Fix password encoder for compatibility

main
Paulo Gustavo Veiga 2020-11-08 12:08:13 -08:00
parent 1a524434da
commit 430b30bffb
6 changed files with 51 additions and 17 deletions

View File

@ -0,0 +1,26 @@
package com.wisemapping.security;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import java.util.HashMap;
import java.util.Map;
public class DefaultPasswordEncoderFactories {
private static final String ENCODING_ID = "bcrypt";
@SuppressWarnings("deprecation")
static PasswordEncoder createDelegatingPasswordEncoder() {
final Map<String, PasswordEncoder> encoders = new HashMap<>();
encoders.put(ENCODING_ID, new BCryptPasswordEncoder(16));
DelegatingPasswordEncoder result = new DelegatingPasswordEncoder(ENCODING_ID, encoders);
result.setDefaultPasswordEncoderForMatches(new LegacyPasswordEncoder());
return result;
}
}

View File

@ -18,27 +18,37 @@
package com.wisemapping.security; package com.wisemapping.security;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.apache.log4j.Logger;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
public class CustomPasswordEncoder implements PasswordEncoder { @SuppressWarnings("deprecation")
public class LegacyPasswordEncoder implements PasswordEncoder {
final private static Logger logger = Logger.getLogger("com.wisemapping.security.LegacyPasswordEncoder");
private static final String ENC_PREFIX = "ENC:"; private static final String ENC_PREFIX = "ENC:";
private BCryptPasswordEncoder delegateEncoder = new BCryptPasswordEncoder(16); private static final PasswordEncoder sha1Encoder = new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-1");
@Override @Override
public String encode(CharSequence rawPassword) { public String encode(CharSequence rawPassword) {
String password = rawPassword.toString();
if(!rawPassword.toString().startsWith(ENC_PREFIX)) { logger.info("LegacyPasswordEncoder encode executed.");
password = ENC_PREFIX + delegateEncoder.encode(rawPassword);
String result = rawPassword.toString();
if (!rawPassword.toString().startsWith(ENC_PREFIX)) {
result = ENC_PREFIX + sha1Encoder.encode(rawPassword);
} }
return password; return result;
} }
@Override @Override
public boolean matches(CharSequence rawPassword, String encodedPassword) { public boolean matches(CharSequence rawPassword, String encodedPassword) {
String encodedRawPassword = delegateEncoder.encode(rawPassword);
return delegateEncoder.matches(encodedRawPassword, encodedPassword); String newEncodedPassword = encodedPassword;
if (encodedPassword.startsWith(ENC_PREFIX)) {
newEncodedPassword = encode(rawPassword);
}
return newEncodedPassword.equals(encodedPassword);
} }
} }

View File

@ -1,7 +1,6 @@
log4j.rootLogger=WARN, stdout, R log4j.rootLogger=WARN, stdout, R
log4j.logger.com.wisemapping=WARN,stdout,R log4j.logger.com.wisemapping=INFO,stdout,R
log4j.logger.org.springframework=WARN,stdout,R log4j.logger.org.springframework=INFO,stdout,R
log4j.logger.org.codehaus.jackson=WARN,stdout,R
log4j.logger.org.hibernate=WARN,stdout,R log4j.logger.org.hibernate=WARN,stdout,R
log4j.logger.org.hibernate.engine.StatefulPersistenceContext=ERROR,stdout,R log4j.logger.org.hibernate.engine.StatefulPersistenceContext=ERROR,stdout,R

View File

@ -7,7 +7,7 @@
<beans> <beans>
<bean id="userManager" class="com.wisemapping.dao.UserManagerImpl"> <bean id="userManager" class="com.wisemapping.dao.UserManagerImpl">
<property name="hibernateTemplate" ref="hibernateTemplate"/> <property name="hibernateTemplate" ref="hibernateTemplate"/>
<property name="encoder" ref="encoder"/> <property name="encoder" ref="passwordEncoder"/>
</bean> </bean>
<bean id="mindmapManager" class="com.wisemapping.dao.MindmapManagerImpl"> <bean id="mindmapManager" class="com.wisemapping.dao.MindmapManagerImpl">

View File

@ -8,6 +8,8 @@
http://www.springframework.org/schema/security http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd"> http://www.springframework.org/schema/security/spring-security.xsd">
<bean id="passwordEncoder" class="com.wisemapping.security.DefaultPasswordEncoderFactories" factory-method="createDelegatingPasswordEncoder"/>
<sec:authentication-manager alias="authenticationManager"> <sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="dbAuthenticationProvider"/> <sec:authentication-provider ref="dbAuthenticationProvider"/>
<sec:authentication-provider user-service-ref="userDetailsService"/> <sec:authentication-provider user-service-ref="userDetailsService"/>
@ -15,7 +17,6 @@
<bean id="dbAuthenticationProvider" class="com.wisemapping.security.AuthenticationProvider"> <bean id="dbAuthenticationProvider" class="com.wisemapping.security.AuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"/> <property name="userDetailsService" ref="userDetailsService"/>
<property name="encoder" ref="encoder"/> <property name="encoder" ref="passwordEncoder"/>
</bean> </bean>
</beans> </beans>

View File

@ -87,8 +87,6 @@
<sec:logout logout-url="/c/logout" invalidate-session="true" logout-success-url="/c/login"/> <sec:logout logout-url="/c/logout" invalidate-session="true" logout-success-url="/c/login"/>
</sec:http> </sec:http>
<bean id="encoder" class="com.wisemapping.security.CustomPasswordEncoder"/>
<import resource="wisemapping-security-${security.type}.xml"/> <import resource="wisemapping-security-${security.type}.xml"/>
<bean id="userDetailsService" class="com.wisemapping.security.UserDetailsService"> <bean id="userDetailsService" class="com.wisemapping.security.UserDetailsService">