As we all know, OpenFire is generally registered in three ways:
1. In-band registration----In-band registration. That is, the client connects and verifies anonymously with the OpenFire server, and then initiates the registration of the node XML stream, which is registered directly as a server in a xmppstream manner. There is another XMPP in-band registration demo on Code4app that demonstrates this method in detail (not what I wrote).
Pros: No need to assume additional server-side, suitable for Java-ignorant developers.
Cons: Not easy to manage user accounts. The Jid of user registration is irregular and can not be self-grown. Low security.
2.Openfire Two development (write plugin for openfire)-----This is done two times by downloading the OpenFire (Jivesoftware open OpenFire Open source code) instead of installing the OpenFire installation package directly. Two times the development is very powerful, I will later mention in this way to get the user's group, online information, group push message, etc. are very convenient. However, the workload is relatively large, not recommended for novice Java selection.
3. The external OpenFire database to the local database, the direct operation of the Ofuser table and its encryption method and field rules imitation, can be added to the background with the same effect of the account. My imitation demo is taken in this way.
Pros: You can use Hibernate, which is better than JDBC, to manipulate the self-contained user tables in OpenFire to enjoy hibernate performance. The user name in the generated Jid can be managed from a growth-in way that is easy to manage later.
Cons: Different computers, or reloading OpenFire, will change the encryption key, so if you encounter this situation, you will need to decrypt the old secret password and then encrypt it with the new secret key.
So how do you do it?
1. Locate the user table in the OpenFire default database Ofuser
Plainpassword generally do not use, OpenFire user name password is generally used in the back of the Encryptedpassword to store, here I retain a part of the Ming civilization Code is also for convenience in case everyone forgot the password I can tell him directly, Because so many users I also neglect management, free open source business can not have to have customer service to help you retrieve the password, right ...
After careful analysis of the various COLUNM structures of the table (if you are newly installed, you can observe the information of Amdin this user), we found that if we want to create a new user, many fields are nullable, but in order to try not to affect the openfire itself, I decided to forge a timestamp and cipher password, And then self-growth username to achieve the purpose of registration. You can not use self-growth username here.
Note that although there are only 3 non-null fields, you essentially have at least 4 fields, that is, these 3 fields plus plaintext or ciphertext passwords, or you don't have a password to log in. Second, look at the char (15) Type of timestamp here, we know that iOS timestamp is a single digit per second floating point number, Java Timestamp is a 13-bit integer in milliseconds (to the author to write this blog is 13, do not exclude the possibility of breaking 14 bits, estimated to wait hundreds of years bar), It is not difficult to find this char is actually java timestamp char[] Format data, this is very good to run. Username we let him grow. Next is the password, here is best not to use the plaintext password, or later landing problems, I am not responsible.
OK is not verbose, simply say cipher How to forge secret text. First, we need to study the OpenFire encryption principle, that is, his encryption method. OpenFire use its source code in the Blowfish.java tool class to encrypt, simple to see his source code is not difficult to find its encryption is essentially digest.
So we have to successfully forge a qualified password, must get this file and call him. Everyone can go to www.hcios.com:8080 download page Java source code to find him.
This encryption class works very simple, with each openfire installed after the generation of Passwordkey as key, and then in some form of timestamp as a variable splicing user's plaintext password mixed encryption. The result is that the same password different openfire on the results of encryption, the same ciphertext password decryption is not the same. Even with the same server, the ciphertext password is different after the encryption, but the decrypted plaintext password is the same (because the time stamp and the plaintext password are mixed together and the time is changing).
So as long as the passwordkey unchanged, then our arbitrary plaintext password at any time to encrypt, at any time can be decrypted back to the original plaintext password.
This key can be found in the OpenFire console---server properties, or it can be found in the Ofproperty table:
The value of the Passwordkey property (note the value of each openfire is different).
It's good to find him.
Then you can write our code:
Blowfish.java: http://download.csdn.net/detail/zwdsmileface/8606315
Note: This file needs to rely on a slf4j jar package, which is available on the web.
public static void Main (string[] args) {//Note here is your openfire secret key Blowfish _encoder=new Blowfish ("cdctjgmyjv3e 473 "); ResultSet rs = null; Statement stmt = null; Connection conn = null; try {class.forname ("oracle.jdbc.driver.OracleDriver"); New Oracle.jdbc.driver.OracleDriver (); conn = Drivermanager.getconnection ("JDBC:ORACLE:THIN:@192.168.1.85:1521:ORCL", "Test", "test"); stmt = Conn.createstatement (); String encodedstr=_encoder.encryptstring ("CCC"); String Time=string.format ("00%d", System.currenttimemillis ()); String sql= "INSERT into ofuser values (' CCC ', ' ', '" +encodedstr+ "', ' ', ' ', '" +time+ "', '" +time+ "')"; Stmt.execute (SQL); } catch (ClassNotFoundException e) {e.printstacktrace (); } catch (SQLException e) {e.printstacktrace (); } finally {try {if (rs! = null) {rs.close (); rs = null; } if (stmt! = null) {stmt.close (); stmt = null; } if (conn! = null) {conn.clOSE (); conn = null; }} catch (SQLException e) {e.printstacktrace (); } } }
This code is just a small example I wrote with JDBC, you can use Hibernate or other methods, what will not please leave a message.
Directly manipulate database data to register new users for OpenFire