Plain text authentication in admin console

Hi,

I’‘m writing my own AuthProvider and not planning to support plain text authentication. But, admin console is using plain authentication in login.jsp. I think that better solution should use digest if supported and then try to use plain. Any way if your provider don’‘t support plain authentication you aren’'t able to login admin console.

Thx,

Tim

This is not a best way to fix it, but it works:

Index: login.jsp

===================================================================

— login.jsp (revision 4974)

+++ login.jsp (working copy)

@@ -75,29 +75,36 @@

throw new UnauthorizedException(“Only user ‘‘admin’’ may login.”);

}

}

  •        authToken = AuthFactory.authenticate(username, password);
    
  •        if (AuthFactory.isDigestSupported()) {
    
  •            String token = StringUtils.randomString(10);
    
  •            String digest = StringUtils.hash(token + password, "SHA1");
    
  •            authToken = AuthFactory.authenticate(username, token, digest);
    
  •        }
    
  •        else {
    
  •            authToken = AuthFactory.authenticate(username, password);
    
  •        }
    

session.setAttribute(“jive.admin.authToken”, authToken);

response.sendRedirect(go(url));

Better solution should calculate digest using javascript and send it to the server.

Can this code be merged to release?