Announcement Announcement Module
Collapse
No announcement yet.
How to use a SHA1 hashed password with Wss4jSecurityInterceptor(UsernameToken) Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to use a SHA1 hashed password with Wss4jSecurityInterceptor(UsernameToken)

    I want to use a validate the password passed by the client against the SHA1 hashed password stored in the server.

    As I went through the Wss4jSecurityInterceptor, the option is to write my own validationCallbackHandler, but as I see we have to pass a plain text password in the WSPasswordCallback. Since in my case what I've is SHA1 hashed value of the original password, so I cannot get back the plain text password from the original password.

    The way to validate a password against a SHA1 hashed original password is to hash the password given by the client and compare it with the SHA1 hash of the original password.

    So what is the best way to overcome this problem?
Working...
X