[Building Sakai] Using the PasswordService from within the user tool
Steve Swinsburg
steve.swinsburg at gmail.com
Mon Sep 24 07:46:18 PDT 2012
If you can attach a screenshot of the admin part to the Jira, I will review
the code, apply it to my local trunk and test, etc. This is a cool feature
IMO. Also, a couple of questions in the Jira esp w.r.t notifying the user
that their account is locked and next steps - it might not always be
appropriate to send them somewhere else, so just a note about it might be
good.
cheers,
Steve
On Mon, Sep 24, 2012 at 12:54 PM, Jennings, Michael
<mike_jennings at unc.edu>wrote:
> I have assigned this to me so if this is not right what would everyone
> like me to do with it. I don't mind running with this feature and working
> at getting it put into production!
>
> Please let me know how to proceed.
>
> Mike
>
> Aaron Zeckoski <azeckoski at unicon.net> wrote:
>
>
> Like Matt says, in the case of contributed patches it is typically the
> person doing the review and commit.
> -AZ
>
>
> On Sun, Sep 23, 2012 at 8:00 PM, Matthew Jones <matthew at longsight.com>
> wrote:
> > Yea the "Assignee" field is tough. Usually it's the person who actually
> does
> > the commit t to trunk. Sometimes it's the person who actually does the
> work
> > and attaches patches. Ultimately whoever it's assigned should follow
> through
> > and make sure that it makes it into trunk somehow though. If they aren't
> > able to actually make the commits, this involves emailing the
> > cle-release-team at collab.sakaiproject.org or calling into the Thursday
> > morning meetings and getting it on the agenda.
> >
> >
> > On Sun, Sep 23, 2012 at 6:53 PM, Mike Jennings <mike_jennings at unc.edu>
> > wrote:
> >>
> >> I have uploaded my patches to the
> >> https://jira.sakaiproject.org/browse/SAK-16499 call ticket.....
> >>
> >> I hope that helps people out... I am going to go ahead and assign the
> >> ticket to me.... don't know what that actually means, but it is my code
> >> and I will take ownership of it :D
> >>
> >> Mike
> >>
> >>
> >>
> ==============================================================================
> >> Mike Jennings
> >> Teaching and Learning Developer
> >> University of North Carolina at Chapel Hill
> >>
> >> Office: (919) 843-5013
> >> Cell: (919) 698-3746
> >> E-mail: mike_jennings at unc.edu
> >>
> >> On 9/22/2012 2:18 AM, Steve Swinsburg wrote:
> >> > If PasswordService doesn't have a public API (i.e. an interface), then
> >> > you cannot access it externally since the impl's live in a special
> area
> >> > of Tomcat and need to be handled specially.
> >> >
> >> > Your best bet would be to spend time on a way to lock/unlock a user
> >> > account - Mike at UNC has already done this so that would be the best
> >> > way forward. Duplicating code and moving data around in the database
> >> > sounds yucky.
> >> >
> >> > Mike, there is a Jira already for this here:
> >> > https://jira.sakaiproject.org/browse/SAK-16499 - Just reopen it and
> send
> >> > your code that way.
> >> >
> >> > cheers,
> >> > Steve
> >> >
> >> > On 22/09/2012, at 2:22 PM, Brian Baillargeon <bbailla2 at uwo.ca
> >> > <mailto:bbailla2 at uwo.ca>> wrote:
> >> >
> >> >> Passwords must never be stored unencrypted.
> >> >>
> >> >> Here's what I was thinking - if you add this dependency to a project:
> >> >>>
> >> >>> <dependency>
> >> >>> <groupId>org.sakaiproject.kernel</groupId>
> >> >>> <artifactId>sakai-kernel-impl</artifactId>
> >> >>> <version>${sakai.kernel.version}</version>
> >> >>> </dependency>
> >> >> you should be able to see the class definition for PasswordService
> >> >> inside the sakai-kernel-impl jar in your local maven repository. So I
> >> >> don't see what's preventing java from finding PasswordService's class
> >> >> definition at runtime. I saw that it doesn't appear to be a bean like
> >> >> any other service, so I was trying to call the inherited Object
> >> >> constructor followed by encrypt(). I'm at home (and away from my dev
> >> >> environment), so I can't verify whether this works in any other
> >> >> project, but my conjecture is that java can't find PasswordService
> due
> >> >> to some kind of naming issue since we're working under the
> >> >> org.sakaiproject.user package, and PasswordService is also under that
> >> >> package.
> >> >>
> >> >> I see three options
> >> >> - Get PasswordService to work in the user tool and proceed with my
> >> >> original plan
> >> >> - Clone PasswordService into this project. This means if the
> >> >> encryption strategy changes in a future kernel-impl upgrade, a
> >> >> conflict will exist.
> >> >> - Create the account (with a UserEdit) and copy the resulting row
> from
> >> >> SAKAI_USER into my table, delete the account, wait until the user
> >> >> validates their email address to move them back to SAKAI_USER.
> >> >>
> >> >> Any ideas on how to get PasswordService working?
> >> >>
> >> >> On 09/21/12, *Matthew Jones * <matthew at longsight.com
> >> >> <mailto:matthew at longsight.com>> wrote:
> >> >>> Because the PasswordService doesn't have an api in shared (and it
> >> >>> isn't itself) in shared, I'm not sure you could do that. You
> probably
> >> >>> could set their password as an random bit of strings though, it
> >> >>> doesn't have to go through this service if you don't care if it
> >> >>> *works* or not, just that it locks them out?
> >> >>>
> >> >>> You could probably even just store it in the password field as
> >> >>> "*"+their password, then just remove the first character to unlock.
> >> >>> That's what the old unix lockout used to be right?
> >> >>>
> >> >>> On Fri, Sep 21, 2012 at 5:22 PM, Brian Baillargeon <bbailla2 at uwo.ca
> >> >>> <mailto:bbailla2 at uwo.ca>> wrote:
> >> >>>
> >> >>> Hello,
> >> >>>
> >> >>> Currently the user tool (sakai.createuser) adds users upon
> >> >>> submitting the form. We want to ensure that we get the correct
> >> >>> email addresses from our users, so we're trying to customize the
> >> >>> tool to send the user an email with a validation token before
> >> >>> their account gets created.
> >> >>>
> >> >>> In doing this, my plan is to create a separate database table to
> >> >>> temporarily store the information they've filled on the New User
> >> >>> form until they've validated their email address. Since they
> >> >>> insert their password, I need to encrypt it, and I found that
> >> >>> BaseUserEdit encrypts passwords using
> >> >>> org.sakaiproject.user.impl.PasswordService. So I'll store the
> >> >>> user's inserted information including their encrypted password,
> >> >>> and once the user has validated their email address I'll create
> >> >>> their account with a random password and manually update their
> >> >>> row in the SAKAI_USER table with the encrypted password from my
> >> >>> table.
> >> >>>
> >> >>> I'm having trouble using PasswordService from within the user
> >> >>> project though.
> >> >>> So, to pull in PasswordService I have:
> >> >>> <dependency>
> >> >>> <groupId>org.sakaiproject.kernel</groupId>
> >> >>> <artifactId>sakai-kernel-impl</artifactId>
> >> >>> <version>${sakai.kernel.version}</version>
> >> >>> </dependency>
> >> >>>
> >> >>> I can compile a class that calls new PasswordService() without
> >> >>> errors, but at runtime I'm getting:
> >> >>>
> >> >>> 2012-09-21 16:50:17,617 WARN http-8081-Processor25
> >> >>> org.sakaiproject.cheftool.VelocityPortletPaneledAction -
> >> >>> Exception calling method doSave
> >> >>> java.lang.reflect.InvocationTargetException (Caused by
> >> >>> java.lang.NoClassDefFoundError:
> >> >>> org/sakaiproject/user/impl/PasswordService)
> >> >>> java.lang.reflect.InvocationTargetException
> >> >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> >> >>> Method)
> >> >>> at
> >> >>>
> >> >>>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> >> >>> at
> >> >>>
> >> >>>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> >> >>> at java.lang.reflect.Method.invoke(Method.java:597)
> >> >>> at
> >> >>>
> >> >>>
> org.sakaiproject.cheftool.VelocityPortletPaneledAction.actionDispatch(VelocityPortletPaneledAction.java:657)
> >> >>> at
> >> >>>
> >> >>>
> org.sakaiproject.cheftool.VelocityPortletPaneledAction.processAction(VelocityPortletPaneledAction.java:555)
> >> >>> at
> >> >>>
> org.sakaiproject.cheftool.ToolServlet.doGet(ToolServlet.java:230)
> >> >>> at
> >> >>>
> >> >>>
> org.sakaiproject.cheftool.VelocityPortletPaneledAction.doGet(VelocityPortletPaneledAction.java:1086)
> >> >>> at
> >> >>>
> org.sakaiproject.cheftool.ToolServlet.doPost(ToolServlet.java:154)
> >> >>> at
> >> >>> javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
> >> >>> at
> >> >>>
> >> >>>
> org.sakaiproject.vm.ComponentServlet.service(ComponentServlet.java:56)
> >> >>> at
> >> >>> javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> >> >>> at
> >> >>>
> >> >>> org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:598)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:659)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:457)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:359)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:311)
> >> >>> at
> >> >>>
> >> >>>
> org.sakaiproject.tool.impl.ActiveToolComponent$MyActiveTool.forward(ActiveToolComponent.java:511)
> >> >>> at
> >> >>>
> >> >>>
> org.sakaiproject.portal.charon.SkinnableCharonPortal.forwardTool(SkinnableCharonPortal.java:1429)
> >> >>> at
> >> >>>
> >> >>>
> org.sakaiproject.portal.charon.handlers.ToolHandler.doTool(ToolHandler.java:204)
> >> >>> at
> >> >>>
> >> >>>
> org.sakaiproject.portal.charon.handlers.ToolHandler.doGet(ToolHandler.java:96)
> >> >>> at
> >> >>>
> >> >>>
> org.sakaiproject.portal.charon.handlers.ToolHandler.doPost(ToolHandler.java:73)
> >> >>> at
> >> >>>
> >> >>>
> org.sakaiproject.portal.charon.SkinnableCharonPortal.doPost(SkinnableCharonPortal.java:1224)
> >> >>> at
> >> >>> javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
> >> >>> at
> >> >>> javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> >> >>> at
> >> >>>
> >> >>> org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:659)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
> >> >>> at
> >> >>>
> >> >>>
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
> >> >>> at java.lang.Thread.run(Thread.java:662)
> >> >>> Caused by: java.lang.NoClassDefFoundError:
> >> >>> org/sakaiproject/user/impl/PasswordService
> >> >>> at
> >> >>>
> >> >>>
> org.sakaiproject.user.uservalidation.model.ValidatablePersonHibernateImpl.setPassword(ValidatablePersonHibernateImpl.java:70)
> >> >>> at
> >> >>>
> >> >>>
> org.sakaiproject.user.tool.UsersAction.readUserForm(UsersAction.java:966)
> >> >>> at
> >> >>>
> >> >>> org.sakaiproject.user.tool.UsersAction.doSave(UsersAction.java:665)
> >> >>> ... 46 more
> >> >>> Caused by: java.lang.ClassNotFoundException:
> >> >>> org.sakaiproject.user.impl.PasswordService
> >> >>> at
> java.net.URLClassLoader$1.run(URLClassLoader.java:202)
> >> >>> at java.security.AccessController.doPrivileged(Native
> >> >>> Method)
> >> >>> at
> >> >>> java.net.URLClassLoader.findClass(URLClassLoader.java:190)
> >> >>> at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
> >> >>> at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
> >> >>> ... 49 more
> >> >>>
> >> >>> Does anybody have any suggestions as to how I can get
> >> >>> PasswordService to work in this project?
> >> >>>
> >> >>> For reference, the source code can be found at
> >> >>> https://source.sakaiproject.org/svn/msub/uwo.ca/user/trunk/
> >> >>>
> >> >>> Thanks,
> >> >>> Brian
> >> >>>
> >> >>> _______________________________________________
> >> >>> sakai-dev mailing list
> >> >>> sakai-dev at collab.sakaiproject.org
> >> >>> <mailto:sakai-dev at collab.sakaiproject.org>
> >> >>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> >> >>>
> >> >>> TO UNSUBSCRIBE: send email to
> >> >>> sakai-dev-unsubscribe at collab.sakaiproject.org
> >> >>> <mailto:sakai-dev-unsubscribe at collab.sakaiproject.org> with a
> >> >>> subject of "unsubscribe"
> >> >>>
> >> >>>
> >> >> _______________________________________________
> >> >> sakai-dev mailing list
> >> >> sakai-dev at collab.sakaiproject.org
> >> >> <mailto:sakai-dev at collab.sakaiproject.org>
> >> >> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> >> >>
> >> >> TO UNSUBSCRIBE: send email to
> >> >> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> >> >> "unsubscribe"
> >> >
> >> >
> >> >
> >> > _______________________________________________
> >> > sakai-dev mailing list
> >> > sakai-dev at collab.sakaiproject.org
> >> > http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> >> >
> >> > TO UNSUBSCRIBE: send email to
> >> > sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> >> > "unsubscribe"
> >> >
> >> _______________________________________________
> >> sakai-dev mailing list
> >> sakai-dev at collab.sakaiproject.org
> >> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> >>
> >> TO UNSUBSCRIBE: send email to
> >> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> >> "unsubscribe"
> >
> >
> >
> > _______________________________________________
> > sakai-dev mailing list
> > sakai-dev at collab.sakaiproject.org
> > http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
> >
> > TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org
> > with a subject of "unsubscribe"
>
>
>
> --
> Aaron Zeckoski - Software Architect - http://tinyurl.com/azprofile
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20120925/5d9dc82f/attachment.html
More information about the sakai-dev
mailing list