[Building Sakai] Using the PasswordService from within the user tool
Matthew Jones
matthew at longsight.com
Sat Sep 22 08:32:29 PDT 2012
Yea, I agree that you wouldn't store it unencrypted. I was thinking you
could use the UserDirectoryService to add a user which would encrypt the
password, then you could retrieve the encrypted password and set it
altered. But it doesn't look like you can get at the password this way.
(Whatever you set is always encrypted, and no getter.
I'm not entirely sure why what you're suggesting now isn't working but it
(importing the impl) isn't going to be a good long term solution either.
And taking out just the PasswordService class while possible isn't great
for long term maintenance either.
If your end goal is just to lock the user I agree that Mike's solution is
the way to go.
If you really need to get at the password or PasswordService you'd want to
add an api to shared with the methods you need. Then you can use the
ComponentManager (or a bean injection) to get to it. As a hack, y might
even be able to just addUser (which encrypts the password) then use
reflection to get at the actual password fields of the User object to
alter/lock the encrypted password. It always encrypts everything you put in
(there is no setPassword that doesn't encrypt)
On Sat, Sep 22, 2012 at 2:18 AM, Steve Swinsburg
<steve.swinsburg at gmail.com>wrote:
> If PasswordService doesn't have a public API (i.e. an interface), then you
> cannot access it externally since the impl's live in a special area of
> Tomcat and need to be handled specially.
>
> Your best bet would be to spend time on a way to lock/unlock a user
> account - Mike at UNC has already done this so that would be the best way
> forward. Duplicating code and moving data around in the database sounds
> yucky.
>
> Mike, there is a Jira already for this here:
> https://jira.sakaiproject.org/browse/SAK-16499 - Just reopen it and send
> your code that way.
>
> cheers,
> Steve
>
> On 22/09/2012, at 2:22 PM, Brian Baillargeon <bbailla2 at uwo.ca> wrote:
>
> Passwords must never be stored unencrypted.
>
> Here's what I was thinking - if you add this dependency to a project:
>
> <dependency>
>> <groupId>org.sakaiproject.kernel</groupId>
>> <artifactId>sakai-kernel-impl</artifactId>
>> <version>${sakai.kernel.version}</version>
>> </dependency>
>>
> you should be able to see the class definition for PasswordService inside
> the sakai-kernel-impl jar in your local maven repository. So I don't see
> what's preventing java from finding PasswordService's class definition at
> runtime. I saw that it doesn't appear to be a bean like any other service,
> so I was trying to call the inherited Object constructor followed by
> encrypt(). I'm at home (and away from my dev environment), so I can't
> verify whether this works in any other project, but my conjecture is that
> java can't find PasswordService due to some kind of naming issue since
> we're working under the org.sakaiproject.user package, and PasswordService
> is also under that package.
>
> I see three options
> - Get PasswordService to work in the user tool and proceed with my
> original plan
> - Clone PasswordService into this project. This means if the encryption
> strategy changes in a future kernel-impl upgrade, a conflict will exist.
> - Create the account (with a UserEdit) and copy the resulting row from
> SAKAI_USER into my table, delete the account, wait until the user validates
> their email address to move them back to SAKAI_USER.
>
> Any ideas on how to get PasswordService working?
>
> On 09/21/12, *Matthew Jones * <matthew at longsight.com> wrote:
>
> Because the PasswordService doesn't have an api in shared (and it isn't
> itself) in shared, I'm not sure you could do that. You probably could set
> their password as an random bit of strings though, it doesn't have to go
> through this service if you don't care if it *works* or not, just that it
> locks them out?
>
> You could probably even just store it in the password field as "*"+their
> password, then just remove the first character to unlock. That's what the
> old unix lockout used to be right?
>
> On Fri, Sep 21, 2012 at 5:22 PM, Brian Baillargeon <bbailla2 at uwo.ca>wrote:
>
>> Hello,
>>
>> Currently the user tool (sakai.createuser) adds users upon submitting the
>> form. We want to ensure that we get the correct email addresses from our
>> users, so we're trying to customize the tool to send the user an email with
>> a validation token before their account gets created.
>>
>> In doing this, my plan is to create a separate database table to
>> temporarily store the information they've filled on the New User form until
>> they've validated their email address. Since they insert their password, I
>> need to encrypt it, and I found that BaseUserEdit encrypts passwords using
>> org.sakaiproject.user.impl.PasswordService. So I'll store the user's
>> inserted information including their encrypted password, and once the user
>> has validated their email address I'll create their account with a random
>> password and manually update their row in the SAKAI_USER table with the
>> encrypted password from my table.
>>
>> I'm having trouble using PasswordService from within the user project
>> though.
>> So, to pull in PasswordService I have:
>> <dependency>
>> <groupId>org.sakaiproject.kernel</groupId>
>> <artifactId>sakai-kernel-impl</artifactId>
>> <version>${sakai.kernel.version}</version>
>> </dependency>
>>
>> I can compile a class that calls new PasswordService() without errors,
>> but at runtime I'm getting:
>>
>> 2012-09-21 16:50:17,617 WARN http-8081-Processor25
>> org.sakaiproject.cheftool.VelocityPortletPaneledAction - Exception calling
>> method doSave java.lang.reflect.InvocationTargetException (Caused by
>> java.lang.NoClassDefFoundError: org/sakaiproject/user/impl/PasswordService)
>> java.lang.reflect.InvocationTargetException
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:597)
>> at
>> org.sakaiproject.cheftool.VelocityPortletPaneledAction.actionDispatch(VelocityPortletPaneledAction.java:657)
>> at
>> org.sakaiproject.cheftool.VelocityPortletPaneledAction.processAction(VelocityPortletPaneledAction.java:555)
>> at
>> org.sakaiproject.cheftool.ToolServlet.doGet(ToolServlet.java:230)
>> at
>> org.sakaiproject.cheftool.VelocityPortletPaneledAction.doGet(VelocityPortletPaneledAction.java:1086)
>> at
>> org.sakaiproject.cheftool.ToolServlet.doPost(ToolServlet.java:154)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
>> at
>> org.sakaiproject.vm.ComponentServlet.service(ComponentServlet.java:56)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>> at
>> org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:598)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>> at
>> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:659)
>> at
>> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:457)
>> at
>> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:359)
>> at
>> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:311)
>> at
>> org.sakaiproject.tool.impl.ActiveToolComponent$MyActiveTool.forward(ActiveToolComponent.java:511)
>> at
>> org.sakaiproject.portal.charon.SkinnableCharonPortal.forwardTool(SkinnableCharonPortal.java:1429)
>> at
>> org.sakaiproject.portal.charon.handlers.ToolHandler.doTool(ToolHandler.java:204)
>> at
>> org.sakaiproject.portal.charon.handlers.ToolHandler.doGet(ToolHandler.java:96)
>> at
>> org.sakaiproject.portal.charon.handlers.ToolHandler.doPost(ToolHandler.java:73)
>> at
>> org.sakaiproject.portal.charon.SkinnableCharonPortal.doPost(SkinnableCharonPortal.java:1224)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>> at
>> org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:659)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
>> at
>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
>> at
>> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
>> at
>> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
>> at
>> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
>> at
>> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
>> at java.lang.Thread.run(Thread.java:662)
>> Caused by: java.lang.NoClassDefFoundError:
>> org/sakaiproject/user/impl/PasswordService
>> at
>> org.sakaiproject.user.uservalidation.model.ValidatablePersonHibernateImpl.setPassword(ValidatablePersonHibernateImpl.java:70)
>> at
>> org.sakaiproject.user.tool.UsersAction.readUserForm(UsersAction.java:966)
>> at
>> org.sakaiproject.user.tool.UsersAction.doSave(UsersAction.java:665)
>> ... 46 more
>> Caused by: java.lang.ClassNotFoundException:
>> org.sakaiproject.user.impl.PasswordService
>> at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
>> ... 49 more
>>
>> Does anybody have any suggestions as to how I can get PasswordService to
>> work in this project?
>>
>> For reference, the source code can be found at
>> https://source.sakaiproject.org/svn/msub/uwo.ca/user/trunk/
>>
>> Thanks,
>> Brian
>>
>> _______________________________________________
>> sakai-dev mailing list
>> sakai-dev at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>
>> TO UNSUBSCRIBE: send email to
>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>> "unsubscribe"
>>
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20120922/e9532953/attachment.html
More information about the sakai-dev
mailing list