8 Replies Latest reply on Feb 2, 2013 2:49 AM by trong.tran

    get user encrypted password after saving the user

    andy00

      Hi, I need to get the user encrypted password stored in gatein table and I use this query:

       

      select TEXT from JBID_IO a join JBID_IO_CREDEN b
                  on a.ID = b.IDENTITY_OBJECT_ID and a.NAME = '<username>' and b.CREDENTIAL_TYPE = 5
      

       

      This query works well when I select the password of a already exsisting user.

      The problem occurs when I create a new user via gatein API:

       

      OrganizationService organizationService = (OrganizationService)PortalContainer.getInstance().getComponentInstanceOfType(OrganizationService.class);
      organizationService.getUserHandler().createUserInstance(username);
      ....
      // other user settings
      ....
      // Deprecated but previuos developers say we need it...
      user.setUserName(username_clean);
      ...
      ....
      organizationService.getUserHandler().createUser(user);
      
      //This method execute the initial query
      String encryptedPw = UsersDAO.getEncyptedPw(username_clean);
      

       

      encryptedPw is null!

        • 1. Re: get user encrypted password after saving the user
          thanh_tung_do

          Hello,

          This line:

          {code:java}

          organizationService.getUserHandler().createUserInstance(username);
          {code}

          should be:
          {code:java}

          user = organizationService.getUserHandler().createUserInstance(username);

          {code}

           

          {code:java}
          String encryptedPw = UsersDAO.getEncyptedPw(username_clean);

          {code}

          Would you like provice the package of "UsersDAO" ?

          • 2. Re: get user encrypted password after saving the user
            hoang_to

            I think you missed the config for passwordAsAttribute . Make sure that you have

             

             

            <field name="passwordAsAttribute">

               <boolean>true</boolean>

            </field>

             

            in the configuration of org.exoplatform.services.organization.idm.PicketLinkIDMOrganizationServiceImpl

            • 3. Re: get user encrypted password after saving the user
              hoang_to

              Anyway, why did you need to get back the password? For authenticate purpose, there is already authenticate method

              • 4. Re: get user encrypted password after saving the user
                andy00

                Thanks for your answers.

                @Minh: according to gatein documentation, setting passwordAsAttribute to true means that passwords are stored as plain text (not encrypted), but I want them to be encrypted in db. By the way, I need password not for auth purpose, but beacause I need to call a web service to update an exteral system.

                 

                @tung: I will try to chage (one day...now we don't have time!) that statement and see what happens.

                 

                Anyway, for now we have removed that piece of code.

                • 5. Re: get user encrypted password after saving the user
                  hoang_to

                  You need password for authorization on called web service? If it is the case, using OAuth protocol (with GateIn as OAuth provider and the web service as OAuth consumer) enables you to call web service without having to send user password.

                  • 6. Re: get user encrypted password after saving the user
                    trong.tran

                    Actually I still don't get why you need to get the password, Andy ? For me, we should not touch to the persisted password (even with encrypted one) in most of cases.

                     

                    Could you describe your usecase / need in details ? So we might provide a proper solution to solve it.

                    • 7. Re: get user encrypted password after saving the user
                      andy00

                      I don't want to touch the password and I don't need it for authorization.

                      We have a page in which we can create a new user via gatein API. The customer requirement is to send the encrypted password to another system, calling a web service (actually, i don't know why...).

                      • 8. Re: get user encrypted password after saving the user
                        trong.tran

                        So you probably need to set up passwordAsAttribute to get back the plain password and encrypt it by yourself before sending to another system if needed.

                         

                        Anyway I highly recommend you to clarify the usecase with customer to find out the best solution, as it's not a normal business  to touch the password in most of case.