Is DefaultAuthProvider class provide all user’'s authentications?
I modified authenticate(String username, String password) method:
pstmt.setString(2, md5.getMD5ofStr(password.trim())); // encode password with MD5
Finally, admin console login successfully, but other jive client login failed.
Thanks,
-Rosen
Hi!
Did you also change DefaultUserProvider.createUser(…)?
EDIT: You may also look at this http://www.jivesoftware.org/forums/thread.jspa?threadID=13920&tstart=15
Message was edited by:
Jörg Weinmann
Hi Jörg,
Thanks for your attention! I did not change DefaultUserProvider.createUser(…) method, i cannot use MD5 login indeed (only admin user login “Admin Console” successfully but other jive client login Jive server failed).
Could anybody post a detail info explaining “How to” ?
Thanks
-Rosen
Hi Rosen,
I think what Jörg is trying to say is that you need to make sure that anywhere a database operation takes place involving a password you need to make sure to use the StringUtils.hash() method. If you do not, sometimes the passwords are going to be stored in plaintext and other times they will be hashed, so when you try to match them you will run into troubles.
I have not tried to implement the password encoding myself but after doing a quick search you will want to change the following methods:
DefaultUserProvider.createUser(); //line ~107
DefaultUserProvider.setPassword(); //line ~366
DefaultAuthProvider.authenticate() //line ~49
/code
I might have missed a spot or two where you will need to make the changes, so be sure to look through DefaultUserProvider and DefaultAuthProvider yourself for anyplace a password is used.
Hope that helps,
Ryan