gatein.codec.builderclass=org.exoplatform.web.security.codec.JCASymmetricCodecBuilder
gatein.codec.config=${gatein.conf.dir}/codec/jca-symmetric-codec.properties
The automatic login feature of GateIn Portal uses cookie token mechanism to authenticate returning users without asking them to sign in explicitly.
Since GateIn 3.6, the tokens are not stored in plain text, but instead only their salted hash is stored.
Due to an internal design limitation of GateIn Portal, the Remember me feature requires that passwords are stored along with tokens. Since GateIn 3.6, these passwords are encrypted symmetrically before they are stored.
The implementation is based on Java Cryptography Architecture (JCA) library. By default, the AES algorithm is used for password encryption. All secrets needed in the process are created and maintained by the operator of the portal. Portal operators should keep them private.
The default configuration of JCA-based encryption can be found in configuration.properties file
gatein.codec.builderclass=org.exoplatform.web.security.codec.JCASymmetricCodecBuilder
gatein.codec.config=${gatein.conf.dir}/codec/jca-symmetric-codec.properties
It says that the org.exoplatform.web.security.codec.JCASymmetricCodecBuilder is used and that it is configured in jca-symmetric-codec.properties file. Note that there is no jca-symmetric-codec.properties file in the default GateIn Portal packaging. You need to create this file only if you intend to customize the default settings which would be as follows in properties file format:
# Defailed information on JCA standard names could be found at # # http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#KeyStore # # The file key.txt is generated via keytool util in JDK # # keytool -genseckey -alias "gtnKey" -keypass "gtnKeyPass" -keyalg "AES" -keysize 128 -keystore "key.txt" -storepass "gtnStorePass" -storetype "JCEKS" # # gatein.codec.jca.symmetric.alias=gtnKey gatein.codec.jca.symmetric.keypass=gtnKeyPass gatein.codec.jca.symmetric.keyalg=AES gatein.codec.jca.symmetric.keystore=key.txt gatein.codec.jca.symmetric.storepass=gtnStorePass gatein.codec.jca.symmetric.storetype=JCEKS
You are free to customize many aspects of the default setup, such as algorithm, key storage, key size, etc.
To generate a secret key that suits your needs, you will need to issue something like the following:
$JAVA_HOME/bin/keytool -genseckey -alias "customAlias" -keypass "customKeyPass" -keyalg "customAlgo" -keystore "customStore" -storepass "customStorePass" -storetype "customStoreType"
Note that
The list of available algorithms can be found in Standard Algorithm Name Documentation.
Some extra params for keytool might be required for some algorithms.
In JCA, only JCEKS storetype supports symmetric encryption.
The above keytool command stores the freshly generated secret key in a file named customStore. Copy this file to the gatein/conf/codec directory to be able to reference it in jca-symmetric-codec.properties file.
It remains to update the jca-symmetric-codec.properties file with parameters used in the above keytool invocation:
gatein.codec.jca.symmetric.alias=customAlias gatein.codec.jca.symmetric.keypass=customKeyPass gatein.codec.jca.symmetric.keyalg=customAlgo gatein.codec.jca.symmetric.keystore=customStore gatein.codec.jca.symmetric.storepass=customStorePass gatein.codec.jca.symmetric.storetype=customStoreType