反馈已提交
网络繁忙
You need to perform user authentication (The system will verify the entered username and password to ensure system security.) when logging into the FineBI system.
Login authentication information (username and login password) is stored in the database (FineBI built-in database FineDB or other external databases). If the password entered by the user during authentication is the same as the password in the database, the authentication is successful.
If the database is cracked, the login authentication information will be exposed, risking system security.
How to avoid such situations and ensure system security?
Encrypt login information in the FineDB database to ensure that the users' actual login information cannot be obtained even if the database is cracked.
In addition, FineBI provides the Custom Password Encryption method in Import User, which can encrypt the entered login information on the login page. When the encrypted login information matches that in the FineDB database, the authentication is successful.
Customize a password encryption class. The encryption method (described in a class) is saved in the path %BI_Home%\webapps\webroot\WEB-INF\classes.
FineBI performs a second SHA256 encryption based on the user's custom encryption algorithm to ensure password security.
Custom encryption can be used when the password column in the imported server dataset is the plaintext.
Plaintext of the password column in the imported server dataset
Write a custom encryption class through the interface to encrypt entered Password or Username and Password according to custom encryption rules. Supported two interfaces are as follows:
Interface 1: Encrypt the password to get the ciphertext: String encode(String originText);. The input parameter is the plaintext password.
Interface 2: Encrypt the username and password to get the ciphertext: String encode(String originUserName, String originPassword);. The input parameters are the username and plaintext password.
1. String encode(String originUserName, String originPassword); is encrypted through a new interface (include the functionality of interface 1) added on 2019/01/18. You are advised to use interface 2.
2. Custom encryption algorithms need to inherit the AbstractPasswordValidator class.
A successful login involves four encryption steps and one login authentication.
After importing users:
1. First encryption: Custom encryption. After importing users, the system will encrypt the ciphertext of the server dataset and write the resulting ciphertext into the FineDB database.
2. Second encryption: SHA256 encryption (performed uniformly by the system). The encryption object is the ciphertext obtained after the first encryption.
During user login:
3. Third encryption: Custom password encryption (selected in the Import User interface). The encryption object is the entered plaintext password.
4. Fourth encryption: SHA256 encryption (performed uniformly by the system). The encryption object is the ciphertext obtained after the third encryption.
5. Login authentication: Compare the ciphertext (obtained after the fourth encryption) with the ciphertext (in the FineDB database). If the two ciphertexts match, the authentication is successful.
1. Create a custom password encryption class to encrypt the plaintext password A entered by the user on the login page.
Prepare the compilation environment.
Write a Java file.
Compile a class file.
2. Create a server dataset to store user login information, including username, login password, and so on.
3. Import user information into the FineBI system for login authentication.
User source: the server dataset prepared in step 2
Password: password in the server dataset (ciphertext after custom encryption)
Encryption method: custom password encryption (using the password encryption class prepared in step 1)
Write a Base64 password encryption class, encrypt the entered user's password through a custom encryption algorithm, login authentication, and successfully log into the FineBI system.
Define a class in the compiler named Base64PasswordValidator.java which extends AbstractPasswordValidator. Java codes are as follows:
package com.fr.decision.privilege.encrpt;;import com.fr.base.Base64;import com.fr.base.ServerConfig;import com.fr.decision.privilege.encrpt.AbstractPasswordValidator;import com.fr.log.FineLoggerFactory;import java.io.UnsupportedEncodingException;public class Base64PasswordValidator extends AbstractPasswordValidator { public Base64PasswordValidator() { } public String encode(String originText) { try { return Base64.encode(originText.getBytes(ServerConfig.getInstance().getServerCharset())); } catch (UnsupportedEncodingException var3) { FineLoggerFactory.getLogger().debug(var3.getMessage()); return ""; } }}
Click to download the class file and unzip it: Base64PasswordValidator.zip
1. Generating the class file
Compile Base64PasswordValidator.java to generate the Base64PasswordValidator.class file.
2. Importing the class file
Save the compiled file Base64PasswordValidator.class to the path %BI_HOME%/webapps/webroot/WEB-INF/classes/com/fr/decision/privilege/encrpt.
The password prepared in the database will be encrypted twice and written into the FineDB database for login authentication. The above operations can ensure that the user's actual login information cannot be obtained even if the database is cracked.
Prepare a user information table, where the password in the password column is the plaintext. The table structure is shown in the following figure.
Example: If user A enters 123456 (plaintext password) on the login page, the password in the password column is 123456.
Click to download the user information table: Import_Users.xlsx
Use third-party tools such as Navicat to import the above table into the targeted database, and establish a data connection between the system and the database. Take the FRDemo database as an example.
1. Log into the FineBI system as the admin, choose System Management > Data Connection > Server Dataset, and create a SQL Dataset.
2. Set Import_Users as Dataset Name, select FRDemo as the data source, and enter the SQL sentence:
SELECT * FROM Import_Users
In Import User, you can select the Custom Password Encryption method to enhance system security.
Importing Users
Log into the FineBI system as the admin, choose System Management > User Management > All Users, and click Import User.
1. User source: the server dataset Import_Users prepared in section "Adding a Server Dataset"
2. Password: Password
3. Encryption method: Custom Password Encryption, using the custom encryption class Base64PasswordValidator.class prepared in section "Compiling a Class File".
Click OK to import users.
User A logs into the FineBI system.
User A's password in the server data is 123456. Enter 123456 (plaintext password) on the login page.
Click Login to log into the FineBI system.
This document provides commonly used custom password encryption method files, which you can use as needed. After downloading the file, place it in the specified folder and modify the custom class in section "Encryption Configuration". For the remaining steps, follow steps in section "Example for Custom Password Encryption".
FineBI allows encrypting the entered username and password through Base64 encryption.
The compiled Base64 encryption class is provided. Click to download the file: Base64UserPasswordValidator.zip
1. Click to download and unzip to obtain the class file, and save the file to the path %BI_HOME%/webapps/webroot/WEB-INF/classes/com/fr/decision/privilege.
2. Configure the plaintext in the password column of the server dataset. The system will encrypt the username plus password and store the ciphertext in FineDB database.
Example: If user A's password is 123456, then in the server database, the password column should be 123456, and the system encrypts A123456.
FineBI allows encrypting the entered password through SHA256 encryption.
The compiled SHA256 encryption class is provided. Click to download the file: SHA256PasswordValidator.zip
Click to download and unzip the class file, and save the file to the path %BI_HOME%/webapps/webroot/WEB-INF/classes/com/fr/decision/privilege/encrpt.
FineBI allows encrypting the entered username and password through SHA256 encryption.
The compiled SHA256 encryption class is provided. Click to download the file: CustomSHA256PasswordValidator.zip
1. Click to download and unzip the class file, and save the file to the path %BI_HOME%/webapps/webroot/WEB-INF/classes/com/fr/decision/privilege/encrpt.
FineBI allows encrypting the entered password through MD5 (32-bit lowercase) encryption.
The compiled MD5 (32-bit lowercase) encryption class is provided. Click to download the file: MD5CasePasswordValidator.zip
Click to download and unzip to obtain the class file, and save the file to the path %BI_HOME%/webapps/webroot/WEB-INF/classes/com/fr/decision/privilege.
FineBI allows encrypting the entered username and password through MD5 (32-bit lowercase) encryption.
The compiled MD5 (32-bit lowercase) encryption class is provided. Click to download the file: MD5CaseUserPasswordValidator.zip
FineBI allows encrypting the entered password through MD5 (32-bit uppercase) encryption.
The compiled MD5 (32-bit uppercase) encryption class is provided. Click to download the file: MD5UpperCasePasswordValidator.zip
FineBI allows encrypting the entered username and password through MD5 (32-bit uppercase) encryption.
The compiled MD5 (32-bit uppercase) encryption class is provided. Click to download the file: MD5UpperCaseUserPasswordValidator.zip
feedback
鼠标选中内容,快速反馈问题
鼠标选中存在疑惑的内容,即可快速反馈问题,我们将会跟进处理。
不再提示
10s后关闭