Announcement Announcement Module
No announcement yet.
help: encrypt password in controller after submit Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • help: encrypt password in controller after submit

    hey guys, what i am attempting to do is i have a form for creating a new Consumer and i want to get the consumer password after the form has been submitted and encrypt it as SHA-256, (i've set up Spring Security to retrieve the username and the password(as SHA-256) but the issue i am having at the moment is i am trying to follow this code, so far this has lead me nowhere, is there a better method i can use to try and get what i would like in the controller?

    the other thing i was thinking was if it's possible to assign password as SHA-256 in the entity

  • #2
    hey guys i've managed to get it to store the password as sha-256 (i think) in the database but now i am having an issue with the login system

    in the applicationContext-security.xml file
    i have this :
    <authentication-manager alias="authenticationManager">
    <!-- DAO Based Security -->
    <password-encoder hash="sha-256"/>
    <jdbc-user-service data-source-ref="dataSource"
    users-by-username-query="SELECT A.username AS username, A.password AS password, A.enabled AS enabled FROM admin A where A.username=?"
    authorities-by-username-query="SELECT A.username as username, A.password as password, as authority FROM admin A left join admin_roles AR on left join roles R on AR.roles = WHERE A.username=?"/>
    in my controller i have this

    	MessageDigest md = MessageDigest.getInstance("SHA-256");
    	String hash = (new BASE64Encoder().encode(md.digest()));
    	} catch (NoSuchAlgorithmException e) {

    this is the hash i get from linux if i type "echo adam | sha256sum": f3fd8f664c016fec4372773c6b6ac06d0789857297b2473bcd 33fba523dad5fc
    this is the hash that is stored in the database generated from the controller: 9/N2ofzQ0OEaEO0bZXfJl4TTprvmabHRP65D62RjT24=

    i presume the hash i retrieve from linux is the correct hash but if i manually update a record in the admin table with the linux generated hash i still get the same result from the login system, why?


    • #3
      can anyone help me with this issue? i have no idea how i can go about trying to solve this issue


      • #4
        Originally posted by adam2510 View Post
        can anyone help me with this issue? i have no idea how i can go about trying to solve this issue
        I have the same problem.
        However I noticed that the calculated field of SpringSecurity should be the standard as well as SHA-256 is generated from this site

        This should be stored on the database without base64 encoding.

        public void setPassword(String password) {
        	        MessageDigest md;
        	        byte[] digest=null;
        			try {
        				md = MessageDigest.getInstance("SHA-256");
        				digest = md.digest();
        			} catch (NoSuchAlgorithmException e) {
        				// TODO Auto-generated catch block
        			} catch(UnsupportedEncodingException e){
        				// TODO Auto-generated catch block
        		this.password = new String(Hex.encodeHex(digest));
        Hope that was helpful.
        Last edited by giamak; Jul 4th, 2012, 02:45 PM.