Built with Seam
You can find the full source code for this website in the Seam package in the directory /examples/wiki. It is licensed under the LGPL.
| Online: | 3 Members of 8199 |
| Forum: Seam Users |
 |
02. Jul 2009, 14:57 CET | Link |
I want to hash(md5) the password while storing in the database.
So i use the following :
@Column(name = "password", length = 50)
@UserPassword(hash = "md5")
@Length(max = 50)
public String getPassword() {
return this.password;
}
public void setPassword(String password) {
this.password = password;
}
i also store one md5 hashed password in the database manually.
Now, i use the Authenticator....but it does not work..
The Authentication Logic
//Retrieving User whose login name matches
Users user = (Users) entityManager
.createQuery(
"SELECT users FROM Users users WHERE users.name = :userName")
.setParameter("userName", identity.getUsername())
.getSingleResult();
this.user = user;
//User does not exist
if (user == null) {
log.info("No such user " + identity.getUsername());
return false;
}
//User Exists
log.info("Yes such user " + identity.getUsername());
if(identity.getPassword().equals(user.getPassword()))
{
log.info("Yes such password " + identity.getUsername());
return true;
}
CAN ANYONE TELL ME WHERE I AM GOING WRONG?
DO I NEED TO DO ANYTHING ADDITIONAL?
So i use the following :
@Column(name = "password", length = 50)
@UserPassword(hash = "md5")
@Length(max = 50)
public String getPassword() {
return this.password;
}
public void setPassword(String password) {
this.password = password;
}
i also store one md5 hashed password in the database manually.
Now, i use the Authenticator....but it does not work..
The Authentication Logic
//Retrieving User whose login name matches
Users user = (Users) entityManager
.createQuery(
"SELECT users FROM Users users WHERE users.name = :userName")
.setParameter("userName", identity.getUsername())
.getSingleResult();
this.user = user;
//User does not exist
if (user == null) {
log.info("No such user " + identity.getUsername());
return false;
}
//User Exists
log.info("Yes such user " + identity.getUsername());
if(identity.getPassword().equals(user.getPassword()))
{
log.info("Yes such password " + identity.getUsername());
return true;
}
CAN ANYONE TELL ME WHERE I AM GOING WRONG?
DO I NEED TO DO ANYTHING ADDITIONAL?
You can have a look here:
Seam 2.1.2
Or if you are using 2.1.1, look here: Seam 2.1.1
They might be helpful.
My blog
i have read it before but not quite understood it...
Then tell me what is your problem.
My blog
String userName = identity.getCredentials().getUsername();
String password = identity.getCredentials().getPassword();
Thanks Muruga
Not a problem with ...because the username is getting verfied...its the md5 hashed password in the db that is not getting verified.
Use the password hash generator page in the Seamspace example to compare the hash with the one you have in your database. I'm guessing that you're not calculating it correctly (possibly missing a salt value, etc).
I tried using the SAME hash generator used in Seamspace (Hash.java) with my code:
@Column(name = "password", length = 50) @UserPassword(hash = "md5") @Length(max = 50) public String getPassword() { return this.password; } public void setPassword(String password) { this.password = password; } //Retrieving User whose login name matches Users user = (Users) entityManager .createQuery( "SELECT users FROM Users users WHERE users.name = :userName") .setParameter("userName", identity.getUsername()) .getSingleResult(); this.user = user; //User does not exist if (user == null) { log.info("No such user " + identity.getUsername()); return false; } //User Exists log.info("Yes such user " + identity.getUsername()); if(identity.getPassword().equals(user.getPassword())) { log.info("Yes such password " + identity.getUsername()); return true; }now, No password is encrypted while entering in databse. im too confused..please help
Did you tried to print received and stored passwords to the logs? Maybe there is just simple problem, like .equals() instead of .equalsIgnoreCase() or something like that?
Why are you comparing identity.getPassword() with user.getPassword()? If you're hashing your passwords in the database, then user.getPassword() will be the hash - identity.getPassword() returns the plain text password the user is authenticating with, so of course they won't be equal.
ok did that.. now i insert an entry manually into the database insert into users values('admin',null,md5('admin'))
after this i try to login using username/password as admin/admin...the user gets verified but the password does not..
I followed ur blog and now i can save hashed password in database.
I also used hash="md5" annotation
@UserPassword(hash ="md5")
public String getPassword() {
return password;
}
Now the problem is how can I log in using plain text password.
Although i am using this query
Person user = (Person)entityManager.createQuery("select p from Person p where p.userName = :username and p.password = MD5(:password)")
Its not working.
Am i misiing something.
Pratibha
if(user!=null) {
if (user.getPassword().equals(usrmanager.generatePasswordHash(user.getPassword(), user.getUserName())))
{
return true;
//authentication successful
}
Thanks
Pratibha.
(user.getPassword().equals(usrmanager.generatePasswordHash(identity.getCredentials().getPassword(), identity.getCredentials().getUserName())))
I am not using identitySore and don't really know whether taht will be of any help