Hi,
I am trying to migrate my application which was not developed on jmix.
I merging my existing project usertable with jmix usertable. Since exiting application and jmix uses different password encryption. I want to merge or use both usertable if possible for login so that there is no data loss if existing application user tries to login in jmix he may able to login since it is and existing user.
Password encryption is indicated by the {} prefix in the password field of the USER table, for example:
{noop}admin
{bcrypt}$2a$10$7Sw1j21fxjW3ak43TdPPrelRSXN/.Iddoh1LOElOJjbpZ5opZo5jK
So you can merge your existing users providing the appropriate prefix to their passwords.
Hi,
I tried importing existing application user to jmix User table and i updated admin password manually to imported user i am getting bad credentials.
2022-11-14 12:30:29,210 WARN [http-nio-8083-exec-5] io.jmix.securityui.authentication.LoginScreenSupport 221 : Attempt of login to UI for user ‘sys_user’ without ‘ui.loginToUi’ permission
2022-11-14 12:30:29,211 INFO [http-nio-8083-exec-5] com.mobicule.mcollectsettlementnew.screen.login.LoginScreen 120 : Login failed
org.springframework.security.authentication.BadCredentialsException: Unknown login name or bad password
at io.jmix.securityui.authentication.LoginScreenSupport.checkLoginToUi(LoginScreenSupport.java:223)
at io.jmix.securityui.authentication.LoginScreenSupport.onSuccessfulAuthentication(LoginScreenSupport.java:187)
at io.jmix.securityui.authentication.LoginScreenSupport.authenticate(LoginScreenSupport.java:171)
at com.mobicule.mcollectsettlementnew.screen.login.LoginScreen.login(LoginScreen.java:115)
at com.mobicule.mcollectsettlementnew.screen.login.LoginScreen.onSubmitActionPerformed(LoginScreen.java:100)
at io.jmix.core.common.event.EventHub.publish(EventHub.java:170)
at io.jmix.ui.action.BaseAction.actionPerform(BaseAction.java:220)
at io.jmix.ui.component.impl.ButtonImpl.buttonClicked(ButtonImpl.java:75)
at io.jmix.ui.widget.JmixButton.fireClick(JmixButton.java:77)
at com.vaadin.ui.Button$1.click(Button.java:57)
at sun.reflect.GeneratedMethodAccessor131.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.vaadin.server.ServerRpcManager.applyInvocation(ServerRpcManager.java:153)
at com.vaadin.server.ServerRpcManager.applyInvocation(ServerRpcManager.java:115)
at com.vaadin.server.communication.ServerRpcHandler.handleInvocation(ServerRpcHandler.java:442)
at com.vaadin.server.communication.ServerRpcHandler.handleInvocations(ServerRpcHandler.java:407)
at com.vaadin.server.communication.ServerRpcHandler.handleRpc(ServerRpcHandler.java:275)
at com.vaadin.server.communication.UidlRequestHandler.synchronizedHandleRequest(UidlRequestHandler.java:83)
at com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:40)
at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1636)
at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:465)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:327)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:121)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
I forgot to assign role to new users, now it is working fine.
Thank you Konstantin Krivopustov.
Hi,
Is it possible to override login and password change methods so that we can additional custom code.
Currently i am facing challenges of authentication since old application has two table user_table(for storing username) and user_authentication(for storing password) and in JMIX username and password are both stored in single table user_table.
So is it possible to linked password to be checked from two table or add some additional code to work smoothly.
You can add a EntityChangedEvent for the User entity and update your second table.
See also custom password validation, maybe it’ll help.