2 Replies Latest reply on Jan 1, 2009 3:02 PM by bsmithjj.bradley.1.smith.gmail.com

    JpaIdentityStore and custom PasswordHash

    bsmithjj.bradley.1.smith.gmail.com
    bsmithjj.bradley.1.smith.gmail.com Dec 29, 2008 5:30 PM

      according to the Seam reference documentation:


      If an application requires a hash algorithm that isn't supported natively by Seam, it is possible to extend the PasswordHash component to implement other hashing algorithms.


      However, after extendind PasswordHash, like such:



      @Scope(ScopeType.STATELESS)
      @Name("org.jboss.seam.security.passwordHash")
      @Install(precedence = Install.APPLICATION)
      @BypassInterceptors
      public class MyPasswordHash extends PasswordHash {

      ...
          @Override
          public String generateHash(String passwordToHash) {
           ...
          }

      }


      and configuring my app to use JpaIdentityStore, I noticed that my custom PasswordHash was not being invoked on login.  I looked at the JpaIdentityStore impl and found that it's making calls like this


      PasswordHash.instance().generateSaltedHash(password, salt);


      as part of the authenticate(...) impl.  My question is how is it possible to have the JpaIdentityStore use my custom PasswordHash if it's directly using the the singleton-instance approach to find a PasswordHash, instead of looking up a PasswordHash from one of the Seam contexts?


      Thanks,
      Brad Smith


      • 225 Views
      • Tags: