留言板
Decrypt passwords
Hello.
I have to decrypt LR users passwords but I can't find the way to do it.
I've seen that Digester.digest() us used to encrypt passwords, but there isn't any other methon on Digester class to decrypt them.
When I try to use Encryptor.decrypt() to decrypt a password an exception is thrown:
The code I use when y try to decrypt a password is:
I have to decrypt LR users passwords but I can't find the way to do it.
I've seen that Digester.digest() us used to encrypt passwords, but there isn't any other methon on Digester class to decrypt them.
When I try to use Encryptor.decrypt() to decrypt a password an exception is thrown:
com.liferay.util.EncryptorException: javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher
The code I use when y try to decrypt a password is:
User usuario = UserServiceUtil.getUserById("myuser");
String passwordenc = usuario.getPassword();
String companyId = usuario.getCompanyId();
Company company = CompanyLocalServiceUtil.getCompany(companyId);
String password = Encryptor.decrypt(company.getKeyObj(), passwordenc);
Hi,
Did you manage to solve this problem? If you did, could you please post the solution here. I am getting the same error.
Thanks,
Uma
Did you manage to solve this problem? If you did, could you please post the solution here. I am getting the same error.
Thanks,
Uma
Hi,
I am also struggling for the same issue. please someone can help in this
I am also struggling for the same issue. please someone can help in this
Passwords are encrypted in a way not to be decrypted . This may be the desired policy in most places. It may require quite some customization if you don't want to use plain text and still need a reversible encryption.
Best,
Shagul
Best,
Shagul
Shagul,
I am working on fetching the password but no success till yet as it is one way process only.
Can you send me the link/detail/approach so that I can encrypt/decrypt password of a user.
I am working on fetching the password but no success till yet as it is one way process only.
Can you send me the link/detail/approach so that I can encrypt/decrypt password of a user.
Hey Rishi,
What is the purpose of retrieving users password? To send it back to the user??? SSO???
-Shagul
What is the purpose of retrieving users password? To send it back to the user??? SSO???
-Shagul
I am working on a custom portlet where the user is send the login information each time his request is approved to join a community. That's why I need to do this.
Regards Rishi
Regards Rishi
Rishi Dev Gupta:
I am working on a custom portlet where the user is send the login information each time his request is approved to join a community. That's why I need to do this.
Regards Rishi
You may want to look into UserLocalServiceImpl and how PwdEncryptor is used. You may have to replace that with your encryption.
Best Regards,
Shagul
Shagul, I have gone through the complete Liferay Password api. But it is tightly integrated as the password is used at number of locations like (forget password, change password) to name a few. I was wondering I need to bring all the classes related to password into ext and override them like with one logic or other so that they all point to my custom encryption.
Another approach (not good)
I was also looking at a different approach i.e the way Impersonate user works but that too is buggy. Once you impersonate some user and try to move around using "dock>>My home" and you are again shifted back to the user who triggered user impersonation. That's also OUT for me.
Regards Rishi
Another approach (not good)
I was also looking at a different approach i.e the way Impersonate user works but that too is buggy. Once you impersonate some user and try to move around using "dock>>My home" and you are again shifted back to the user who triggered user impersonation. That's also OUT for me.
Regards Rishi
To resolve the password issue:-
I have created the Java Class containing custom logic for password encryption.
Integrated this class with Liferay's Password encryption logic. The integration is configurable and can be switched on/off by updating resource file.
The only issue is the users who are already created would not be able to log-in as the password stored for them has one way encryption, so to overcome that we have to update the password in database for all users with some default password in encrypted format and user should update their password after first log in.
I have created the Java Class containing custom logic for password encryption.
Integrated this class with Liferay's Password encryption logic. The integration is configurable and can be switched on/off by updating resource file.
The only issue is the users who are already created would not be able to log-in as the password stored for them has one way encryption, so to overcome that we have to update the password in database for all users with some default password in encrypted format and user should update their password after first log in.