Unable to login http://xxx:8080/webas2 -- Open Source Mendelson AS2 1.1 b49

You are here

Unable to login http://xxx:8080/webas2 -- Open Source Mendelson AS2 1.1 b49

11 posts / 0 new
Last post
julianpeng
julianpeng's picture
Unable to login http://xxx:8080/webas2 -- Open Source Mendelson AS2 1.1 b49

Unable to login http://xxx:8080/webas2 whether admin or guest account.
Content of passwd file is
admin:admin::FULL:FULL
guest:guest::NONE:FULL

trefy
trefy's picture

Same for me.
How we could solve this?

service
service's picture

Hello,

we checked this and could confirm that it does not work in the community version. That's weird as it works fine in the commercial version and it's the same code base.
We will see how to fix it later.

Regards

Christiano
Christiano's picture

The same for me as well.
So I looked it up in the b49 source.

I think the problem is, that PBKDF2.generateStrongPasswordHash(new String(password)) makes use of an individual random salt every time it is called. Therefore, comparison of the password entered in the Web-AS2 login window and the password which is retrieved from the password file fails, since both are "crypted" before being compared.

Hope this helps.

oryginalnylogin
oryginalnylogin's picture

Same for me. Is there any quick fix for that? Empty password is not working neither.

jaki rotol
jaki rotol's picture

Service,
Do we have an update on this issue? I am experiencing same.

ernesto.niklaus
ernesto.niklaus's picture

Christiano do you know how to solve it?

ernesto.niklaus
ernesto.niklaus's picture

Christiano do you know how to solve it?

ernesto.niklaus
ernesto.niklaus's picture

Christiano do you know how to solve it?

actionhank
actionhank's picture

Replace in the de.mendelson.comm.as2.webclient2.AS2WebUI class line:161

|| !(foundUser.getPasswdCrypted().equals(User.cryptPassword(password.toCharArray())))

to

|| !(foundUser.validatePasswd(password))

and add to the de.mendelson.util.clientserver.user.User class this method:

public boolean validatePasswd(String passwd){
   try{
     return PBKDF2.validatePassword(passwd, this.passwdCrypted);
   }catch (Throwable e) {
     e.printStackTrace();
     return false;
   }
}

It helped me.

ernesto.niklaus
ernesto.niklaus's picture

Who has the SourceCode to change this?