rave-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mpie...@apache.org
Subject svn commit: r1157203 - in /incubator/rave/trunk: rave-commons/src/main/java/org/apache/rave/jdbc/util/SqlFileParser.java rave-portal/src/main/resources/initial_data.sql
Date Fri, 12 Aug 2011 18:19:09 GMT
Author: mpierce
Date: Fri Aug 12 18:19:09 2011
New Revision: 1157203

URL: http://svn.apache.org/viewvc?rev=1157203&view=rev
Log:
(RAVE-167) rolling back to previous version of SqlFileParser.java, hard-coding the salted,
hashed passwords in initial_data.sql. The password hashes use SHA-1 and are salted with the
account names.

Modified:
    incubator/rave/trunk/rave-commons/src/main/java/org/apache/rave/jdbc/util/SqlFileParser.java
    incubator/rave/trunk/rave-portal/src/main/resources/initial_data.sql

Modified: incubator/rave/trunk/rave-commons/src/main/java/org/apache/rave/jdbc/util/SqlFileParser.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-commons/src/main/java/org/apache/rave/jdbc/util/SqlFileParser.java?rev=1157203&r1=1157202&r2=1157203&view=diff
==============================================================================
--- incubator/rave/trunk/rave-commons/src/main/java/org/apache/rave/jdbc/util/SqlFileParser.java
(original)
+++ incubator/rave/trunk/rave-commons/src/main/java/org/apache/rave/jdbc/util/SqlFileParser.java
Fri Aug 12 18:19:09 2011
@@ -20,9 +20,6 @@
 package org.apache.rave.jdbc.util;
 
 import org.springframework.core.io.Resource;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.encoding.PasswordEncoder;
-import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
 
 import java.io.BufferedReader;
 import java.io.File;
@@ -33,7 +30,6 @@ import java.util.Set;
 import java.util.Stack;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
-import java.util.StringTokenizer;
 
 /**
  * Parses a file looking for create, alter, insert, update, delete or drop commands and appends
them to an output
@@ -67,19 +63,14 @@ public class SqlFileParser {
     private Stack<State> stateStack;
     private Resource resource;
 
-	 private PasswordEncoder passwordEncoder;
-
     /**
      * Constructor takes a Spring {@link org.springframework.core.io.Resource}
      *
      * @param resource the initial file to parse
      */
-
     public SqlFileParser(Resource resource) {
         stateStack = new Stack<State>();
         this.resource = resource;
-
-		  passwordEncoder=new ShaPasswordEncoder();
     }
 
     /**
@@ -148,10 +139,6 @@ public class SqlFileParser {
                 break;
             }
             case READSQL: {
-					 //This is specific to Rave's initial_data.sql.
-					 //TODO replace this with an external, pluggable utility class.
-					 line=hashAndSaltPassword(line);
-
                 sql.append(line);
                 //add a space to accommodate line breaks.  Not a big deal if extraneous spaces
are added
                 sql.append(" ");
@@ -166,57 +153,9 @@ public class SqlFileParser {
             }
         }
     }
-	 
-	 //TODO: this is specific to initial_data.sql while rest of the class code is 
-	 //general purpose.  Need to find a better way to do this.
-	 private String hashAndSaltPassword(String line) {
-		  String newLine=line;
-
-		  //TODO This will BREAK if the SQL line ever gets changed.
-		  //TODO This is a not very good way to make sure we have the correct line.
-		  if(line.indexOf("@user_id_")>-1 && line.indexOf("user_id_seq")>-1) {
-				StringTokenizer st=new StringTokenizer(newLine,",");
-				if(st.countTokens()>4) {
-					 String userid=st.nextToken();
-					 String userseq=st.nextToken();
-					 String username=st.nextToken();
-					 String password=st.nextToken();
-					 username=stripQuotes(username);
-					 password=stripQuotes(password);
-					 //TODO: This assumes that the user name is used for the salt. This may change.
-					 //See DefaultNewAccountService
-					 String saltedHash=passwordEncoder.encodePassword(password,username);
-					 newLine=replacePassword(newLine,password,saltedHash);
-				}
-				else {
-					 //Line was unexpectedly formatted
-				}
-		  }
-		  else {
-				//Do nothing.
-		  }
-		  
-		  return newLine;
-	 }
-	 
-	 //Used to strip the single quotes around the input string
-	 private String stripQuotes(String quotedString) {
-		  StringBuilder unquoted=new StringBuilder(quotedString);
-		  int index1=unquoted.indexOf("'");
-		  int index2=unquoted.lastIndexOf("'");
-		  return unquoted.substring(index1+1,index2);
-	 }
-
-	 //Replace the password in the original string with the hashed and salted password
-	 private String replacePassword(String line, String password, String hashedPassword) {
-		  StringBuilder newLine=new StringBuilder(line);
-		  newLine=newLine.replace(line.lastIndexOf(password),line.lastIndexOf(password)+password.length(),hashedPassword);
-		  return newLine.toString();
-	 }
 
     private static String getFirstWord(String line) {
         Matcher match = WORD_PATTERN.matcher(line);
         return match.find() ? match.group(1) : null;
     }
-
 }

Modified: incubator/rave/trunk/rave-portal/src/main/resources/initial_data.sql
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-portal/src/main/resources/initial_data.sql?rev=1157203&r1=1157202&r2=1157203&view=diff
==============================================================================
--- incubator/rave/trunk/rave-portal/src/main/resources/initial_data.sql (original)
+++ incubator/rave/trunk/rave-portal/src/main/resources/initial_data.sql Fri Aug 12 18:19:09
2011
@@ -17,43 +17,43 @@
 
 --  --- start user data ---
 insert into user (user_id, username, password, expired, locked, enabled)
-values (set(@user_id_1, next value for user_id_seq), 'canonical', 'canonical', 'N', 'N',
'Y');
+values (set(@user_id_1, next value for user_id_seq), 'canonical', 'b97fd0fa25ba8a504309be2b6651ac6dee167ded',
'N', 'N', 'Y');
 
 insert into user (user_id, username, password, expired, locked, enabled)
-values (set(@user_id_2, next value for user_id_seq), 'john.doe', 'john.doe', 'N', 'N', 'Y');
+values (set(@user_id_2, next value for user_id_seq), 'john.doe', '49e5f5c7c7ae8372af9b3063c493f080d16411f5',
'N', 'N', 'Y');
 
 insert into user (user_id, username, password, expired, locked, enabled)
-values (set(@user_id_3, next value for user_id_seq), 'jane.doe', 'jane.doe', 'N', 'N', 'Y');
+values (set(@user_id_3, next value for user_id_seq), 'jane.doe', '30dd37e81704bbbd4e235c22990802ae25b187da
', 'N', 'N', 'Y');
 
 insert into user (user_id, username, password, expired, locked, enabled)
-values (set(@user_id_4, next value for user_id_seq), 'george.doe', 'george.doe', 'N', 'N',
'Y');
+values (set(@user_id_4, next value for user_id_seq), 'george.doe', '452802e3f2ff8b7b28785f50dfaaaaf80fc1430f',
'N', 'N', 'Y');
 
 insert into user (user_id, username, password, expired, locked, enabled)
-values (set(@user_id_5, next value for user_id_seq),'mario.rossi', 'mario.rossi', 'N', 'N',
'Y');
+values (set(@user_id_5, next value for user_id_seq),'mario.rossi', '8aadae9f6e73a479cb8a565bcfa6e8de2b074e89',
'N', 'N', 'Y');
 
 insert into user (user_id, username, password, expired, locked, enabled)
-values (set(@user_id_6, next value for user_id_seq), 'maija.m', 'maija.m', 'N', 'N', 'Y');
+values (set(@user_id_6, next value for user_id_seq), 'maija.m', '18550acca1b36af6cfa41c82e1caab12073475a1',
'N', 'N', 'Y');
 
 insert into user (user_id, username, password, expired, locked, enabled)
-values (set(@user_id_6, next value for user_id_seq), 'http://rave2011.myopenid.com/', 'unused',
'N', 'N', 'Y');
+values (set(@user_id_6, next value for user_id_seq), 'http://rave2011.myopenid.com/', 'cdf15c184b7d2539b0cfc29ee9f10bad62793d50',
'N', 'N', 'Y');
 
 insert into user (user_id, username, password, expired, locked, enabled)
-values (set(@user_id_7, next value for user_id_seq), 'one.col', 'one.col', 'N', 'N', 'Y');
+values (set(@user_id_7, next value for user_id_seq), 'one.col', '07acee6193e84ba9ae2f7b2bf26538f2d6e4b0a1',
'N', 'N', 'Y');
 
 insert into user (user_id, username, password, expired, locked, enabled)
-values (set(@user_id_8, next value for user_id_seq), 'twown.col', 'twown.col', 'N', 'N',
'Y');
+values (set(@user_id_8, next value for user_id_seq), 'twown.col', '24159ea43cbcecb50021cd14a1d41a8079fd9714',
'N', 'N', 'Y');
 
 insert into user (user_id, username, password, expired, locked, enabled)
-values (set(@user_id_9, next value for user_id_seq), 'three.col', 'three.col', 'N', 'N',
'Y');
+values (set(@user_id_9, next value for user_id_seq), 'three.col', 'c736434430af90772bfd4351bffa3da04cec0403',
'N', 'N', 'Y');
 
 insert into user (user_id, username, password, expired, locked, enabled)
-values (set(@user_id_10, next value for user_id_seq), 'threewn.col', 'threewn.col', 'N',
'N', 'Y');
+values (set(@user_id_10, next value for user_id_seq), 'threewn.col', 'ad67065a5bc25f86036508971a09a58e9c9131e8',
'N', 'N', 'Y');
 
 insert into user (user_id, username, password, expired, locked, enabled)
-values (set(@user_id_11, next value for user_id_seq), 'four.col', 'four.col', 'N', 'N', 'Y');
+values (set(@user_id_11, next value for user_id_seq), 'four.col', 'c875ce4416fc56cd34c01bd366a3af5468137155',
'N', 'N', 'Y');
 
 insert into user (user_id, username, password, expired, locked, enabled)
-values (set(@user_id_12, next value for user_id_seq), 'fourwn.col', 'fourwn.col', 'N', 'N',
'Y');
+values (set(@user_id_12, next value for user_id_seq), 'fourwn.col', 'eb0b450eff79a33027a41a05051f5609a83667e8',
'N', 'N', 'Y');
 --- end user data ---
 
 --- gadget data ---



Mime
View raw message