8 Replies Latest reply on Mar 29, 2011 11:41 AM by angela

PasswordHash

angela Mar 25, 2011 11:31 AM

Hello everybody!

a simple question:
what the

@UserPassword(hash = "md5")
     public String getPasswordHash() {
          return passwordHash;
     }

     public void setPasswordHash(String passwordHash) {
          
          
          this.passwordHash =passwordHash;
     }

I'm very confused because I thought first that it encrypted the password but i get nothing
please if some can help me, or explain to me

1. Re: PasswordHash

angela Mar 26, 2011 4:32 AM (in response to angela)

oups I forgot to write the question:
what is the following code (the one above) supposed to do?? is it supposed to store a crypted password in the Datatable??
Actions
2. Re: PasswordHash

angela Mar 27, 2011 8:08 PM (in response to angela)

No one!!please I realy need to understand because I'm trying the code but it just shows the password normally.

please any explanation is very welcome...
Actions

3. Re: PasswordHash

khosro_question Mar 28, 2011 5:26 AM (in response to angela)

If you want to store password in encrypted format in database, you must encrypt it and then save it to database.

User u=new User();
u.setUsername("user");
u.setPasswordHash(PasswordHash.instance().generateSaltedHash("yourpassword",u.getUsername(), "md5"));

if your entity is

@UserPassword(hash = "sha")
     public String getPasswordHash() {
          return passwordHash;
     }

     public void setPasswordHash(String passwordHash) {
     
          this.passwordHash =passwordHash;
     }

Then you must write

User u=new User();
u.setUsername("user");
u.setPasswordHash(PasswordHash.instance().generateSaltedHash("yourpassword",u.getUsername(), "sha"));

4. Re: PasswordHash

cbensemann Mar 28, 2011 6:13 PM (in response to angela)

I'm afraid that is simply not true. While you may do that if you wish it requires you to use Seams PasswordHash component directly. You would have to use it in both your authenticate method and in the method where you persist new users. If you read the Seam reference guide you will find a section on IdentityManagers and IdentityStores. Using this means your password will be hashed and stored for you simply by annotating it as you have.
Actions
5. Re: PasswordHash

khosro_question Mar 29, 2011 5:17 AM (in response to angela)

Hi Craig,

Do you mean that i wrote a wrong code in this post?

Khosro.
Actions
6. Re: PasswordHash

cbensemann Mar 29, 2011 5:37 AM (in response to angela)

While not entirely wrong your post is quite misleading. Manually hashing a password is one way to deal with the solution but does not actually take advantage of the @UserPassword(hash = "md5") at all. Using an IdentityStore as I mentioned before will automatically hash the users password based on the @UserPassword(hash = "md5") annotation. This method greatly simplifies user authentication and makes use of that annotation and also does away with any need to manually call or make use of the PasswordHash component.
Actions
7. Re: PasswordHash

khosro_question Mar 29, 2011 6:23 AM (in response to angela)

Hi Craig,

Yes.I think you are right.

Khosro.
Actions
8. Re: PasswordHash

angela Mar 29, 2011 11:41 AM (in response to angela)
Hi Craig and Khosro,
thank you for your answers.
So if I do understand the IdentityStore with the annotation

@UserPassword(hash="md5")

do actually encrypt the password??and is the password value going to be encrypted even in the datatable User??...because this is what I'm trying to do...

I've tried the following:

in components.xml

<security:identity-manager identity-store="#{ldapIdentityStore}" role-identity-store="#{jpaIdentityStore}"/>

and in my User Entity, I've used all the necessary annotations based on seam reference(@UserPrincipal,@UserPassword,@UserRoles and even Enabled), but seem not to work.

what do the passwordSalt mean??
I really appreciate your help
Actions

Go to original post