Unable to login http://xxx:8080/webas2 -- Open Source Mendelson AS2 1.1 b49

Unable to login http://xxx:8080/webas2 whether admin or guest account.
Content of passwd file is
admin:admin::FULL:FULL
guest:guest::NONE:FULL

Forum
AS2

Comments

Profile picture for user service
Permalink

Hello,

we checked this and could confirm that it does not work in the community version. That's weird as it works fine in the commercial version and it's the same code base.
We will see how to fix it later.

Regards

Permalink

The same for me as well.
So I looked it up in the b49 source.

I think the problem is, that PBKDF2.generateStrongPasswordHash(new String(password)) makes use of an individual random salt every time it is called. Therefore, comparison of the password entered in the Web-AS2 login window and the password which is retrieved from the password file fails, since both are "crypted" before being compared.

Hope this helps.

Permalink

Service,
Do we have an update on this issue? I am experiencing same.

Permalink

Replace in the de.mendelson.comm.as2.webclient2.AS2WebUI class line:161
|| !(foundUser.getPasswdCrypted().equals(User.cryptPassword(password.toCharArray())))

to

|| !(foundUser.validatePasswd(password))

and add to the de.mendelson.util.clientserver.user.User class this method:

public boolean validatePasswd(String passwd){
try{
return PBKDF2.validatePassword(passwd, this.passwdCrypted);
}catch (Throwable e) {
e.printStackTrace();
return false;
}
}

It helped me.