2 Replies Latest reply on May 20, 2004 4:12 AM by Olaso

    JAAS: How Can I encrypt a password?

    maraos Newbie

       

      "maraos" wrote:
      Hi everybody:

      I've been used JAAS DatabaseServerLoginModule.
      with two tables users and roles. The users table has password's column not encrypted.

      Question:

      How Can I use encrypt passwords with JAAS. I've heard cryptix with JBoss..but I don't know anymore..


      What do you suggest to start?

      Thanks a lot..


        • 1. Re: JAAS: How Can I encrypt a password?
          martin0 Novice

          DatabaseServerLoginModule has a hashAlgorithm module option.

          Martin

          • 2. Re: JAAS: How Can I encrypt a password?
            Olaso Newbie

            I solved it in this way. First download a JCrypt source code from:

            http://locutus.kingwoodcable.com/jfd/crypt.html

            Add to that code the following function:

            public static boolean isPasswordOK(String strCryptedPassword, String strPasswordToVerify)
             {
             String strVerif = JCrypt.crypt(strCryptedPassword,strPasswordToVerify);
             return strVerif.equals(strCryptedPassword);
             }


            And afterwards create a new class that extends from DatabaseServerLoginModule. Mine is:

            public class JCryptDatabaseServerLoginModule extends DatabaseServerLoginModule
            {
            
             /** A hook that allows subclasses to change the validation of the input
             password against the expected password. This version checks that
             neither inputPassword or expectedPassword are null that that
             inputPassword.equals(expectedPassword) is true;
             @return true if the inputPassword is valid, false otherwise.
             */
             protected boolean validatePassword(String inputPassword, String expectedPassword)
             {
             if( inputPassword == null || expectedPassword == null )
             return false;
             return JCrypt.isPasswordOK(inputPassword,expectedPassword);
             }
            }

            [/url]