error in user registration process of broadleaf commerce -


i configured broadleaf project tomcat , site module on running when go register new user says like--please enter valid password , submit button user added in user when go admin panel see same user registered can't login same user name , password provided while registration , give following errors--the e-mail address and/or password entered not match our records. please try again

this bug in broadleaf commerce application. stores hashed password in database, when login, matches "clean" password hashed one. therefore, getting "incorrect password".

edit

here exact steps make work.

note: i have used sha-256 algorithm salt username

  1. applicationcontext-security.xml: comment following tags
     <sec:authentication-manager>...some stuff..</sec:authentication-manager>
  1. in same file, add following:
     <bean id="blsaltsource" class="org.springframework.security.authentication.dao.reflectionsaltsource">         <property name="userpropertytouse" value="username" />     </bean>     <bean id="mdpasswordencoder" class="org.springframework.security.authentication.encoding.shapasswordencoder">         <constructor-arg value="256"/>     </bean>     <sec:authentication-manager alias="blauthenticationmanager">         <sec:authentication-provider user-service-ref="bluserdetailsservice">             <sec:password-encoder hash="sha-256" ref="mdpasswordencoder">                 <sec:salt-source ref="blsaltsource" />             </sec:password-encoder>         </sec:authentication-provider>     </sec:authentication-manager>
  1. create class provide object of sha 256 algorithm.
 public class commonutils {              private static final shapasswordencoder encoder = new shapasswordencoder(256);              public static shapasswordencoder getcustomerpasswordencoder() {                 return encoder;             }     }
  1. in core module, extend customerserviceimpl , override registercustomer method.
  public class mdcustomerserviceimpl extends customerserviceimpl {     public customer registercustomer(customer customer, string password, string passwordconfirm) {       shapasswordencoder encoder = commonutils.getcustomerpasswordencoder();       password = encoder.encodepassword(password, customer.getusername());       passwordconfirm = encoder.encodepassword(passwordconfirm, customer.getusername());       return super.registercustomer(customer, password, passwordconfirm);     } }

  1. in core module's applicationcontext.xml, register new service class.

     <bean id="blcustomerservice" class="<path_to>mdcustomerserviceimpl" />

  2. in registercontroller's processregister, add first line as:

      string unencodedpassword = registercustomerform.getpassword();
  1. replace 
      loginservice.logincustomer(registercustomerform.getcustomer());

by

      string codedpassword = registercustomerform.getcustomer().getpassword();     newcustomer.setunencodedpassword(unencodedpassword)     loginservice.logincustomer(newcustomer);      newcustomer.setunencodedpassword(codedpassword);     newcustomer.setpassword(codedpassword);     customerservice.savecustomer(newcustomer);

this should make go. :)


Comments

Post a Comment

Popular posts from this blog

java - pagination of xlsx file to XSSFworkbook using apache POI -

right in code, reading xlsx file, xssfworkbook, , writing database. but, when size of xlsx file increases, causes outofmemory error. can not increase server size, or divide xlsx file pieces. tried loading workbook using file (instead of inputstream), didn't either. i looking way read 10k rows @ time (instead of entire file @ once) , iteratively write workbook , database. is there way apache poi? poi contains called "eventmodel" designed purpose. it's mentioned in faq : the ss eventmodel package api reading excel files without loading whole spreadsheet memory. require more knowledge on part of user, reduces memory consumption more tenfold. based on awt event model in combination sax. if need read-only access, best way it. however, may want double check first if issue somewhere else. check out this item : i think poi using memory! can do? 1 comes quite lot, reason isn't might think. so, first thing check - what's source of prob...
Read more

Unlimited choices in BASH case statement -

consider simple bash snippet: case $option in 1) image=${options[0]%.tar} ;; 2) image=${options[1]%.tar} ;; 3) image=${options[2]%.tar} ;; 4) image=${options[3]%.tar} ;; *) echo "invalid option" exit 1 esac in real script numbers goes 30. makes pretty long. can somehow specify cases variable? something this: case $option in $i) image=${options[$(($i-1))]%.tar} any pointer appreciated. you can match against multiple patterns in single clause: case $option in 1|2|3: echo "$option one, 2 or three" ;; esac if still typing you, can use simple pattern matching: case $option in # following matches # - single-digit numbers 0-9 # - two-digit numbers starting either 1 or 2 # - number 30 [0-9]|[12][0-9]|30) image=${options[$(($option-1))]%.tar} ;; *) echo "invalid option" 1>&2 exit 1 esac
Read more

apache - How do I stop my index.php being run twice for every user -

we've got webapp initial html served using apache , php. i noticed index.php being run twice every request. seems caused / effected rewrite rules in our .htaccess - rewritecond %{http_host} ^(www\.|hotels\.)ourdomain\.com$ [nc,or] rewritecond %{server_name} ^(www\.|hotels\.)ourdomain\.com$ [nc] rewriterule (.*) http://ourdomain.com/$1 [r=301] rewriterule ^hotels/([^/]+)/?\??(.*)$ ?d=$1&$2 [qsa] the final rule moving parameter url path query string. i.e. http://ourdomain.com/hotels/vegas?someparam=1 becomes http://ourdomain.com?d=vegas&someparam=1 if go directly query string version index.php run once. if use url redirected, index.php run twice (i'm checking adding error_log('end of index.php') file). so example going http://ourdomain.com/hotels/paris hits file twice http://ourdomain.com?d=paris hits once. i've seen this question , had @ blog mentioned , , can't find empty string url's (i've tried using yslow process). ...
Read more