-
1. Re: password hash value
joblini Nov 23, 2008 7:56 PM (in response to nepveul)I generated a password for demo/demo, I also get /9Se/pfHeUH8FJ4asBD6jQ==
Is the @UserEnabled column in your database set to
true
? I noticed that if the user is disabled theinvalid username/password
is displayed. I think this message is displayed for various problems during the authentication process. Perhaps a problem in your configuration? Check components.xmlIncidently, here is how the hash is generated, notice that it is based on the username and the password.
public String generateSaltedHash(String password, String saltPhrase, String algorithm) { try { MessageDigest md = MessageDigest.getInstance(algorithm); if (saltPhrase != null) { md.update(saltPhrase.getBytes()); byte[] salt = md.digest(); md.reset(); md.update(password.getBytes()); md.update(salt); } else { md.update(password.getBytes()); } byte[] raw = md.digest(); return Base64.encodeBytes(raw); } catch (Exception e) { throw new RuntimeException(e); } }
-
2. Re: password hash value
nepveul Nov 23, 2008 10:51 PM (in response to nepveul)Hey Ingo,
Thanks for you answer. My UserEnabled column is correctly set because when I use an unhashed password, it is working fine.
As for the method you provided, what would be the saltPhrase value?
Thanks!
Laurent
-
3. Re: password hash value
joblini Nov 24, 2008 1:18 AM (in response to nepveul)The salt is the username, see JpaIdentityStore and PasswordHash in the source files included with Seam.
protected String getUserAccountSalt(Object user) { // By default, we'll use the user's username as the password salt return userPrincipalProperty.getValue(user).toString(); }
-
4. Re: password hash value
nepveul Nov 24, 2008 1:25 AM (in response to nepveul)Got it working! Thanks!