1 Reply Latest reply on Mar 5, 2010 7:31 PM by fuzzy333

    org.jboss.seam.security.passwordHash should be stateful

    fuzzy333
    fuzzy333 Mar 5, 2010 5:13 PM

      org.jboss.seam.security.passwordHash is annotated with


      @Scope(STATELESS)
@Name("org.jboss.seam.security.passwordHash")
@Install(precedence = BUILT_IN)
@BypassInterceptors



      so a stateless component (potentially one shared instance for all, not thread safe) and a few lines down we have:


      private String hashAlgorithm = null;
private int saltLength = 8;



      This is just plain wrong or am I missing/forgetting something?

      • 92 Views
      • Tags:
        • 1. Re: org.jboss.seam.security.passwordHash should be stateful
          fuzzy333
          fuzzy333 Mar 5, 2010 7:31 PM (in response to fuzzy333)

          ...and I suppose I should mention that those attributes are mutable:


             public String getHashAlgorithm()
   {
      return hashAlgorithm;
   }
   
   public void setHashAlgorithm(String hashAlgorithm)
   {
      this.hashAlgorithm = hashAlgorithm;
   }
   
   public int getSaltLength()
   {
      return saltLength;
   }
   
   public void setSaltLength(int saltLength)
   {
      this.saltLength = saltLength;
   }



            • Actions