inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (5.0/Cloud)

Browse Source 
77145: Merged PLATFORM1 (5.0/Cloud) to HEAD-BUG-FIX (5.0/Cloud)
      73891: ACE-1821 - Stop Using MD4 for password encryption on Cloud


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@78001 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Mark Rogers
2014-07-23 15:55:56 +00:00
parent b46331ab9c
commit 7fff2b6627
2 changed files with 62 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config/alfresco/authentication-services-context.xml
View File

@@ -149,6 +149,9 @@
<!-- authentication against the default authentication mechanism. --> <!-- authentication against the default authentication mechanism. -->
<bean id="passwordEncoder" class="org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl" /> <bean id="passwordEncoder" class="org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl" />
<!-- No Op Password Encoder Does not encode a password - used to replace an obsolete encoder e.g. the MD4 one -->
<bean id="noOpPasswordEncoder" class="org.alfresco.repo.security.authentication.NoOpPasswordEncoderImpl" />
<bean id="sha256PasswordEncoder" class="org.alfresco.repo.security.authentication.ShaPasswordEncoderImpl"> <bean id="sha256PasswordEncoder" class="org.alfresco.repo.security.authentication.ShaPasswordEncoderImpl">
<constructor-arg index="0"><value>256</value></constructor-arg> <constructor-arg index="0"><value>256</value></constructor-arg>

59
source/java/org/alfresco/repo/security/authentication/NoOpPasswordEncoderImpl.java Normal file
View File

@@ -0,0 +1,59 @@
/*
* Copyright (C) 2014-2014 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.repo.security.authentication;
import net.sf.acegisecurity.providers.encoding.BaseDigestPasswordEncoder;
/**
* <p>
* NoOp implementation of PasswordEncoder.
* </p>
* The No Op Password Encoder produces a blank hash. And will not match any value of hash.
* Used to replace an obsolete encoder like the MD4.
* </p>
*/
public class NoOpPasswordEncoderImpl extends BaseDigestPasswordEncoder implements MD4PasswordEncoder
{
public NoOpPasswordEncoderImpl()
{
super();
// TODO Auto-generated constructor stub
}
// ~ Methods
// ================================================================
public boolean isPasswordValid(String encPass, String rawPass, Object salt)
{
return false;
}
public String encodePassword(String rawPass, Object salt)
{
return "";
}
public byte[] decodeHash(String encodedHash)
{
return new byte[0];
}
}