Documentation » CoreDevelopersGuideIndex » CoreDevelopersGuideXOREncoder
Login|Register|Print
Broadcast on Broadcast off
The Documentation for Project Zero has moved. Please update your bookmarks to: http://www.projectzero.org/documentation/
Table of
Contents...Hide

Project Zero Developer’s Guide

Concepts and components
Basic concepts overview
Event processing
Writing Java handlers
Writing Groovy handlers
Firing events
Global Context
Global Context reference
Application directory layout
Virtualized directories
Assemble
PHP
Features and configuration
Configuration
Debugging
Dependencies
Packaging
Application classpath
Logging and tracing
RESTful resources
RESTful documentation
File serving
Response rendering
Validators and validation
HTTP error handling
Calling a remote resource
Using the Connection API
Sending an email using EmailConnection
Configuring destinations
Configuring protocols
Configuring connection handlers
Creating a connection handler
Creating a custom protocol transport
Simple logging connection handlers
Protocol reference
Client programming with Dojo
Runtime options
Deployment modifications
HTTP configuration
SSL configuration
Proxy configuration
Extending the CLI
Security considerations
Authentication
OpenID authentication
Extending security
Security tokens
CSRF prevention support
Extending token support
Leveraging TAI
User service
File based user service
LDAP user service
Extending user service
Security Utilities
Leveraging XOREncoder
Extensions
Atom support
RSS support
JSON support
XMLEncoder
REST to SOAP extension
URIUtils
Developer Web tools
Database setup tools
Configuring data access
Common query patterns
Advanced query patterns
Update patterns
Local database transactions
Extending data access
Configuration vendor differences
PHP data access
Resource model
Configuring ZRM
Resource model declaration
Programmatic model API
HTTP REST API
A ZRM mini tutorial
Active content filtering support
Default filters
Custom filters
Runtime management
Management commands
Zero socket opener
Other extension modules
Amazon E-commerce service
Flickr service
WeatherZero forecast service
Wikipedia service
Reference
Zero command line interface
JavaDoc - Public API
JavaDoc - Public SPI
JavaDoc - All Classes

 

Leveraging XOREncoding

Project Zero provides an XOREncoder library with a simple encoding API so applications do not have to store passwords in clear text. Depending on whether your library supports encoding of a property in zero.config, you can use the command line or Eclipse to encode the password using XOREncoding.

Using the API

For a complete overview of the XOREncoder API, see the javadoc for zero.core.security.util.XOREncoder.

Decoding a string during runtime

To decode a value obtained from the Global Context, do the following:

  1. Obtain the string from the global context.
  2. Invoke the decode method on the XOREncoder class. 

String encodedParameter =  GlobalContext.zget("/config/customLibrary/myPassword");
String decoded = zero.core.security.util.XOREncoder.decode(encodedParameter);
// use the decoded value to do something.

Leveraging EncoderCommand for encoding

You can either use Eclipse or the command line to use EncoderCommand encoding.

Using Eclipse

You can find XOREncoderCommand.class under YOUR_ZERO_APP_PROJECT > Zero Resolved Libraries > ZERO_CORE_JAR_FILE (zero.core-VERSION_NUMBER.jar)> zero.core.security.util.EncoderCommand

Follow below steps to encode:

  1. Right click on EncoderCommand.class, and select "Run As" > "Java Application." on the context menu.
  2. The encoder command prompts you to specify a whether you would like to encode or decode a string which in this case we will select encode.. For instance, 
    Jan 29, 2008 1:36:35 PM zero.core.security.util.EncoderCommand enterInteractiveMode
INFO: CWPZC2026I: Entering interactive mode.

Jan 29, 2008 1:36:36 PM zero.core.security.util.EncoderCommand enterInteractiveMode
INFO: CWPZC2027I: Please type encode or exit to quit.

encode
Jan 29, 2008 1:36:42 PM zero.core.security.util.EncoderCommand enterInteractiveMode
INFO: CWPZC2028I: Enter string to encode
mySpecialPassword
  3. The result of this command will look something like this: 
    Jan 29, 2008 1:36:50 PM zero.core.security.util.EncoderCommand enterInteractiveMode
INFO: CWPZC2030I: Result
<xor>MiYMLzo8Nj4zDz4sLCgwLTs=
Jan 29, 2008 1:36:50 PM zero.core.security.util.EncoderCommand enterInteractiveMode
INFO: CWPZC2027I: Please type encode or exit to quit.

Note. You can repeat step 2 and 3 to issue other command parameters for encoding on the eclipse console. If you finish interaction with the command, please type "exit" at step 3 on the console and enter.

For command line users

The encoder service is included in the zero.core, therefore you must resolve the zero.core as shown in the following :

  1. Move to <zerohome> directory.
  2. Add <zerohome> directory to the path environment variable.
  3. Create an application 
    zero create SampleApp
  4. Move to <apphome> directory.
  5. Resolve dependencies like : 
    zero resolve
Now you can issue the encoder service command with the command line. The XOREncoder command directly accepts arguments. You can make use of it with the command line.

  1. To create an XOR encoded string, run the XOREncoder command as follows: 
    zero encode PASSWORD
    For instance, 
    zero encode password1
  2. This returns the following result (value starts with <xor>): 
    result    <xor>Lz4sLCgwLTtu

r16 - 29 Jan 2008 - 19:14:25 - todkap
Quick Links: Forum | Bugzilla| Blog| Getting Started| Developer's Guide| FAQ
Syndicate this site RSS ATOM
Copyright 2007 © IBM Corporation | Privacy | Terms of Use | About this site