[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-3408) Define available @UserPassword hash constants as an enumeration
Jacob Orshalick (JIRA)
jira-events at lists.jboss.org
Wed Sep 10 18:47:38 EDT 2008
[ https://jira.jboss.org/jira/browse/JBSEAM-3408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12429020#action_12429020 ]
Jacob Orshalick commented on JBSEAM-3408:
-----------------------------------------
Yes, on the drive home that occurred to me after looking thinking further about why PasswordHash was a component :) My first thought was that we could simply enumerate what is defined in the crypto spec:
http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html#AppA
But, you're absolutely right that this would become limiting should someone want to provide their own algorithms. Perhaps we could also link to the spec to provide a reference for available algorithms.
Maybe also make note that the PasswordHash component defines constants for available default algorithms? I think this might help as well. Thanks Shane.
> Define available @UserPassword hash constants as an enumeration
> ---------------------------------------------------------------
>
> Key: JBSEAM-3408
> URL: https://jira.jboss.org/jira/browse/JBSEAM-3408
> Project: Seam
> Issue Type: Feature Request
> Components: Security
> Affects Versions: 2.1.0.BETA1
> Reporter: Jacob Orshalick
> Assignee: Shane Bryzak
> Priority: Optional
> Attachments: HashAlgorithm.java
>
>
> As specified in the documentation, the available hash algorithm string values are the strings: md5, sha. There is also a value of "none" which is not specified in the documentation but avoids hashing the password all-together. It would be nice to wrap these strings with an enumeration that holds the necessary String values for a bit more type-safety when using the annotation. This would also help to make the options it a bit more clear from a user perspective.
> The annotation could then be defined as:
> @Target({METHOD,FIELD})
> @Documented
> @Retention(RUNTIME)
> @Inherited
> public @interface UserPassword
> {
> HashAlgorithm hash() default HashAlgorithm.MD5;
> }
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the seam-issues
mailing list