um.git - Ulrich Hilger Code Repository

parent: 60325e29 | patch | commit | ignore whitespace

ulrich

2017-01-06 e0ec318eaf4c6f6129f57174bcb5873763541c13

Digester auf SHA-256 umgestellt

5 files modified

2 files added

	src/java/de/uhilger/um/Digester.java	3 ●●●●● patch \| view \| raw \| blame \| history
	src/java/de/uhilger/um/api/UserMgr.java	6 ●●●●● patch \| view \| raw \| blame \| history
	web/META-INF/context.xml	2 ●●●●● patch \| view \| raw \| blame \| history
	web/WEB-INF/create_database.sql	2 ●●●●● patch \| view \| raw \| blame \| history
	web/WEB-INF/web.xml	23 ●●●●● patch \| view \| raw \| blame \| history
	web/login_error.jsp	25 ●●●●● patch \| view \| raw \| blame \| history
	web/login_form.html	87 ●●●●● patch \| view \| raw \| blame \| history

 src/java/de/uhilger/um/Digester.java

@@ -34,7 +34,8 @@
  
  /** Name des MD5-Algorithmus zum Verschl&uuml;sseln */
  public static final String MD5 = "MD5";

  public static final String SHA256 = "sha-256";
  
  /**
   * Einen Ausdruck verschl&uuml;sseln
   * 

 src/java/de/uhilger/um/api/UserMgr.java

@@ -94,7 +94,11 @@
    String kw = user.getPw();
    String digesterClassName = ctx.getInitParameter(P_DIGESTER);
    Digester digester = (Digester) Class.forName(digesterClassName).newInstance();
    String digestedPw = digester.digest(kw, Digester.MD5, null);
    /*
      MD5 geht nicht mehr,
      vgl. http://stackoverflow.com/questions/39967289/how-to-use-digest-authentication-in-tomcat-8-5
    */
    String digestedPw = digester.digest(kw, Digester.SHA256, null);
    user.setPw(digestedPw);
    getDb().insert(user, UserMapper);
    return user;

 web/META-INF/context.xml

@@ -6,7 +6,7 @@
      username="dbadmin"
      password="changeit"
      driverClassName="org.apache.derby.jdbc.ClientDriver"
      url="jdbc:derby://127.0.0.1:1527/udb_test;create=true"
      url="jdbc:derby://127.0.0.1:1528/udb;create=true"
      maxActive="60"
      maxIdle="30"
      maxWait="5000"

 web/WEB-INF/create_database.sql

@@ -3,7 +3,7 @@
CREATE TABLE APP.USERS
(
   USER_NAME     VARCHAR(250)   NOT NULL,
   USER_PASS     VARCHAR(250)   NOT NULL,
   USER_PASS     VARCHAR(1024)   NOT NULL,
   USER_FIRST    VARCHAR(250),
   USER_LAST     VARCHAR(250),
   USER_EMAIL    VARCHAR(250),

 web/WEB-INF/web.xml

@@ -37,4 +37,27 @@
            30
        </session-timeout>
    </session-config>
    <security-constraint>
        <display-name>nutzerAdminConstraint</display-name>
        <web-resource-collection>
            <web-resource-name>nutzerAdmin</web-resource-name>
            <description>Nutzer-Administration</description>
            <url-pattern>/ui/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <description>nutzerAdminAuthContraint</description>
            <role-name>nutzerAdmin</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login_form.html</form-login-page>
            <form-error-page>/login_error.jsp</form-error-page>
        </form-login-config>
    </login-config>
    <security-role>
        <description/>
        <role-name>nutzerAdmin</role-name>
    </security-role>
</web-app>

 web/login_error.jsp

New file
@@ -0,0 +1,25 @@
<%@page contentType="text/html" pageEncoding="ISO-8859-1"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  <style>
    body {
      font-family:Arial,Helvetica,sans-serif;
      font-size:10pt;
    }
  </style>
  <title>Fehler</title>
  <%
    String url = request.getRequestURL().toString();
    url = url.substring(0, url.lastIndexOf("/"));
  %>
</head>
<body>
<p>Hoppla! Die Anmeldung hat nicht geklappt.</p>

<p>Klicken Sie <a href="<%=url%>">hier</a> um zur Hauptseite zu gelangen.</p>
</body>
</html>

 web/login_form.html

New file
@@ -0,0 +1,87 @@
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta name="description" content="">
    <meta name="author" content="">
    <!--<link rel="icon" href="../../favicon.ico">-->

    <title>Anmeldung Nutzerverwaltung</title>

    <!-- Bootstrap core CSS -->
    <link rel="stylesheet" href="/jslib/bootstrap-3.3.2/css/bootstrap.min.css">

    <!-- Custom styles for this template -->
    <!--<link href="signin.css" rel="stylesheet">-->
    <style type="text/css">
      body {
        padding-top: 40px;
        padding-bottom: 40px;
        background-color: #eee;
      }
      
      .form-signin {
        max-width: 330px;
        padding: 15px;
        margin: 0 auto;
      }
      .form-signin .form-signin-heading,
      .form-signin .checkbox {
        margin-bottom: 10px;
      }
      .form-signin .checkbox {
        font-weight: normal;
      }
      .form-signin .form-control {
        position: relative;
        height: auto;
        -webkit-box-sizing: border-box;
           -moz-box-sizing: border-box;
                box-sizing: border-box;
        padding: 10px;
        font-size: 16px;
      }
      .form-signin .form-control:focus {
        z-index: 2;
      }
      .form-signin input[type="text"] {
        margin-bottom: -1px;
        border-bottom-right-radius: 0;
        border-bottom-left-radius: 0;
      }
      .form-signin input[type="password"] {
        margin-bottom: 10px;
        border-top-left-radius: 0;
        border-top-right-radius: 0;
      }
    </style>

    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
    <!--[if lt IE 9]>
      <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
      <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
  </head>

  <body>

    <div class="container">

      <form class="form-signin" role="form" method="POST" action="j_security_check" name="loginform">
        <h2 class="form-signin-heading">Anmeldung Nutzerverwaltung</h2>
        <input  name="j_username" type="text" class="form-control" placeholder="Benutzerkennung" required autofocus>
        <input name="j_password" type="password" class="form-control" placeholder="Kennwort" required>
        <!--
        <label class="checkbox">
          <input type="checkbox" value="remember-me"> Remember me
        </label>
        -->
        <button class="btn btn-lg btn-primary btn-block" type="submit">Senden</button>
      </form>

    </div> <!-- /container -->

  </body>
</html>

			@@ -34,7 +34,8 @@

			/** Name des MD5-Algorithmus zum Verschlüsseln */
			public static final String MD5 = "MD5";

			public static final String SHA256 = "sha-256";

			/**
			* Einen Ausdruck verschlüsseln
			*

			@@ -94,7 +94,11 @@
			String kw = user.getPw();
			String digesterClassName = ctx.getInitParameter(P_DIGESTER);
			Digester digester = (Digester) Class.forName(digesterClassName).newInstance();
			String digestedPw = digester.digest(kw, Digester.MD5, null);
			/*
			MD5 geht nicht mehr,
			vgl. http://stackoverflow.com/questions/39967289/how-to-use-digest-authentication-in-tomcat-8-5
			*/
			String digestedPw = digester.digest(kw, Digester.SHA256, null);
			user.setPw(digestedPw);
			getDb().insert(user, UserMapper);
			return user;

			@@ -6,7 +6,7 @@
			username="dbadmin"
			password="changeit"
			driverClassName="org.apache.derby.jdbc.ClientDriver"
			url="jdbc:derby://127.0.0.1:1527/udb_test;create=true"
			url="jdbc:derby://127.0.0.1:1528/udb;create=true"
			maxActive="60"
			maxIdle="30"
			maxWait="5000"

			@@ -3,7 +3,7 @@
			CREATE TABLE APP.USERS
			(
			USER_NAME VARCHAR(250) NOT NULL,
			USER_PASS VARCHAR(250) NOT NULL,
			USER_PASS VARCHAR(1024) NOT NULL,
			USER_FIRST VARCHAR(250),
			USER_LAST VARCHAR(250),
			USER_EMAIL VARCHAR(250),

			@@ -37,4 +37,27 @@
			30
			</session-timeout>
			</session-config>
			<security-constraint>
			<display-name>nutzerAdminConstraint</display-name>
			<web-resource-collection>
			<web-resource-name>nutzerAdmin</web-resource-name>
			<description>Nutzer-Administration</description>
			<url-pattern>/ui/*</url-pattern>
			</web-resource-collection>
			<auth-constraint>
			<description>nutzerAdminAuthContraint</description>
			<role-name>nutzerAdmin</role-name>
			</auth-constraint>
			</security-constraint>
			<login-config>
			<auth-method>FORM</auth-method>
			<form-login-config>
			<form-login-page>/login_form.html</form-login-page>
			<form-error-page>/login_error.jsp</form-error-page>
			</form-login-config>
			</login-config>
			<security-role>
			<description/>
			<role-name>nutzerAdmin</role-name>
			</security-role>
			</web-app>

New file
			@@ -0,0 +1,25 @@
			<%@page contentType="text/html" pageEncoding="ISO-8859-1"%>
			<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
			"http://www.w3.org/TR/html4/loose.dtd">

			<html>
			<head>
			<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
			<style>
			body {
			font-family:Arial,Helvetica,sans-serif;
			font-size:10pt;
			}
			</style>
			<title>Fehler</title>
			<%
			String url = request.getRequestURL().toString();
			url = url.substring(0, url.lastIndexOf("/"));
			%>
			</head>
			<body>
			<p>Hoppla! Die Anmeldung hat nicht geklappt.</p>

			<p>Klicken Sie <a href="<%=url%>">hier</a> um zur Hauptseite zu gelangen.</p>
			</body>
			</html>

New file
			@@ -0,0 +1,87 @@
			<!DOCTYPE html>
			<html lang="en">
			<head>
			<meta charset="utf-8">
			<meta http-equiv="X-UA-Compatible" content="IE=edge">
			<meta name="viewport" content="width=device-width, initial-scale=1">
			<meta name="description" content="">
			<meta name="author" content="">
			<!--<link rel="icon" href="../../favicon.ico">-->

			<title>Anmeldung Nutzerverwaltung</title>

			<!-- Bootstrap core CSS -->
			<link rel="stylesheet" href="/jslib/bootstrap-3.3.2/css/bootstrap.min.css">

			<!-- Custom styles for this template -->
			<!--<link href="signin.css" rel="stylesheet">-->
			<style type="text/css">
			body {
			padding-top: 40px;
			padding-bottom: 40px;
			background-color: #eee;
			}

			.form-signin {
			max-width: 330px;
			padding: 15px;
			margin: 0 auto;
			}
			.form-signin .form-signin-heading,
			.form-signin .checkbox {
			margin-bottom: 10px;
			}
			.form-signin .checkbox {
			font-weight: normal;
			}
			.form-signin .form-control {
			position: relative;
			height: auto;
			-webkit-box-sizing: border-box;
			-moz-box-sizing: border-box;
			box-sizing: border-box;
			padding: 10px;
			font-size: 16px;
			}
			.form-signin .form-control:focus {
			z-index: 2;
			}
			.form-signin input[type="text"] {
			margin-bottom: -1px;
			border-bottom-right-radius: 0;
			border-bottom-left-radius: 0;
			}
			.form-signin input[type="password"] {
			margin-bottom: 10px;
			border-top-left-radius: 0;
			border-top-right-radius: 0;
			}
			</style>

			<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
			<!--[if lt IE 9]>
			<script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
			<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
			<![endif]-->
			</head>

			<body>

			<div class="container">

			<form class="form-signin" role="form" method="POST" action="j_security_check" name="loginform">
			<h2 class="form-signin-heading">Anmeldung Nutzerverwaltung</h2>
			<input name="j_username" type="text" class="form-control" placeholder="Benutzerkennung" required autofocus>
			<input name="j_password" type="password" class="form-control" placeholder="Kennwort" required>
			<!--
			<label class="checkbox">
			<input type="checkbox" value="remember-me"> Remember me
			</label>
			-->
			<button class="btn btn-lg btn-primary btn-block" type="submit">Senden</button>
			</form>

			</div> <!-- /container -->

			</body>
			</html>