Announcement Announcement Module
Collapse
No announcement yet.
help: encrypt password in controller after submit Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • help: encrypt password in controller after submit

    hey guys, what i am attempting to do is i have a form for creating a new Consumer and i want to get the consumer password after the form has been submitted and encrypt it as SHA-256, (i've set up Spring Security to retrieve the username and the password(as SHA-256) but the issue i am having at the moment is i am trying to follow this code http://code.google.com/p/spring-roo-...template?r=135, so far this has lead me nowhere, is there a better method i can use to try and get what i would like in the controller?

    the other thing i was thinking was if it's possible to assign password as SHA-256 in the entity

  • #2
    hey guys i've managed to get it to store the password as sha-256 (i think) in the database but now i am having an issue with the login system

    in the applicationContext-security.xml file
    i have this :
    Code:
    <authentication-manager alias="authenticationManager">
    <!-- DAO Based Security -->
    <authentication-provider>
    <password-encoder hash="sha-256"/>
    <jdbc-user-service data-source-ref="dataSource"
    users-by-username-query="SELECT A.username AS username, A.password AS password, A.enabled AS enabled FROM admin A where A.username=?"
    authorities-by-username-query="SELECT A.username as username, A.password as password, R.name as authority FROM admin A left join admin_roles AR on A.id=AR.admin left join roles R on AR.roles = A.id WHERE A.username=?"/>
    </authentication-provider>
    </authentication-manager>
    in my controller adminController.java i have this

    Code:
    	try
    	{
    	MessageDigest md = MessageDigest.getInstance("SHA-256");
    	md.update(admin.getPassword().getBytes());
    	String hash = (new BASE64Encoder().encode(md.digest()));
    	admin.setPassword(hash);
    	} catch (NoSuchAlgorithmException e) {
    	}

    this is the hash i get from linux if i type "echo adam | sha256sum": f3fd8f664c016fec4372773c6b6ac06d0789857297b2473bcd 33fba523dad5fc
    this is the hash that is stored in the database generated from the controller: 9/N2ofzQ0OEaEO0bZXfJl4TTprvmabHRP65D62RjT24=

    i presume the hash i retrieve from linux is the correct hash but if i manually update a record in the admin table with the linux generated hash i still get the same result from the login system, why?

    Comment


    • #3
      can anyone help me with this issue? i have no idea how i can go about trying to solve this issue

      Comment


      • #4
        Originally posted by adam2510 View Post
        can anyone help me with this issue? i have no idea how i can go about trying to solve this issue
        I have the same problem.
        However I noticed that the calculated field of SpringSecurity should be the standard as well as SHA-256 is generated from this site

        This should be stored on the database without base64 encoding.



        Code:
        public void setPassword(String password) {
        	        MessageDigest md;
        	        byte[] digest=null;
        			try {
        				md = MessageDigest.getInstance("SHA-256");
        				md.update(password.getBytes("UTF-8"));
        				digest = md.digest();
        			} catch (NoSuchAlgorithmException e) {
        				// TODO Auto-generated catch block
        				e.printStackTrace();
        			} catch(UnsupportedEncodingException e){
        				// TODO Auto-generated catch block
        				e.printStackTrace();
        			}
        		
        		this.password = new String(Hex.encodeHex(digest));
            }
        Hope that was helpful.
        Last edited by giamak; Jul 4th, 2012, 03:45 PM.

        Comment

        Working...
        X