directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: multiple user passwords in fortress-rest
Date Fri, 24 Apr 2015 13:09:15 GMT
Le 24/04/15 13:06, Shawn McKinney a écrit :
>> On Apr 24, 2015, at 4:59 AM, Oleksandr Bodriagov (Polystar) <oleksandr.bodriagov@polystar.com>
wrote:
>>
>> Hi,
>>
>> I wanted to test a rest component, so I looked into EmTest.java and saw an
>> example of session creation in ³src/test/resources/createSession.xml"
>> <FortRequest>
>>   <contextId>HOME</contextId>
>>   <entity xsi:type="user"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>>   <userId>emtestuser1</userId>
>>   <password>112</password>
>>   <password>97</password>
>>   <password>115</password>
>>   <password>115</password>
>>   <password>119</password>
>>   <password>111</password>
>>   <password>114</password>
>>   <password>100</password>
>>   </entity>
>>   </FortRequest>
>>
>>
>> If I run this POST request, then everything works and I get the session
>> info back. However, if I remove just one password from the list, then I
>> get 
>> <FortResponse><errorCode>1013</errorCode><errorMessage>PASSWORD
INVALID
>> for userId [emtestuser1], resultCode [INVALID_CREDENTIALS]</errorMessage>
>>
>> I am not sure I understand this concept of multiple passwords. I would be
>> grateful if someone could point me to the resource where I could read
>> about it.
>>
>> Best regards,
>> Oleksandr
>>
> Oleksandr,
>
> The password is stored on user object as array of characters:
>     private char[] password;
>
> Each element in the array is represented as an element in the xml document.  So if you
delete and element, you aren’t deleting a password, you are removing one of the characters
of the user’s password - thus the failure later on on createSession.  Fortress does not
support multiple passwords for users.

Ouch !!!

Wouldn't had it been more efficient to store the password using a base64
encoding ?


Mime
View raw message