-
1. Re: Password Hashing
cash1981 Jul 2, 2009 3:03 PM (in response to zubeen) -
2. Re: Password Hashing
zubeen Jul 2, 2009 6:16 PM (in response to zubeen)i have read it before but not quite understood it...
-
3. Re: Password Hashing
cash1981 Jul 2, 2009 9:02 PM (in response to zubeen)Then tell me what is your problem.
-
4. Re: Password Hashing
rmuruga Jul 4, 2009 2:07 PM (in response to zubeen)Why don't you check your components.xml in case of using custom authenticator you must make a entry there to use that ,if you have done that already, don't use identity.getUserName() in seam 2.1.2, use like below to get the password and password entered .
String userName = identity.getCredentials().getUsername();
String password = identity.getCredentials().getPassword(); -
5. Re: Password Hashing
zubeen Jul 7, 2009 11:33 AM (in response to zubeen)Not a problem with
identity.getUserName()
...because the username is getting verfied...its the md5 hashed password in the db that is not getting verified. -
6. Re: Password Hashing
shane.bryzak Jul 7, 2009 12:26 PM (in response to zubeen)Use the password hash generator page in the Seamspace example to compare the hash with the one you have in your database. I'm guessing that you're not calculating it correctly (possibly missing a salt value, etc).
-
7. Re: Password Hashing
zubeen Jul 7, 2009 3:43 PM (in response to zubeen)I tried using the SAME hash generator used in Seamspace (Hash.java) with my code:
@Column(name = "password", length = 50) @UserPassword(hash = "md5") @Length(max = 50) public String getPassword() { return this.password; } public void setPassword(String password) { this.password = password; } //Retrieving User whose login name matches Users user = (Users) entityManager .createQuery( "SELECT users FROM Users users WHERE users.name = :userName") .setParameter("userName", identity.getUsername()) .getSingleResult(); this.user = user; //User does not exist if (user == null) { log.info("No such user " + identity.getUsername()); return false; } //User Exists log.info("Yes such user " + identity.getUsername()); if(identity.getPassword().equals(user.getPassword())) { log.info("Yes such password " + identity.getUsername()); return true; }
now, No password is encrypted while entering in databse.
im too confused..please help -
8. Re: Password Hashing
nopik.nopik.fxtaurus.com Jul 7, 2009 3:46 PM (in response to zubeen)Did you tried to print received and stored passwords to the logs? Maybe there is just simple problem, like .equals() instead of .equalsIgnoreCase() or something like that?
-
9. Re: Password Hashing
shane.bryzak Jul 7, 2009 4:55 PM (in response to zubeen)Why are you comparing identity.getPassword() with user.getPassword()? If you're hashing your passwords in the database, then user.getPassword() will be the hash - identity.getPassword() returns the plain text password the user is authenticating with, so of course they won't be equal.
-
10. Re: Password Hashing
zubeen Jul 8, 2009 7:21 AM (in response to zubeen)ok did that..
now i insert an entry manually into the database
insert into users values('admin',null,md5('admin'))after this i try to login using username/password as admin/admin...the user gets verified but the password does not..
-
11. Re: Password Hashing
prati Nov 20, 2009 12:21 PM (in response to zubeen)Hi Shervin
I followed ur blog and now i can save hashed password in database.
I also used hash="md5" annotation
@UserPassword(hash ="md5")
public String getPassword() {
return password;
}
Now the problem is how can I log in using plain text password.
Although i am using this query
Person user = (Person)entityManager.createQuery("select p from Person p where p.userName = :username and p.password = MD5(:password)")
Its not working.
Am i misiing something.
Pratibha -
12. Re: Password Hashing
prati Nov 20, 2009 2:04 PM (in response to zubeen)Yeah solved this like
if(user!=null) {
if (user.getPassword().equals(usrmanager.generatePasswordHash(user.getPassword(), user.getUserName())))
{
return true;
//authentication successful
}
Thanks
Pratibha. -
13. Re: Password Hashing
prati Nov 20, 2009 2:49 PM (in response to zubeen)Ohh!! Really sorry for my previous post it should be
(user.getPassword().equals(usrmanager.generatePasswordHash(identity.getCredentials().getPassword(), identity.getCredentials().getUserName())))
I am not using identitySore and don't really know whether taht will be of any help