn't have to go through this service if you don't care if it *works* or not, just that it locks them out?
>>
>> You could probably even just store it in the password field as "*"+their password, then just remove the first character to unlock. That's what the old unix lockout used to be right?
>>
>> On Fri, Sep 21, 2012 at 5:22 PM, Brian Baillargeon <bbailla2 at uwo.ca> wrote:
>> Hello,
>>
>> Currently the user tool (sakai.createuser) adds users upon submitting the form. We want to ensure that we get the correct email addresses from our users, so we're trying to customize the tool to send the user an email with a validation token before their account gets created.
>>
>> In doing this, my plan is to create a separate database table to temporarily store the information they've filled on the New User form until they've validated their email address. Since they insert their password, I need to encrypt it, and I found that BaseUserEdit encrypts passwords using org.sakaiproject.user.impl.PasswordService. So I'll store the user's inserted information including their encrypted password, and once the user has validated their email address I'll create their account with a random password and manually update their row in the SAKAI_USER table with the encrypted password from my table.
>>
>> I'm having trouble using PasswordService from within the user project though.
>> So, to pull in PasswordService I have:
>> <dependency>
>> <groupId>org.sakaiproject.kernel</groupId>
>> <artifactId>sakai-kernel-impl</artifactId>
>> <version>${sakai.kernel.version}</version>
>> </dependency>
>>
>> I can compile a class that calls new PasswordService() without errors, but at runtime I'm getting:
>>
>> 2012-09-21 16:50:17,617 WARN http-8081-Processor25 org.sakaiproject.cheftool.VelocityPortletPaneledAction - Exception calling method doSave java.lang.reflect.InvocationTargetException (Caused by java.lang.NoClassDefFoundError: org/sakaiproject/user/impl/PasswordService)
>> java.lang.reflect.InvocationTargetException
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:597)
>> at org.sakaiproject.cheftool.VelocityPortletPaneledAction.actionDispatch(VelocityPortletPaneledAction.java:657)
>> at org.sakaiproject.cheftool.VelocityPortletPaneledAction.processAction(VelocityPortletPaneledAction.java:555)
>> at org.sakaiproject.cheftool.ToolServlet.doGet(ToolServlet.java:230)
>> at org.sakaiproject.cheftool.VelocityPortletPaneledAction.doGet(VelocityPortletPaneledAction.java:1086)
>> at org.sakaiproject.cheftool.ToolServlet.doPost(ToolServlet.java:154)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
>> at org.sakaiproject.vm.ComponentServlet.service(ComponentServlet.java:56)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>> at org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:598)
>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>> at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:659)
>> at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:457)
>> at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:359)
>> at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:311)
>> at org.sakaiproject.tool.impl.ActiveToolComponent$MyActiveTool.forward(ActiveToolComponent.java:511)
>> at org.sakaiproject.portal.charon.SkinnableCharonPortal.forwardTool(SkinnableCharonPortal.java:1429)
>> at org.sakaiproject.portal.charon.handlers.ToolHandler.doTool(ToolHandler.java:204)
>> at org.sakaiproject.portal.charon.handlers.ToolHandler.doGet(ToolHandler.java:96)
>> at org.sakaiproject.portal.charon.handlers.ToolHandler.doPost(ToolHandler.java:73)
>> at org.sakaiproject.portal.charon.SkinnableCharonPortal.doPost(SkinnableCharonPortal.java:1224)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>> at org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:659)
>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
>> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
>> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
>> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
>> at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
>> at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
>> at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
>> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
>> at java.lang.Thread.run(Thread.java:662)
>> Caused by: java.lang.NoClassDefFoundError: org/sakaiproject/user/impl/PasswordService
>> at org.sakaiproject.user.uservalidation.model.ValidatablePersonHibernateImpl.setPassword(ValidatablePersonHibernateImpl.java:70)
>> at org.sakaiproject.user.tool.UsersAction.readUserForm(UsersAction.java:966)
>> at org.sakaiproject.user.tool.UsersAction.doSave(UsersAction.java:665)
>> ... 46 more
>> Caused by: java.lang.ClassNotFoundException: org.sakaiproject.user.impl.PasswordService
>> at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
>> ... 49 more
>>
>> Does anybody have any suggestions as to how I can get PasswordService to work in this project?
>>
>> For reference, the source code can be found at https://source.sakaiproject.org/svn/msub/uwo.ca/user/trunk/
>>
>> Thanks,
>> Brian
>>
>> _______________________________________________
>> sakai-dev mailing list
>> sakai-dev at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>
>> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
>>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20120922/9737210c/attachment.html
More information about the sakai-dev
mailing list