kylin-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wu XIANG <w.xia...@gmail.com>
Subject Re: Kylin LDAP encryption
Date Thu, 04 Feb 2016 08:32:26 GMT
Hi Jian, I already filed KYLIN-1401
<https://issues.apache.org/jira/browse/KYLIN-1401> on jira, and will submit
a patch later.

thanks
wu

On Thu, Feb 4, 2016 at 9:11 AM, ShaoFeng Shi <shaofengshi@apache.org> wrote:

> Hi Xiang, thanks for reporting this, and your suggestion is good, we
> should improve it in both document and the tool.
>
> 2016-02-04 0:51 GMT+08:00 Jian Zhong <hellowode110@gmail.com>:
>
>> user can use this to generate encoded password, would appreciate it if
>> you can create a jira and contribute any cli tool to improve this, thanks
>>
>> On Thu, Feb 4, 2016 at 12:49 AM, Jian Zhong <hellowode110@gmail.com>
>> wrote:
>>
>>> PasswordPlaceholderConfigurer#encrypt will get right password.
>>>
>>> from PasswordPlaceholderConfigure#resolvePlaceholder you can see any
>>> placeholder with 'password' need encrypt.
>>>
>>> On Wed, Feb 3, 2016 at 10:01 PM, Wu XIANG <w.xiang7@gmail.com> wrote:
>>>
>>>> thanks jian,
>>>>
>>>>   I managed to integrate LDAP by invoke "PasswordPlaceholderConfigurer#
>>>> encrypt" to encrypt my passwords. I'm not sure if it's the correct way.
>>>>
>>>>   If encryption is needed, is it possible to expose "
>>>> PasswordPlaceholderConfigurer#encrypt" as a CLI tool or just make "
>>>> PasswordPlaceholderConfigurer#key" configurable ?
>>>>
>>>> thanks
>>>> wu
>>>>
>>>>
>>>> On Wed, Feb 3, 2016 at 8:38 PM, Jian Zhong <hellowode110@gmail.com>
>>>> wrote:
>>>>
>>>>> Will update to doc,thank you
>>>>>
>>>>>
>>>>> On Wednesday, February 3, 2016, Jian Zhong <hellowode110@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Yes, encrypted is required.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wednesday, February 3, 2016, Wu XIANG <w.xiang7@gmail.com>
wrote:
>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>>    I'm configuring LDAP integration for Kylin. However, I got
the
>>>>>>> following error when I start Kylin server:
>>>>>>>
>>>>>>> *"Invalid bean definition with name 'ldapSource' defined in class
>>>>>>> path resource [kylinSecurity.xml]: Input length must be multiple
of 16 when
>>>>>>> decrypting with padded cipher"*
>>>>>>>
>>>>>>>    After a little bit of digging, I found this was due to "
>>>>>>> *PasswordPlaceholderConfigurer*", which tries to decrypt passwords
>>>>>>> in kylin.properties file. Does this mean passwords like "
>>>>>>> ldap.password" in kylin.properties should be encrypted ? If so,
I
>>>>>>> hope it's documented in tutorial.
>>>>>>>
>>>>>>>   // PasswordPlaceholderConfigurer.java:Line71
>>>>>>>
>>>>>>> protected String resolvePlaceholder(String placeholder, Properties
>>>>>>> props) {
>>>>>>>
>>>>>>>   if (placeholder.toLowerCase().contains("password")) {
>>>>>>>
>>>>>>>       return decrypt(props.getProperty(placeholder));
>>>>>>>
>>>>>>>   } else {
>>>>>>>
>>>>>>>       return props.getProperty(placeholder);
>>>>>>>
>>>>>>>   }
>>>>>>>
>>>>>>> }
>>>>>>>
>>>>>>>
>>>>>>> p.s.
>>>>>>>
>>>>>>> Kylin Branch: v1.2-release
>>>>>>>
>>>>>>>
>>>>>>> thanks
>>>>>>> *wu*
>>>>>>>
>>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *wu*
>>>>
>>>
>>>
>>
>
>
> --
> Best regards,
>
> Shaofeng Shi
>
>


-- 

*wu*

Mime
View raw message