1 Reply Latest reply on May 22, 2008 12:00 AM by Dan Allen

    compare hashed passwords during login

    Kevin T. Newbie

      I have normal login which compares password and email. Now my passwords are stored as md5-hash.
      I dont know how to split the query to hash to login-password.


      code:


      public boolean login() {
                
                try {
                     HashMapperAction hashPassword = new HashMapperAction(); //hashPassword.hash(password)
                     User user = (User) em.createQuery(
                               "from User where email = :username and password = :password")
                               .setParameter("username", identity.getUsername())
                               .setParameter("password", identity.getPassword())
                               .getSingleResult();
      
                     if(user.getUserRoles() != null) {
                          for(UserRole ur : user.getUserRoles())
                          identity.addRole(ur.getType().toString());
                     }
                     
                     activeUser = user;
                               
                     return true;
                }catch(NoResultException ex)  {
                     return false;
                }
           }


      HashMapperAction.hash() is the method which build md5-hash, it works for storing the passwords.


      now  i need an advice to compare these passwords in login process. thx