How to post password from a custom controller using ajax?

I have a custom controller where the user can enter username and password (
What is the proper way to post the password and decrypt it from the jsp page?
Here is a snipper of what I have:

loadTargetRepos:function (selectedUrlId) {
        BS.ajaxRequest(base_uri + '${controllerUrl}', {
            parameters:'selectedUrlId=' + selectedUrlId + '&onServerChange=true&loadTargetRepos=true'
            + '&username=' + $('deployerUsername').value
            + '&password=' + $('secure:deployerPassword').value,
            onComplete:function (response, options) {

Here is the controller:

    protected void doPost(HttpServletRequest request, HttpServletResponse response, Element element) {
        String selectedUrl = request.getParameter("selectedUrlId");

        if (StringUtils.isNotBlank(selectedUrl)) {
            long id = Long.parseLong(selectedUrl);

            String loadTargetRepos = request.getParameter("loadTargetRepos");
            if (StringUtils.isNotBlank(loadTargetRepos) && Boolean.valueOf(loadTargetRepos)) {
                Element deployableReposElement = new Element("deployableRepos");

                boolean overrideDeployerCredentials = Boolean.valueOf(request.getParameter("overrideDeployerCredentials"));
                String username = request.getParameter("username");
                String password = request.getParameter("password");

I see from my browser that the passwrod is sent wrong:

password: 0.9408094059737296
Comment actions Permalink

OK making some progress here:
Found that there is a hidden field:
<input type="hidden" name="prop:encrypted:secure:deployerPassword" id="prop:encrypted:secure:deployerPassword" value="7bd0e4c15ab920c8ec4aaf4149ab4ee51795dcd18f8a8464c951ec2abe8e277d66620efc47fe8f7e2eb0dcbcf736646c5729052ce9418d560cf410644f82375d38c2c8b775d1db800a9fdf09f34d80945a6f85f80dc083b482ad8fdf694a9db12ccd291cbf3b3c2f4a4a0d96fc52a81a7551c44455e92f9f22314489fce49872">

I suppose I need to use EncryptUtil.unscramble() somehow but this string is not enough to pass as a parameter to this method.

Comment actions Permalink

Found it!
String password = request.getParameter("password");
password = RSACipher.decryptWebRequestData(password)

Comment actions Permalink

How do you submit the form? Did you write some JavaScript code to populate this encrypted hidden field with value from password field? In TeamCity we use forms.js/BS.AbstractPasswordForm object to do this type of encryption (see serializeParameters function).


Please sign in to leave a comment.