portals-jetspeed-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ron Wheeler <rwhee...@artifact-software.com>
Subject Re: Using Jetspeed password encryption
Date Mon, 19 Nov 2007 17:23:30 GMT
I think that we are faced with the same problem (or a similar one).

I am wondering if this approach will make it more difficult to upgrade 
to later versions of Jetspeed since we would have radically altered a 
core part of Jetspeed and might have a hard time finding out places 
where the new Jetspeed version would require changes during the upgrade.

Another approach that I am considering is to add a custom table to hold 
the extra user information that I need and to  keep the  login, change 
password, etc. functions from Jetspeed  unchanged. The username would be 
the key into my table and I would only need to add a way to create the 
entry in the new table when a user is created and to do any cleanup 
required if a user is detsroyed.

Does anyone have any sense of what the "Best Practice" is for handling  
application specific user  information?
Are there hooks in Jetspeed's registration flow where this information 
can be created?


Ron

 
Dennis Dam wrote:
> Hi Saurabh,
>
> tracing it down in the code, I found the default password encoder in 
> the Jetspeed spring assembly configuration:
>
> <bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
>       
> class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">

>
>       <constructor-arg 
> index="0"><value>SHA-1</value></constructor-arg>       </bean>
> this encoder class (MessageDigestCredentialPasswordEncoder) uses SHA-1 
> encryption, and then applies Base64 encoding to get a valid string.
>
> Hope this helps ?
>
> regards,
> Dennis
>
> $aurabh Vig wrote:
>> Hi,
>>
>> I need to create a new portlet for User Registration as I need to 
>> change the
>> User Info fields associated with each user.
>> I plan to create a new portlet that will create the user in the Jetspeed
>> tables and add the user info fields as required by my application.
>> To do this I will need the password encryption being used by 
>> Jetspeed, so
>> that I an create the user in SECURITY_PRINCIPAL table, its password in
>> SECURITY_CREDENTIALS table and the rest user info in my tables.
>> Thus the user created would be a jetspeed user created by my portlet, 
>> and
>> thus the user would login to jetspeed only.
>>
>> Could anyone please hint me on how can i use the jetspeed encryption 
>> algo in
>> my portlet.
>> Its urgent, I m bound by a very tight schedule. Any help on that 
>> would be
>> really helpful.
>>
>> Regards,
>> Saurabh
>>
>>
>> On Nov 16, 2007 6:43 AM, $aurabh Vig <saurabhvig@gmail.com> wrote:
>> Thanks Jennifer,
>>
>> Could just figure that out yesterday with some hit and trials, and was
>> trying to see if there was some way with the admin portals to do that
>> automatically when a new user is created.
>> I guess writing a new user creation portlet is a way. anything better 
>> than
>> that??
>>
>>
>> Regards,
>> Saurabh
>>
>> On Nov 15, 2007 9:38 PM, Ford, Jennifer M. <JENNFORD@southernco.com> 
>> wrote:
>> Yes, if you make a directory for the user under pages/_user and add a
>> copy of the page to that, they can modify the page as much as they want
>> and it won't affect any other users of your portal.
>>
>> -----Original Message-----
>> From: $aurabh Vig [mailto:saurabhvig@gmail.com]
>> Sent: Wednesday, November 14, 2007 9:45 PM
>> To: Jetspeed Users List
>> Subject: Custom pages for users
>>
>> Hi,
>>
>> Is it possible to have the same page on any site/subsite customized
>> diffrerently for different users?
>> I mean each user gets a different view on the same page by editing the
>> page himself, something like igoogle.
>>
>>
>> Regards,
>> Saurabh
>>
>> ------------------------------
>>  
>>> ---------------------------------------
>>> To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
>>> For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
>>> For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>>>
>>>     
>>
>>   
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org


Mime
View raw message