compare hashed passwords during login

kevmaster May 20, 2008 6:55 PM

I have normal login which compares password and email. Now my passwords are stored as md5-hash.
I dont know how to split the query to hash to login-password.

code:

public boolean login() {
          
          try {
               HashMapperAction hashPassword = new HashMapperAction(); //hashPassword.hash(password)
               User user = (User) em.createQuery(
                         "from User where email = :username and password = :password")
                         .setParameter("username", identity.getUsername())
                         .setParameter("password", identity.getPassword())
                         .getSingleResult();

               if(user.getUserRoles() != null) {
                    for(UserRole ur : user.getUserRoles())
                    identity.addRole(ur.getType().toString());
               }
               
               activeUser = user;
                         
               return true;
          }catch(NoResultException ex)  {
               return false;
          }
     }

HashMapperAction.hash() is the method which build md5-hash, it works for storing the passwords.

now i need an advice to compare these passwords in login process. thx

1. Re: compare hashed passwords during login

dan.j.allen May 22, 2008 12:00 AM (in response to kevmaster)

If the password is stored in the database hashed, then change the password parameter value to the hash of the password they typed. That should allow you to compare them in the database.
Actions