From e0ec318eaf4c6f6129f57174bcb5873763541c13 Mon Sep 17 00:00:00 2001 From: ulrich <not disclosed> Date: Fri, 06 Jan 2017 18:28:37 +0000 Subject: [PATCH] Digester auf SHA-256 umgestellt --- web/WEB-INF/web.xml | 23 +++++++ src/java/de/uhilger/um/Digester.java | 3 src/java/de/uhilger/um/api/UserMgr.java | 6 + web/login_error.jsp | 25 ++++++++ web/login_form.html | 87 +++++++++++++++++++++++++++++ web/WEB-INF/create_database.sql | 2 web/META-INF/context.xml | 2 7 files changed, 144 insertions(+), 4 deletions(-) diff --git a/src/java/de/uhilger/um/Digester.java b/src/java/de/uhilger/um/Digester.java index a7cd346..fe1579d 100644 --- a/src/java/de/uhilger/um/Digester.java +++ b/src/java/de/uhilger/um/Digester.java @@ -34,7 +34,8 @@ /** Name des MD5-Algorithmus zum Verschlüsseln */ public static final String MD5 = "MD5"; - + public static final String SHA256 = "sha-256"; + /** * Einen Ausdruck verschlüsseln * diff --git a/src/java/de/uhilger/um/api/UserMgr.java b/src/java/de/uhilger/um/api/UserMgr.java index 6626665..dcffb9c 100644 --- a/src/java/de/uhilger/um/api/UserMgr.java +++ b/src/java/de/uhilger/um/api/UserMgr.java @@ -94,7 +94,11 @@ String kw = user.getPw(); String digesterClassName = ctx.getInitParameter(P_DIGESTER); Digester digester = (Digester) Class.forName(digesterClassName).newInstance(); - String digestedPw = digester.digest(kw, Digester.MD5, null); + /* + MD5 geht nicht mehr, + vgl. http://stackoverflow.com/questions/39967289/how-to-use-digest-authentication-in-tomcat-8-5 + */ + String digestedPw = digester.digest(kw, Digester.SHA256, null); user.setPw(digestedPw); getDb().insert(user, UserMapper); return user; diff --git a/web/META-INF/context.xml b/web/META-INF/context.xml index 061f6b4..4c75112 100644 --- a/web/META-INF/context.xml +++ b/web/META-INF/context.xml @@ -6,7 +6,7 @@ username="dbadmin" password="changeit" driverClassName="org.apache.derby.jdbc.ClientDriver" - url="jdbc:derby://127.0.0.1:1527/udb_test;create=true" + url="jdbc:derby://127.0.0.1:1528/udb;create=true" maxActive="60" maxIdle="30" maxWait="5000" diff --git a/web/WEB-INF/create_database.sql b/web/WEB-INF/create_database.sql index 596df1f..a568dfb 100644 --- a/web/WEB-INF/create_database.sql +++ b/web/WEB-INF/create_database.sql @@ -3,7 +3,7 @@ CREATE TABLE APP.USERS ( USER_NAME VARCHAR(250) NOT NULL, - USER_PASS VARCHAR(250) NOT NULL, + USER_PASS VARCHAR(1024) NOT NULL, USER_FIRST VARCHAR(250), USER_LAST VARCHAR(250), USER_EMAIL VARCHAR(250), diff --git a/web/WEB-INF/web.xml b/web/WEB-INF/web.xml index 475e952..b9bd9d8 100644 --- a/web/WEB-INF/web.xml +++ b/web/WEB-INF/web.xml @@ -37,4 +37,27 @@ 30 </session-timeout> </session-config> + <security-constraint> + <display-name>nutzerAdminConstraint</display-name> + <web-resource-collection> + <web-resource-name>nutzerAdmin</web-resource-name> + <description>Nutzer-Administration</description> + <url-pattern>/ui/*</url-pattern> + </web-resource-collection> + <auth-constraint> + <description>nutzerAdminAuthContraint</description> + <role-name>nutzerAdmin</role-name> + </auth-constraint> + </security-constraint> + <login-config> + <auth-method>FORM</auth-method> + <form-login-config> + <form-login-page>/login_form.html</form-login-page> + <form-error-page>/login_error.jsp</form-error-page> + </form-login-config> + </login-config> + <security-role> + <description/> + <role-name>nutzerAdmin</role-name> + </security-role> </web-app> diff --git a/web/login_error.jsp b/web/login_error.jsp new file mode 100644 index 0000000..720fe3f --- /dev/null +++ b/web/login_error.jsp @@ -0,0 +1,25 @@ +<%@page contentType="text/html" pageEncoding="ISO-8859-1"%> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" + "http://www.w3.org/TR/html4/loose.dtd"> + +<html> +<head> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> + <style> + body { + font-family:Arial,Helvetica,sans-serif; + font-size:10pt; + } + </style> + <title>Fehler</title> + <% + String url = request.getRequestURL().toString(); + url = url.substring(0, url.lastIndexOf("/")); + %> +</head> +<body> +<p>Hoppla! Die Anmeldung hat nicht geklappt.</p> + +<p>Klicken Sie <a href="<%=url%>">hier</a> um zur Hauptseite zu gelangen.</p> +</body> +</html> diff --git a/web/login_form.html b/web/login_form.html new file mode 100644 index 0000000..b812836 --- /dev/null +++ b/web/login_form.html @@ -0,0 +1,87 @@ +<!DOCTYPE html> +<html lang="en"> + <head> + <meta charset="utf-8"> + <meta http-equiv="X-UA-Compatible" content="IE=edge"> + <meta name="viewport" content="width=device-width, initial-scale=1"> + <meta name="description" content=""> + <meta name="author" content=""> + <!--<link rel="icon" href="../../favicon.ico">--> + + <title>Anmeldung Nutzerverwaltung</title> + + <!-- Bootstrap core CSS --> + <link rel="stylesheet" href="/jslib/bootstrap-3.3.2/css/bootstrap.min.css"> + + <!-- Custom styles for this template --> + <!--<link href="signin.css" rel="stylesheet">--> + <style type="text/css"> + body { + padding-top: 40px; + padding-bottom: 40px; + background-color: #eee; + } + + .form-signin { + max-width: 330px; + padding: 15px; + margin: 0 auto; + } + .form-signin .form-signin-heading, + .form-signin .checkbox { + margin-bottom: 10px; + } + .form-signin .checkbox { + font-weight: normal; + } + .form-signin .form-control { + position: relative; + height: auto; + -webkit-box-sizing: border-box; + -moz-box-sizing: border-box; + box-sizing: border-box; + padding: 10px; + font-size: 16px; + } + .form-signin .form-control:focus { + z-index: 2; + } + .form-signin input[type="text"] { + margin-bottom: -1px; + border-bottom-right-radius: 0; + border-bottom-left-radius: 0; + } + .form-signin input[type="password"] { + margin-bottom: 10px; + border-top-left-radius: 0; + border-top-right-radius: 0; + } + </style> + + <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries --> + <!--[if lt IE 9]> + <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script> + <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> + <![endif]--> + </head> + + <body> + + <div class="container"> + + <form class="form-signin" role="form" method="POST" action="j_security_check" name="loginform"> + <h2 class="form-signin-heading">Anmeldung Nutzerverwaltung</h2> + <input name="j_username" type="text" class="form-control" placeholder="Benutzerkennung" required autofocus> + <input name="j_password" type="password" class="form-control" placeholder="Kennwort" required> + <!-- + <label class="checkbox"> + <input type="checkbox" value="remember-me"> Remember me + </label> + --> + <button class="btn btn-lg btn-primary btn-block" type="submit">Senden</button> + </form> + + </div> <!-- /container --> + + </body> +</html> -- Gitblit v1.9.3