Setting hashed and salted passwords using Jacksum

Progress Software recommends that you use the EncodePassword utility to generate hashed and salted passwords. For more information on the EncodePassord utility, see Setting hashed and salted password using EncodePassword.

However, as an alternative to the EncodePassword utility, you use the Open Source software, Jacksum, to generate the encrypted password. You can then add the user accounts in the users.properties file with hashed and salted passwords.

For more information on adding user accounts, see Adding and modifying a user. For more information on hashing and salt, refer to the Hashing and Salt cryptography references online.

To use Jacksum to add a new user account, in the users.properties file, with an hashed and salted password:

1. Download and install the Jacksum software by following the instructions in http://www.jonelo.de/java/jacksum/#Installation.

CD <installation-dir>\jacksum <version>

3. Execute the following command to get an encoded password for the required string. In this example, you are encoding the string newpassword{newuser}:

java -jar jacksum.jar -a sha -E base64 -q "txt:newpassword{newuser}"

In this example, you encoded the string newpassword{newuser}, and Jacksum returned the encoded password, Y9+iCjOORQoqoTWdRgjd/81Ms9w=

This example uses the sha algorithm to hash the newpassword string, and the newuser string in the curly braces as salt.

You can use any of the popular hashing techniques that Jacksum supports, such as CRC, SHA, Tiger, sum and Whilrpool. And, you can use any string as salt in the encoding process.

4. Open the Security configuration file you choose in Choosing and applying a security configuration and uncomment the code snippet that implements password hashing in the REST Web application.

In this example, assume that you are using the Basic security configuration, appSecurity-basic-local.xml. Do the following:

a. Navigate to and uncomment the code snippet in bold in the appSecurity-basic-local.xml:

<authentication-manager id="RestApplicationtAuth"
    <authentication-provider>
      
        <user-service properties="/WEB-INF/users.properties" />
    </authentication-provider>
</authentication-manager>

<authentication-manager id="RestApplicationtAuth"
    <authentication-provider>
        <password-encoder hash="sha" base64="true">
        <salt-source user-property="username" />
        </password-encoder>
        <user-service properties="/WEB-INF/users.properties" />
    </authentication-provider>
</authentication-manager>

5. Add the new user account, newuser, and the encoded password (that you generated in 3) to the users.properties file by appending the following line of code in it:

newuser=Y9+iCjOORQoqoTWdRgjd/81Ms9w=,ROLE_PSCAdmin,enabled

In this example, you assigned the existing ROLE_PSCAdmin role to the newuser and enabled the user account newuser to work with the REST Management Agent.

Note: The users.properties file cannot store both plain text and encoded passwords. Therefore, before adding a new user with an encoded password, you must ensure that all the existing users and the users you add to the users.properties file have encoded passwords.