Apache James User Information Database Storage and Password Question

Database storage and password issues of Apache James user information: Chen Source: www.zdnet.com.cn visit: Times Joined: 2004-12-14

This article mainly solves two problems: one is how to store James's user information into the database, and how to handle password issues when JAMES twice is developed. This article is for users who have experience in James. For James's initiator, please read my article "Apache James Getting Started". 1. James Introduction Apache James (Java Apache Mail Enterprise Server) is one of the subcommets of the Apache organization, which is fully developed, implemented in various mail related protocols such as SMTP, POP3 and NNTP. James is also an email application platform that can be extended through the MAILET, such as Mail2Sms, Mail2fax, etc. James provides a relatively complete configuration scheme, especially for mail content storage and user information storage portions, can be saved in files, databases, or other media. JAMES is stable, configurable, or open source project, all source code does not have copyright issues, so the application in the project is increasingly wide, and now the common version is 2.3, but the latest version 2.3 has been launched, in this article, we It will still be used as James2.1 as a introduction blue. Second, a hypothetical project assumes that I want to use James as a mail server, develop a web-based mail system, just like 263.net, 163.net, require online registration, online send and receive mail. By default, the user information of James is stored in the text. Although it has been added, since the text archive is insufficient, it is not convenient for query and corresponding processing. Fortunately, James provides a variety of user information storage schemes such as database storage, LDAP storage, etc. Here we will use the Database Storage as an example, explain the management of user information, and the database uses mysql. Of course, you can also use LDAP, such as free OpenLDAP, very powerful. Third, the user information of user information The user information of JAMES mail users is saved in the apps / james / var / users directory, and the user information can be saved to the database by modifying the configuration file apps / james / sar-inf / config.xml. The configuration method is as follows: Step 1: Newly burse a database mail, user name root, password is empty in MySQL; Step 2: Open config.xml, find , this default content is :

need to be modified to:

file: ///sqlresources.xml By modifying, we change the storage medium of user information from File to DB, is indicating the data table structure and related database information in DB. Step 3: Still config.xml, find the item, the default content is empty, modify this content to:

org.gjt.mm.mysql.driver jdbc: mysql: // 127.0.0.1/mail root 20 refers to MySQL JDBC driver, Refers to the accessed path of the database. The new build database name after IP is Mysql. Next is the username, password, and maximum number of connections. At this point, the database configuration is complete, start JAMES, if it is correct, add a new user through Telnet, such as AddUser Holen 123456, then check the Mail database in MySQL, there will be a table userS, this is James according to File: // Conf The content created by /sqlresources.xml. Through the above configuration, the user information of James can be saved in the database. Fourth, password problem When you add new users through Telnet, such as AddUser Holen 123456, you can view records in the database, the first field is HOLEN, the second field is a password, but the password is not 123456, and a string "garbled" (ZhwquMTWDMQWFM / H0BIB51GF) ?? This is the password content after the encrypted code, and then looks at the "SHA", which is clearly the SHA encryption method. Adding a new user by telnet, the user password will be automatically encrypted and then inserted into the database. However, user management has many inconveniences through Telnet, although you can use James's RMI toolkit, improve efficiency, but there is still no essential change. When you need to use it as a commercial use, you can't ask your customers to familiarize. Pile of commands. Generally we can do a web front end, add a modified user, friendly, foolified, such as 263 or 163. If we do, we need to directly operate the database, add user records or modify the delete user record. But don't forget, James defaults to the user password is encrypted. Since we have to directly operate the database, then we only have two options: either we study its password mechanism, when we add a record, we have the same encryption of the new user's password, Either we remove the James encryption mechanism to save it. Fortunately, these two options are feasible. We download the James source package from the Apache website. Download the files for James-2.1-src.zip, close to 8M, by analyzing the source code, we find that files related to the user password are defaultuser.java, partial source code as follows:

package org.apache.james.userrepository; ...... / ** * Method to verify passwords * * @param pass the String that is claimed to be the password for this user * @return true if the hash of pass with the current algorithm. . matches * the stored hash * / public boolean verifyPassword (String pass) {try {String hashGuess = DigestUtil.digestString (pass, algorithm); return hashedPassword.equals (hashGuess);} catch (NoSuchAlgorithmException nsae) {throw new RuntimeException ( " Security error: " nsae);}} / ** * Sets new password from String No checks made on guessability of * password * * @param newPass the String that is the new password * @return true if newPass successfuly hashed... * / Public boolean setPassword (String newpass) {Try {HashedPassword = Digestutil.digestString (newpass, algorithm); return true;} catch (nosuchalithmexception nsae) { Throw New RuntimeException ("Security Error:" NSAE);}} ... The first method verifyPassword () is used to do password authentication, the incoming parameters are the plain text password, via the Digestutil.Digeststring () method, converted into confidentiality CD, then compare the comparison result with the password in the database. Note that the Digestutil.DigestString () method here is also mentioned later. The second method setPassword () is used for password conversion, converting clear text into ciphertext, which is also the Digestutil.DigestString () method. Talking about it, I believe you should know how to make password conversion and password authentication in your own program! In fact, it is not to write a SHA encryption algorithm. Since James has provided this feature, you call it. There is also a situation, developers need to save passwords in the database, so you don't have to convert passwords in your own program, and when multiple application systems use a unified user model, it is best to have only one user instance. To achieve this demand, you can only modify the James source code, change the verifypassword () method and setpassword ():