-
1. Re: get user encrypted password after saving the user
thanh_tung_do Jan 27, 2013 11:58 PM (in response to andy00)Hello,
This line:
{code:java}
organizationService.getUserHandler().createUserInstance(username);
{code}should be:
{code:java}user =
organizationService.getUserHandler().createUserInstance(username);
{code}
{code:java}
String encryptedPw = UsersDAO.getEncyptedPw(username_clean);{code}
Would you like provice the package of "
UsersDAO" ?
-
2. Re: get user encrypted password after saving the user
hoang_to Jan 28, 2013 3:08 AM (in response to andy00)I think you missed the config for passwordAsAttribute . Make sure that you have
<field name="passwordAsAttribute">
<boolean>true</boolean>
</field>
in the configuration of org.exoplatform.services.organization.idm.PicketLinkIDMOrganizationServiceImpl
-
3. Re: get user encrypted password after saving the user
hoang_to Jan 28, 2013 3:11 AM (in response to andy00)Anyway, why did you need to get back the password? For authenticate purpose, there is already authenticate method
-
4. Re: get user encrypted password after saving the user
andy00 Jan 31, 2013 6:34 AM (in response to andy00)Thanks for your answers.
@Minh: according to gatein documentation, setting passwordAsAttribute to true means that passwords are stored as plain text (not encrypted), but I want them to be encrypted in db. By the way, I need password not for auth purpose, but beacause I need to call a web service to update an exteral system.
@tung: I will try to chage (one day...now we don't have time!) that statement and see what happens.
Anyway, for now we have removed that piece of code.
-
5. Re: get user encrypted password after saving the user
hoang_to Jan 31, 2013 8:29 PM (in response to andy00)You need password for authorization on called web service? If it is the case, using OAuth protocol (with GateIn as OAuth provider and the web service as OAuth consumer) enables you to call web service without having to send user password.
-
6. Re: get user encrypted password after saving the user
trong.tran Feb 1, 2013 12:09 AM (in response to andy00)Actually I still don't get why you need to get the password, Andy ? For me, we should not touch to the persisted password (even with encrypted one) in most of cases.
Could you describe your usecase / need in details ? So we might provide a proper solution to solve it.
-
7. Re: get user encrypted password after saving the user
andy00 Feb 1, 2013 5:10 AM (in response to trong.tran)I don't want to touch the password and I don't need it for authorization.
We have a page in which we can create a new user via gatein API. The customer requirement is to send the encrypted password to another system, calling a web service (actually, i don't know why...).
-
8. Re: get user encrypted password after saving the user
trong.tran Feb 2, 2013 2:49 AM (in response to andy00)So you probably need to set up passwordAsAttribute to get back the plain password and encrypt it by yourself before sending to another system if needed.
Anyway I highly recommend you to clarify the usecase with customer to find out the best solution, as it's not a normal business to touch the password in most of case.