-
1. Re: Password Hashing
-
-
-
4. Re: Password Hashing
Why don't you check your components.xml in case of using custom authenticator you must make a entry there to use that ,if you have done that already, don't use identity.getUserName() in seam 2.1.2, use like below to get the password and password entered .
String userName = identity.getCredentials().getUsername();
String password = identity.getCredentials().getPassword(); -
5. Re: Password Hashing
Not a problem with
identity.getUserName()
...because the username is getting verfied...its the md5 hashed password in the db that is not getting verified. -
6. Re: Password Hashing
Use the password hash generator page in the Seamspace example to compare the hash with the one you have in your database. I'm guessing that you're not calculating it correctly (possibly missing a salt value, etc).
-
7. Re: Password Hashing
I tried using the SAME hash generator used in Seamspace (Hash.java) with my code:
@Column(name = "password", length = 50) @UserPassword(hash = "md5") @Length(max = 50) public String getPassword() { return this.password; } public void setPassword(String password) { this.password = password; } //Retrieving User whose login name matches Users user = (Users) entityManager .createQuery( "SELECT users FROM Users users WHERE users.name = :userName") .setParameter("userName", identity.getUsername()) .getSingleResult(); this.user = user; //User does not exist if (user == null) { log.info("No such user " + identity.getUsername()); return false; } //User Exists log.info("Yes such user " + identity.getUsername()); if(identity.getPassword().equals(user.getPassword())) { log.info("Yes such password " + identity.getUsername()); return true; }now, No password is encrypted while entering in databse.
im too confused..please help -
8. Re: Password Hashing
Did you tried to print received and stored passwords to the logs? Maybe there is just simple problem, like .equals() instead of .equalsIgnoreCase() or something like that?
-
9. Re: Password Hashing
Why are you comparing identity.getPassword() with user.getPassword()? If you're hashing your passwords in the database, then user.getPassword() will be the hash - identity.getPassword() returns the plain text password the user is authenticating with, so of course they won't be equal.
-
10. Re: Password Hashing
ok did that..
now i insert an entry manually into the database
insert into users values('admin',null,md5('admin'))after this i try to login using username/password as admin/admin...the user gets verified but the password does not..
-
11. Re: Password Hashing
Hi Shervin
I followed ur blog and now i can save hashed password in database.
I also used hash="md5" annotation
@UserPassword(hash ="md5")
public String getPassword() {
return password;
}
Now the problem is how can I log in using plain text password.
Although i am using this query
Person user = (Person)entityManager.createQuery("select p from Person p where p.userName = :username and p.password = MD5(:password)")
Its not working.
Am i misiing something.
Pratibha -
12. Re: Password Hashing
Yeah solved this like
if(user!=null) {
if (user.getPassword().equals(usrmanager.generatePasswordHash(user.getPassword(), user.getUserName())))
{
return true;
//authentication successful
}
Thanks
Pratibha. -
13. Re: Password Hashing
Ohh!! Really sorry for my previous post it should be
(user.getPassword().equals(usrmanager.generatePasswordHash(identity.getCredentials().getPassword(), identity.getCredentials().getUserName())))
I am not using identitySore and don't really know whether taht will be of any help