directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleksandr Bodriagov (Polystar)" <oleksandr.bodria...@polystar.com>
Subject Re: multiple user passwords in fortress-rest
Date Fri, 24 Apr 2015 13:56:18 GMT
Hi,

1) By the way, are passwords stored using salting and hashing in LDAP?

2) Are there any plans to implement a JSON-based REST API?

3) After creating the session for the “emtestuser1” I get:
<?xml version="1.0" encoding="UTF-8"
standalone="yes"?><FortResponse><errorCode>0</errorCode><entity
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:nil="true"/><isAuthorized
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:nil="true"/><session><modId>2767b60b-bfe2-4b08-99c3-119e9ad9d5d8</modId
><user><modId>833bbb1c-fe87-4767-90cf-e9569ab235e6</modId><userId>emtestuse
>r1</userId><description>enmasse test user1</description><name>emtest
>user1</name><internalId>161d82ab-3022-4e15-ab22-4f4959ff8845</internalId><
>ou>emtestorg1</ou><sn>user1</sn><cn>emtest
>user1</cn><dn>uid=emtestuser1,ou=People,dc=example,dc=com</dn><address><ad
>dresses>123 Test Ln</addresses><addresses>Suite
>1</addresses><addresses>c/o
>resident</addresses><city>TestCity</city><state>AR</state><postalCode>7211
>3</postalCode></address><phones>111-222-3333</phones><phones>222-222-3333<
>/phones><mobiles>333-222-3333</mobiles><mobiles>444-222-3333</mobiles><pro
>ps><modId>05bc5018-f54c-4bf5-b877-5706352ee61d</modId><entry><key>prop1</k
>ey><value>value1</value></entry><entry><key>init</key><value></value></ent
>ry></props><locked>false</locked><reset>false</reset><timeout>0</timeout><
>roles><modId>5d3c9297-5489-49f3-9fc8-ad86b43c274b</modId><name>emrole1</na
>me><userId>emtestuser1</userId><parents>EMROLE2</parents><beginDate>201201
>01</beginDate><beginLockDate>none</beginLockDate><beginTime>0100</beginTim
>e><dayMask>1234567</dayMask><endDate>none</endDate><endLockDate>20140101</
>endLockDate><endTime>2359</endTime><timeout>0</timeout></roles></user><isA
>uthenticated>true</isAuthenticated><sessionId>0d079d0f-8969-417e-8a5f-fbd9
>ec0eada2</sessionId><lastAccess>1429882798607</lastAccess><timeout>0</time
>out><errorId>0</errorId><expirationSeconds>0</expirationSeconds><graceLogi
>ns>0</graceLogins></session></FortResponse>


But I have no idea how to use this session object to get RBAC permissions.
I do the following:
curl -X POST -H "Authorization: Basic ZGVtb3VzZXI0OnBhc3N3b3Jk" -H
"Accept: application/xml" -H "Content-Type: application/xml" -d @perms.xml
http://127.0.0.1:8080/fortress-rest-1.0-RC40-SNAPSHOT/rbacPerms


Where perms.xml contains a copied session object (xml), and has the
following form:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<FortRequest><entity xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:nil="true"/><isAuthorized
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:nil="true"/><session><modId>2767b60b-bfe2-4b08-99c3-119e9ad9d5d8</modId
><user><modId>833bbb1c-fe87-4767-90cf-e9569ab235e6</modId><userId>emtestuse
>r1</userId><description>enmasse test user1</description><name>emtest
>user1</name><internalId>161d82ab-3022-4e15-ab22-4f4959ff8845</internalId><
>ou>emtestorg1</ou><sn>user1</sn><cn>emtest
>user1</cn><dn>uid=emtestuser1,ou=People,dc=example,dc=com</dn><address><ad
>dresses>123 Test Ln</addresses><addresses>Suite
>1</addresses><addresses>c/o
>resident</addresses><city>TestCity</city><state>AR</state><postalCode>7211
>3</postalCode></address><phones>111-222-3333</phones><phones>222-222-3333<
>/phones><mobiles>333-222-3333</mobiles><mobiles>444-222-3333</mobiles><pro
>ps><modId>05bc5018-f54c-4bf5-b877-5706352ee61d</modId><entry><key>prop1</k
>ey><value>value1</value></entry><entry><key>init</key><value></value></ent
>ry></props><locked>false</locked><reset>false</reset><timeout>0</timeout><
>roles><modId>5d3c9297-5489-49f3-9fc8-ad86b43c274b</modId><name>emrole1</na
>me><userId>emtestuser1</userId><parents>EMROLE2</parents><beginDate>201201
>01</beginDate><beginLockDate>none</beginLockDate><beginTime>0100</beginTim
>e><dayMask>1234567</dayMask><endDate>none</endDate><endLockDate>20140101</
>endLockDate><endTime>2359</endTime><timeout>0</timeout></roles></user><isA
>uthenticated>true</isAuthenticated><sessionId>0d079d0f-8969-417e-8a5f-fbd9
>ec0eada2</sessionId><lastAccess>1429882798607</lastAccess><timeout>0</time
>out><errorId>0</errorId><expirationSeconds>0</expirationSeconds><graceLogi
>ns>0</graceLogins></session></FortRequest>


I get:

<?xml version="1.0" encoding="UTF-8"
standalone="yes"?><FortResponse><errorCode>101</errorCode><errorMessage>ass
ertContext detected null entity for method
[org.apache.directory.fortress.core.AccessMgrFactory.createInstance],
error code [101]</errorMessage><entity
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:nil="true"/><isAuthorized
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:nil="true"/><session
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:nil="true"/></FortResponse>

What am I doing wrong in my POST?

/Oleksandr






On 24/4/2015 15:09 , "Emmanuel Lécharny" <elecharny@gmail.com> wrote:

>Le 24/04/15 13:06, Shawn McKinney a écrit :
>>> On Apr 24, 2015, at 4:59 AM, Oleksandr Bodriagov (Polystar)
>>><oleksandr.bodriagov@polystar.com> wrote:
>>>
>>> Hi,
>>>
>>> I wanted to test a rest component, so I looked into EmTest.java and
>>>saw an
>>> example of session creation in ³src/test/resources/createSession.xml"
>>> <FortRequest>
>>>   <contextId>HOME</contextId>
>>>   <entity xsi:type="user"
>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>>>   <userId>emtestuser1</userId>
>>>   <password>112</password>
>>>   <password>97</password>
>>>   <password>115</password>
>>>   <password>115</password>
>>>   <password>119</password>
>>>   <password>111</password>
>>>   <password>114</password>
>>>   <password>100</password>
>>>   </entity>
>>>   </FortRequest>
>>>
>>>
>>> If I run this POST request, then everything works and I get the session
>>> info back. However, if I remove just one password from the list, then I
>>> get 
>>> <FortResponse><errorCode>1013</errorCode><errorMessage>PASSWORD
INVALID
>>> for userId [emtestuser1], resultCode
>>>[INVALID_CREDENTIALS]</errorMessage>
>>>
>>> I am not sure I understand this concept of multiple passwords. I would
>>>be
>>> grateful if someone could point me to the resource where I could read
>>> about it.
>>>
>>> Best regards,
>>> Oleksandr
>>>
>> Oleksandr,
>>
>> The password is stored on user object as array of characters:
>>     private char[] password;
>>
>> Each element in the array is represented as an element in the xml
>>document.  So if you delete and element, you aren’t deleting a password,
>>you are removing one of the characters of the user’s password - thus the
>>failure later on on createSession.  Fortress does not support multiple
>>passwords for users.
>
>Ouch !!!
>
>Wouldn't had it been more efficient to store the password using a base64
>encoding ?


Mime
View raw message