Skip to content
Browse files

Merge pull request #802 from sonatype/NXCM-4361-salt-rework

REVIEW: Enhanced password hashing
  • Loading branch information...
2 parents c1a9535 + 04ec5db commit 7829bfc953d73e5b9a3febb9544fb41ecaa8e1cc @scarlucci scarlucci committed May 3, 2013
Showing with 33 additions and 86 deletions.
  1. +1 −0 nexus-core/src/main/java/org/sonatype/nexus/configuration/application/upgrade/Upgrade108to140.java
  2. +2 −2 nexus-core/src/main/resources/META-INF/security/security-configuration.xml
  3. +2 −1 .../src/test/resources/org/sonatype/nexus/configuration/upgrade/103-1/security-configuration-103.xml
  4. +2 −1 .../src/test/resources/org/sonatype/nexus/configuration/upgrade/103-2/security-configuration-103.xml
  5. +2 −1 ...test/resources/org/sonatype/nexus/configuration/upgrade/nexus1710/security-configuration-1710.xml
  6. +2 −1 ...core/src/test/resources/org/sonatype/nexus/configuration/upgrade/security-configuration-001-1.xml
  7. +2 −1 ...core/src/test/resources/org/sonatype/nexus/configuration/upgrade/security-configuration-001-2.xml
  8. +2 −1 ...core/src/test/resources/org/sonatype/nexus/configuration/upgrade/security-configuration-001-3.xml
  9. +2 −1 ...s-core/src/test/resources/org/sonatype/nexus/configuration/upgrade/security-configuration-100.xml
  10. +2 −1 ...s-core/src/test/resources/org/sonatype/nexus/configuration/upgrade/security-configuration-101.xml
  11. +2 −1 ...s-core/src/test/resources/org/sonatype/nexus/configuration/upgrade/security-configuration-104.xml
  12. +2 −1 ...s-core/src/test/resources/org/sonatype/nexus/configuration/upgrade/security-configuration-105.xml
  13. +2 −1 ...s-core/src/test/resources/org/sonatype/nexus/configuration/upgrade/security-configuration-108.xml
  14. +0 −66 nexus-web-utils/src/test/java/org/sonatype/nexus/web/PlexusContainerContextListenerTest.java
  15. +2 −2 plugins/ldap/nexus-ldap-realm-plugin/src/test/resources/test-conf/security-configuration.xml
  16. +2 −2 .../restlet1x/nexus-restlet1x-plugin/src/test/resources/META-INF/security/security-configuration.xml
  17. +2 −1 ...rc/test/resources/org/sonatype/nexus/security/UserPrincipalsHelperTest-security-configuration.xml
  18. +2 −2 ...gin/src/test/resources/org/sonatype/security/web/testapp/SampleAppTest-security-configuration.xml
View
1 ...e/src/main/java/org/sonatype/nexus/configuration/application/upgrade/Upgrade108to140.java
@@ -280,6 +280,7 @@ private void upgradeSecurity( org.sonatype.nexus.configuration.model.v1_0_8.CSec
"Failed to decrype anonymous password in nexus.xml, password might be encrypted in memory.", e );
}
securityConfig.setEnabled( oldsecurity.isEnabled() );
+ securityConfig.setHashIterations(1024);
List<String> realms = oldsecurity.getRealms();
View
4 nexus-core/src/main/resources/META-INF/security/security-configuration.xml
@@ -13,7 +13,7 @@
-->
<security-configuration>
- <version>2.0.3</version>
+ <version>2.0.4</version>
<enabled>true</enabled>
<anonymousAccessEnabled>true</anonymousAccessEnabled>
<anonymousUsername>anonymous</anonymousUsername>
@@ -22,5 +22,5 @@
<realm>XmlAuthenticatingRealm</realm>
<realm>XmlAuthorizingRealm</realm>
</realms>
-
+ <hashIterations>1024</hashIterations>
</security-configuration>
View
3 ...t/resources/org/sonatype/nexus/configuration/upgrade/103-1/security-configuration-103.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<security-configuration>
- <version>2.0.3</version>
+ <version>2.0.4</version>
<enabled>true</enabled>
<anonymousAccessEnabled>true</anonymousAccessEnabled>
<anonymousUsername>anonymous</anonymousUsername>
@@ -10,4 +10,5 @@
<realm>XmlAuthorizingRealm</realm>
</realms>
<securityManager>default</securityManager>
+ <hashIterations>1024</hashIterations>
</security-configuration>
View
3 ...t/resources/org/sonatype/nexus/configuration/upgrade/103-2/security-configuration-103.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<security-configuration>
- <version>2.0.3</version>
+ <version>2.0.4</version>
<enabled>true</enabled>
<anonymousAccessEnabled>true</anonymousAccessEnabled>
<anonymousUsername>anonymous</anonymousUsername>
@@ -10,4 +10,5 @@
<realm>XmlAuthorizingRealm</realm>
</realms>
<securityManager>default</securityManager>
+ <hashIterations>1024</hashIterations>
</security-configuration>
View
3 ...ources/org/sonatype/nexus/configuration/upgrade/nexus1710/security-configuration-1710.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<security-configuration>
- <version>2.0.3</version>
+ <version>2.0.4</version>
<enabled>true</enabled>
<anonymousAccessEnabled>true</anonymousAccessEnabled>
<anonymousUsername>anonymous</anonymousUsername>
@@ -11,4 +11,5 @@
<realm>XmlAuthorizingRealm</realm>
</realms>
<securityManager>default</securityManager>
+ <hashIterations>1024</hashIterations>
</security-configuration>
View
3 .../test/resources/org/sonatype/nexus/configuration/upgrade/security-configuration-001-1.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<security-configuration>
- <version>2.0.3</version>
+ <version>2.0.4</version>
<enabled>true</enabled>
<anonymousAccessEnabled>true</anonymousAccessEnabled>
<anonymousUsername>anonymous</anonymousUsername>
@@ -10,4 +10,5 @@
<realm>XmlAuthorizingRealm</realm>
</realms>
<securityManager>default</securityManager>
+ <hashIterations>1024</hashIterations>
</security-configuration>
View
3 .../test/resources/org/sonatype/nexus/configuration/upgrade/security-configuration-001-2.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<security-configuration>
- <version>2.0.3</version>
+ <version>2.0.4</version>
<enabled>true</enabled>
<anonymousAccessEnabled>true</anonymousAccessEnabled>
<anonymousUsername>anonymous</anonymousUsername>
@@ -10,4 +10,5 @@
<realm>XmlAuthorizingRealm</realm>
</realms>
<securityManager>default</securityManager>
+ <hashIterations>1024</hashIterations>
</security-configuration>
View
3 .../test/resources/org/sonatype/nexus/configuration/upgrade/security-configuration-001-3.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<security-configuration>
- <version>2.0.3</version>
+ <version>2.0.4</version>
<enabled>true</enabled>
<anonymousAccessEnabled>true</anonymousAccessEnabled>
<anonymousUsername>anonymous</anonymousUsername>
@@ -10,4 +10,5 @@
<realm>XmlAuthorizingRealm</realm>
</realms>
<securityManager>default</securityManager>
+ <hashIterations>1024</hashIterations>
</security-configuration>
View
3 ...rc/test/resources/org/sonatype/nexus/configuration/upgrade/security-configuration-100.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<security-configuration>
- <version>2.0.3</version>
+ <version>2.0.4</version>
<enabled>true</enabled>
<anonymousAccessEnabled>true</anonymousAccessEnabled>
<anonymousUsername>anonymous</anonymousUsername>
@@ -10,4 +10,5 @@
<realm>XmlAuthorizingRealm</realm>
</realms>
<securityManager>default</securityManager>
+ <hashIterations>1024</hashIterations>
</security-configuration>
View
3 ...rc/test/resources/org/sonatype/nexus/configuration/upgrade/security-configuration-101.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<security-configuration>
- <version>2.0.3</version>
+ <version>2.0.4</version>
<enabled>true</enabled>
<anonymousAccessEnabled>true</anonymousAccessEnabled>
<anonymousUsername>anonymous</anonymousUsername>
@@ -10,4 +10,5 @@
<realm>XmlAuthorizingRealm</realm>
</realms>
<securityManager>default</securityManager>
+ <hashIterations>1024</hashIterations>
</security-configuration>
View
3 ...rc/test/resources/org/sonatype/nexus/configuration/upgrade/security-configuration-104.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<security-configuration>
- <version>2.0.3</version>
+ <version>2.0.4</version>
<enabled>true</enabled>
<anonymousAccessEnabled>true</anonymousAccessEnabled>
<anonymousUsername>anonymous2</anonymousUsername>
@@ -10,4 +10,5 @@
<realm>XmlAuthorizingRealm</realm>
</realms>
<securityManager>default</securityManager>
+ <hashIterations>1024</hashIterations>
</security-configuration>
View
3 ...rc/test/resources/org/sonatype/nexus/configuration/upgrade/security-configuration-105.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<security-configuration>
- <version>2.0.3</version>
+ <version>2.0.4</version>
<enabled>true</enabled>
<anonymousAccessEnabled>true</anonymousAccessEnabled>
<anonymousUsername>anonymous2</anonymousUsername>
@@ -10,4 +10,5 @@
<realm>XmlAuthorizingRealm</realm>
</realms>
<securityManager>default</securityManager>
+ <hashIterations>1024</hashIterations>
</security-configuration>
View
3 ...rc/test/resources/org/sonatype/nexus/configuration/upgrade/security-configuration-108.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<security-configuration>
- <version>2.0.3</version>
+ <version>2.0.4</version>
<enabled>true</enabled>
<anonymousAccessEnabled>true</anonymousAccessEnabled>
<anonymousUsername>anonymous</anonymousUsername>
@@ -11,4 +11,5 @@
<realm>XmlAuthorizingRealm</realm>
</realms>
<securityManager>default</securityManager>
+ <hashIterations>1024</hashIterations>
</security-configuration>
View
66 nexus-web-utils/src/test/java/org/sonatype/nexus/web/PlexusContainerContextListenerTest.java
@@ -1,66 +0,0 @@
-/*
- * Sonatype Nexus (TM) Open Source Version
- * Copyright (c) 2007-2012 Sonatype, Inc.
- * All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
- *
- * This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
- * which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
- *
- * Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
- * of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
- * Eclipse Foundation. All other trademarks are the property of their respective owners.
- */
-package org.sonatype.nexus.web;
-
-import java.io.File;
-
-import javax.servlet.http.HttpServlet;
-
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-
-import com.meterware.httpunit.PostMethodWebRequest;
-import com.meterware.httpunit.WebRequest;
-import com.meterware.servletunit.InvocationContext;
-import com.meterware.servletunit.ServletRunner;
-import com.meterware.servletunit.ServletUnitClient;
-
-// FIXME: Consider dropping this test... its not terribly useful
-
-/**
- * Big fat not: this is semi-finished: maven sets the basedir, hence it was esites to move plexus files to /conf/ folder
- * in root of this module.
- *
- * @author cstamas
- */
-public class PlexusContainerContextListenerTest
-{
- protected File webXml;
-
- protected ServletRunner servletRunner;
-
- @Before
- public void setUp()
- throws Exception
- {
- webXml = new File( "src/test/resources/httpunit/WEB-INF/web.xml" );
-
- servletRunner = new ServletRunner( webXml, "/target/httpunit" );
- }
-
- @Test
- public void testListener()
- throws Exception
- {
- ServletUnitClient client = servletRunner.newClient();
-
- WebRequest request = new PostMethodWebRequest( "http://localhost/target/httpunit/dummyServlet" );
-
- InvocationContext context = client.newInvocation( request );
-
- HttpServlet servlet = (HttpServlet) context.getServlet();
-
- Assert.assertNotNull( servlet.getServletContext().getAttribute( "plexus" ) );
- }
-}
View
4 plugins/ldap/nexus-ldap-realm-plugin/src/test/resources/test-conf/security-configuration.xml
@@ -1,5 +1,5 @@
<security-configuration>
- <version>2.0.3</version>
+ <version>2.0.4</version>
<enabled>true</enabled>
<anonymousAccessEnabled>false</anonymousAccessEnabled>
<anonymousUsername>anonymous-user</anonymousUsername>
@@ -9,5 +9,5 @@
<realm>XmlAuthenticatingRealm</realm>
<realm>XmlAuthorizingRealm</realm>
</realms>
-
+ <hashIterations>1024</hashIterations>
</security-configuration>
View
4 ...1x/nexus-restlet1x-plugin/src/test/resources/META-INF/security/security-configuration.xml
@@ -13,7 +13,7 @@
-->
<security-configuration>
- <version>2.0.3</version>
+ <version>2.0.4</version>
<enabled>true</enabled>
<anonymousAccessEnabled>false</anonymousAccessEnabled>
<anonymousUsername>anonymous-user</anonymousUsername>
@@ -22,5 +22,5 @@
<realm>XmlAuthenticatingRealm</realm>
<realm>XmlAuthorizingRealm</realm>
</realms>
-
+ <hashIterations>1024</hashIterations>
</security-configuration>
View
3 ...resources/org/sonatype/nexus/security/UserPrincipalsHelperTest-security-configuration.xml
@@ -1,5 +1,5 @@
<security-configuration>
- <version>2.0.3</version>
+ <version>2.0.4</version>
<anonymousAccessEnabled>true</anonymousAccessEnabled>
<anonymousUsername>anonymous</anonymousUsername>
<anonymousPassword>{oHoWkZPMDS8Hc3TVuAGDRGYK/NRIM/047Idl50aU19U=}</anonymousPassword>
@@ -8,4 +8,5 @@
<realm>XmlAuthorizingRealm</realm>
</realms>
<securityManager>default</securityManager>
+ <hashIterations>1024</hashIterations>
</security-configuration>
View
4 ...test/resources/org/sonatype/security/web/testapp/SampleAppTest-security-configuration.xml
@@ -13,7 +13,7 @@
-->
<security-configuration>
- <version>2.0.3</version>
+ <version>2.0.4</version>
<enabled>true</enabled>
<anonymousAccessEnabled>false</anonymousAccessEnabled>
<anonymousUsername>anonymous-user</anonymousUsername>
@@ -22,5 +22,5 @@
<realm>XmlAuthorizingRealm</realm>
<realm>XmlAuthenticatingRealm</realm>
</realms>
-
+ <hashIterations>1024</hashIterations>
</security-configuration>

0 comments on commit 7829bfc

Please sign in to comment.
Something went wrong with that request. Please try again.