2 Replies Latest reply on May 20, 2004 4:12 AM by olaso

JAAS: How Can I encrypt a password?

maraos Aug 4, 2003 10:06 AM

"maraos" wrote:
Hi everybody:

I've been used JAAS DatabaseServerLoginModule.
with two tables users and roles. The users table has password's column not encrypted.

Question:

How Can I use encrypt passwords with JAAS. I've heard cryptix with JBoss..but I don't know anymore..

What do you suggest to start?

Thanks a lot..

1. Re: JAAS: How Can I encrypt a password?

martin0 Feb 28, 2004 3:35 PM (in response to maraos)

DatabaseServerLoginModule has a hashAlgorithm module option.

Martin
Actions

2. Re: JAAS: How Can I encrypt a password?

olaso May 20, 2004 4:12 AM (in response to maraos)

I solved it in this way. First download a JCrypt source code from:

http://locutus.kingwoodcable.com/jfd/crypt.html

Add to that code the following function:

public static boolean isPasswordOK(String strCryptedPassword, String strPasswordToVerify)
 {
 String strVerif = JCrypt.crypt(strCryptedPassword,strPasswordToVerify);
 return strVerif.equals(strCryptedPassword);
 }

And afterwards create a new class that extends from DatabaseServerLoginModule. Mine is:

public class JCryptDatabaseServerLoginModule extends DatabaseServerLoginModule
{

 /** A hook that allows subclasses to change the validation of the input
 password against the expected password. This version checks that
 neither inputPassword or expectedPassword are null that that
 inputPassword.equals(expectedPassword) is true;
 @return true if the inputPassword is valid, false otherwise.
 */
 protected boolean validatePassword(String inputPassword, String expectedPassword)
 {
 if( inputPassword == null || expectedPassword == null )
 return false;
 return JCrypt.isPasswordOK(inputPassword,expectedPassword);
 }
}

[/url]

Go to original post