[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-3408) Define available @UserPassword hash constants as an enumeration

Jacob Orshalick (JIRA) jira-events at lists.jboss.org
Wed Sep 10 18:47:38 EDT 2008 

    [ https://jira.jboss.org/jira/browse/JBSEAM-3408?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12429020#action_12429020 ] 

Jacob Orshalick commented on JBSEAM-3408:
-----------------------------------------

Yes, on the drive home that occurred to me after looking thinking further about why PasswordHash was a component :)  My first thought was that we could simply enumerate what is defined in the crypto spec:

http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html#AppA

But, you're absolutely right that this would become limiting should someone want to provide their own algorithms.  Perhaps we could also link to the spec to provide a reference for available algorithms.

Maybe also make note that the PasswordHash component defines constants for available default algorithms?  I think this might help as well.  Thanks Shane.

> Define available @UserPassword hash constants as an enumeration
> ---------------------------------------------------------------
>
>                 Key: JBSEAM-3408
>                 URL: https://jira.jboss.org/jira/browse/JBSEAM-3408
>             Project: Seam
>          Issue Type: Feature Request
>          Components: Security
>    Affects Versions: 2.1.0.BETA1
>            Reporter: Jacob Orshalick
>            Assignee: Shane Bryzak
>            Priority: Optional
>         Attachments: HashAlgorithm.java
>
>
> As specified in the documentation, the available hash algorithm string values are the strings: md5, sha.  There is also a value of "none" which is not specified in the documentation but avoids hashing the password all-together.  It would be nice to wrap these strings with an enumeration that holds the necessary String values for a bit more type-safety when using the annotation.  This would also help to make the options it a bit more clear from a user perspective.
> The annotation could then be defined as:
> @Target({METHOD,FIELD})
> @Documented
> @Retention(RUNTIME)
> @Inherited
> public @interface UserPassword
> {
>    HashAlgorithm hash() default HashAlgorithm.MD5;
> }

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list