-
1. Re: PasswordHash
angela Mar 26, 2011 4:32 AM (in response to angela)oups I forgot to write the question:
what is the following code (the one above) supposed to do?? is it supposed to store a crypted password in the Datatable?? -
2. Re: PasswordHash
angela Mar 27, 2011 8:08 PM (in response to angela)No one!!please I realy need to understand because I'm trying the code but it just shows the password normally.
please any explanation is very welcome...
-
3. Re: PasswordHash
khosro_question Mar 28, 2011 5:26 AM (in response to angela)If you want to store password in encrypted format in database, you must encrypt it and then save it to database.
User u=new User(); u.setUsername("user"); u.setPasswordHash(PasswordHash.instance().generateSaltedHash("yourpassword",u.getUsername(), "md5"));
if your entity is
@UserPassword(hash = "sha") public String getPasswordHash() { return passwordHash; } public void setPasswordHash(String passwordHash) { this.passwordHash =passwordHash; }
Then you must write
User u=new User(); u.setUsername("user"); u.setPasswordHash(PasswordHash.instance().generateSaltedHash("yourpassword",u.getUsername(), "sha"));
-
4. Re: PasswordHash
cbensemann Mar 28, 2011 6:13 PM (in response to angela)I'm afraid that is simply not true. While you may do that if you wish it requires you to use Seams PasswordHash component directly. You would have to use it in both your authenticate method and in the method where you persist new users. If you read the Seam reference guide you will find a section on IdentityManagers and IdentityStores. Using this means your password will be hashed and stored for you simply by annotating it as you have.
-
5. Re: PasswordHash
khosro_question Mar 29, 2011 5:17 AM (in response to angela)Hi Craig,
Do you mean that i wrote a wrong code in this post?
Khosro.
-
6. Re: PasswordHash
cbensemann Mar 29, 2011 5:37 AM (in response to angela)While not entirely wrong your post is quite misleading. Manually hashing a password is one way to deal with the solution but does not actually take advantage of the @UserPassword(hash = "md5") at all. Using an IdentityStore as I mentioned before will automatically hash the users password based on the @UserPassword(hash = "md5") annotation. This method greatly simplifies user authentication and makes use of that annotation and also does away with any need to manually call or make use of the PasswordHash component.
-
7. Re: PasswordHash
khosro_question Mar 29, 2011 6:23 AM (in response to angela)Hi Craig,
Yes.I think you are right.
Khosro.
-
8. Re: PasswordHash
angela Mar 29, 2011 11:41 AM (in response to angela)Hi Craig and Khosro,
thank you for your answers.
So if I do understand the IdentityStore with the annotation@UserPassword(hash="md5")
do actually encrypt the password??and is the password value going to be encrypted even in the datatable User??...because this is what I'm trying to do...
I've tried the following:
in components.xml
<security:identity-manager identity-store="#{ldapIdentityStore}" role-identity-store="#{jpaIdentityStore}"/>
and in my User Entity, I've used all the necessary annotations based on seam reference(@UserPrincipal,@UserPassword,@UserRoles and even Enabled), but seem not to work.
what do the passwordSalt mean??
I really appreciate your help