Announcement Announcement Module
No announcement yet.
Acegi can been integrated if a login user has two passwords? Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Acegi can been integrated if a login user has two passwords?

    How to integrate my application with acegi while a user has two passwords or a user has a password and a certificate?
    thanks for advice.

  • #2
    I try this way to integrate my application with Acegi while a user has two passwords,but i don't think this is a good idea,is there any solutions to this question:
    1、extends class net.sf.acegisecurity.ui.webapp.AuthenticationProce ssingFilter and put two passwords in my class.the following code is in my subclass:
    public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY = "j_password";
    public static final String ACEGI_SECURITY_FORM_PASSWORD_KEY2 = "j_password2";
    UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username,password+"\b"+password2);
    2、rewrite my DaoAuthenticationProvider(just rewrite the isPasswordCorrect() method),my code is:
        protected boolean isPasswordCorrect(Authentication authentication,
            UserDetails user) {
            Object salt = null;
            if (this.saltSource != null) {
                salt = this.saltSource.getSalt(user);
            String input_passwords= authentication.getCredentials().toString();
            String[] psd = input_passwords.split("\b");
            String database_passwords=user.getPassword();
            String[] psd2 = database_passwords.split("\b");
            return ((passwordEncoder.isPasswordValid(psd[0],psd2[0], salt))
                    &&(passwordEncoder.isPasswordValid(psd[1],psd2[1], salt)));
    3、the input_passwords is from the class AuthenticationProcessingFilter,and the database_passwords is from my useSystem.I use the following code to get my database_passwords:
     SecurityUser us = new SecurityUser(ps.getAccount(),ps.getPassword()+"\b"+ps.getPassword(),true,true,true,ga);


    • #3
      You're on the right track. Override AuthenticationProcessingFilter.obtainPassword(Http ServletRequest request) to return a concenated password. Then just edit your custom AuthenticationDao to return the concenated password is the UserDetails.getPassword(). There shouldn't be any need to edit DaoAuthenticationProvider.