6:58 p.m.
Author: shane.bryzak(a)jboss.com
Date: 2009-04-14 19:58:24 -0400 (Tue, 14 Apr 2009)
New Revision: 10418
Added:
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/HashGenerator.java
trunk/examples/seamspace/view/hashgen.xhtml
Modified:
trunk/examples/seamspace/resources/WEB-INF/pages.xml
trunk/examples/seamspace/resources/import.sql
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/MemberAccount.java
trunk/examples/seamspace/view/home.xhtml
trunk/examples/seamspace/view/style/seamspace.css
Log:
added @PasswordSalt to account entity, added hash generator page
Modified: trunk/examples/seamspace/resources/WEB-INF/pages.xml
===================================================================
--- trunk/examples/seamspace/resources/WEB-INF/pages.xml 2009-04-14 23:56:22 UTC (rev
10417)
+++ trunk/examples/seamspace/resources/WEB-INF/pages.xml 2009-04-14 23:58:24 UTC (rev
10418)
@@ -6,12 +6,9 @@
<page view-id="/home.xhtml">
<navigation from-action="#{identity.login}">
- <!--rule if-outcome="loggedIn">
- <redirect view-id="/profile.xhtml"/>
- </rule-->
- <rule if="#{identity.loggedIn and authenticatedMember ne
null}">
- <redirect view-id="/profile.xhtml"/>
- </rule>
+ <rule if="#{identity.loggedIn and authenticatedMember ne
null}">
+ <redirect view-id="/profile.xhtml"/>
+ </rule>
</navigation>
<navigation from-action="#{register.start}">
<redirect view-id="/register.xhtml"/>
Modified: trunk/examples/seamspace/resources/import.sql
===================================================================
--- trunk/examples/seamspace/resources/import.sql 2009-04-14 23:56:22 UTC (rev 10417)
+++ trunk/examples/seamspace/resources/import.sql 2009-04-14 23:58:24 UTC (rev 10418)
@@ -7,10 +7,10 @@
insert into MemberRole (roleid, name, conditional) values (2, 'admin', false);
insert into MemberRole (roleid, name, conditional) values (3, 'friends', true);
-insert into MemberAccount (accountid, username, passwordhash, enabled, member_id) values
(1, 'demo', '/9Se/pfHeUH8FJ4asBD6jQ==', 1, 1);
-insert into MemberAccount (accountid, username, passwordhash, enabled, member_id) values
(2, 'duke', 'lykcKcxppliQQk0Pl9so8g==', 1, 2);
-insert into MemberAccount (accountid, username, passwordhash, enabled, member_id) values
(3, 'shadowman', '12rNoz/P7eYqiml534jmkA==', 1, 3);
-insert into MemberAccount (accountid, username, passwordhash, enabled, member_id) values
(4, 'mona', 'Cnrf5YBxOY4VtRd/Ss6Ekw==', 1, 4);
+insert into MemberAccount (accountid, username, passwordhash, passwordsalt, enabled,
member_id) values (1, 'demo',
'Lb9y5+2nJZ6M4dI9d1Fjy60G21jn9SCY3mpWu4AodsI=', 'dNrc6UsJxXo=', 1, 1);
+insert into MemberAccount (accountid, username, passwordhash, passwordsalt, enabled,
member_id) values (2, 'duke',
'Ci9yZp93B/Ig/ElmuBjbq7ldpLp5Dh0Qh4YTP7iquKY=', 'lyEG5QdmTME=', 1, 2);
+insert into MemberAccount (accountid, username, passwordhash, passwordsalt, enabled,
member_id) values (3, 'shadowman',
'vNY1tLpId6KQLeTXEB4yShDAyAlwV4BvfPq11HpBHzM=', 'kKBf7ZH3DDk=', 1, 3);
+insert into MemberAccount (accountid, username, passwordhash, passwordsalt, enabled,
member_id) values (4, 'mona',
'Vgt0PPvkzacu4qeLYF3USIpN79blPo5TR2JYm0Ak9xA=', 'BM0mitVT6Gg=', 1, 4);
insert into AccountMembership (accountid, memberof) values (1, 2);
insert into AccountMembership (accountid, memberof) values (2, 1);
Added: trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/HashGenerator.java
===================================================================
--- trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/HashGenerator.java
(rev 0)
+++
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/HashGenerator.java 2009-04-14
23:58:24 UTC (rev 10418)
@@ -0,0 +1,57 @@
+package org.jboss.seam.example.seamspace;
+
+import org.jboss.seam.ScopeType;
+import org.jboss.seam.annotations.In;
+import org.jboss.seam.annotations.Name;
+import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.security.management.JpaIdentityStore;
+import org.jboss.seam.security.management.PasswordHash;
+import org.jboss.seam.util.Base64;
+
+(a)Scope(ScopeType.EVENT)
+@Name("hashgenerator")
+public class HashGenerator
+{
+ @In JpaIdentityStore identityStore;
+
+ private String password;
+ private String passwordHash;
+ private String passwordSalt;
+
+ public String getPassword()
+ {
+ return password;
+ }
+
+ public void setPassword(String password)
+ {
+ this.password = password;
+ }
+
+ public String getPasswordHash()
+ {
+ return passwordHash;
+ }
+
+ public void setPasswordHash(String passwordHash)
+ {
+ this.passwordHash = passwordHash;
+ }
+
+ public String getPasswordSalt()
+ {
+ return passwordSalt;
+ }
+
+ public void setPasswordSalt(String passwordSalt)
+ {
+ this.passwordSalt = passwordSalt;
+ }
+
+ public void generate()
+ {
+ byte[] salt = PasswordHash.instance().generateRandomSalt();
+ passwordSalt = Base64.encodeBytes(salt);
+ passwordHash = identityStore.generatePasswordHash(password, salt);
+ }
+}
Modified:
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/MemberAccount.java
===================================================================
---
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/MemberAccount.java 2009-04-14
23:56:22 UTC (rev 10417)
+++
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/MemberAccount.java 2009-04-14
23:58:24 UTC (rev 10418)
@@ -14,6 +14,7 @@
import javax.persistence.UniqueConstraint;
import org.hibernate.validator.NotNull;
+import org.jboss.seam.annotations.security.management.PasswordSalt;
import org.jboss.seam.annotations.security.management.UserEnabled;
import org.jboss.seam.annotations.security.management.UserPassword;
import org.jboss.seam.annotations.security.management.UserPrincipal;
@@ -28,6 +29,7 @@
private Integer accountId;
private String username;
private String passwordHash;
+ private String passwordSalt;
private boolean enabled;
private Set<MemberRole> roles;
@@ -55,7 +57,7 @@
this.username = username;
}
- @UserPassword(hash = "MD5")
+ @UserPassword
public String getPasswordHash()
{
return passwordHash;
@@ -64,8 +66,19 @@
public void setPasswordHash(String passwordHash)
{
this.passwordHash = passwordHash;
- }
+ }
+ @PasswordSalt
+ public String getPasswordSalt()
+ {
+ return passwordSalt;
+ }
+
+ public void setPasswordSalt(String passwordSalt)
+ {
+ this.passwordSalt = passwordSalt;
+ }
+
@UserEnabled
public boolean isEnabled()
{
Added: trunk/examples/seamspace/view/hashgen.xhtml
===================================================================
--- trunk/examples/seamspace/view/hashgen.xhtml (rev 0)
+++ trunk/examples/seamspace/view/hashgen.xhtml 2009-04-14 23:58:24 UTC (rev 10418)
@@ -0,0 +1,41 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"
+ xmlns:ui="http://java.sun.com/jsf/facelets"
+ xmlns:h="http://java.sun.com/jsf/html"
+ xmlns:f="http://java.sun.com/jsf/core"
+ xmlns:s="http://jboss.com/products/seam/taglib">
+
+ <ui:composition template="template.xhtml">
+ <ui:define name="content">
+ <h1>Password Hash Generator</h1>
+
+ <p>
+ This page uses the methods in JpaIdentityStore to generate password hash values
that you can
+ use in your own application's import.sql to create default accounts for your
application.
+ </p>
+
+ <p>
+ Please note that you must have a property annotated @PasswordSalt for these hash
values to work!
+ </p>
+
+ <h:form>
+
+ <div class="formRow">
+ <h:outputLabel for="password">Enter a
password</h:outputLabel>
+ <h:inputText id="password"
value="#{hashgenerator.password}" required="true"
styleClass="wide"/>
+ <div class="validationError"><h:message
for="password"/></div>
+ </div>
+
+ <h:commandButton action="#{hashgenerator.generate}"
value="Generate hash"/>
+
+ </h:form>
+
+ <h2>Results</h2>
+
+ <div>Generated hash (base 64 encoded):
<pre>#{hashgenerator.passwordHash}</pre></div>
+ <div>Randomly generated password salt (base 64 encoded):
<pre>#{hashgenerator.passwordSalt}</pre></div>
+
+ </ui:define>
+
+ </ui:composition>
+</html>
Modified: trunk/examples/seamspace/view/home.xhtml
===================================================================
--- trunk/examples/seamspace/view/home.xhtml 2009-04-14 23:56:22 UTC (rev 10417)
+++ trunk/examples/seamspace/view/home.xhtml 2009-04-14 23:58:24 UTC (rev 10418)
@@ -15,6 +15,10 @@
been put together to demonstrate the various features of the Seam Security
API.
</p>
+ <p><b>New!</b> You can now use the <s:link
view="/hashgen.xhtml" value="Password Hash Generator"/>
+ page to generate password hashes for your own application.
+ </p>
+
</div>
<div id="contentDivider">
Modified: trunk/examples/seamspace/view/style/seamspace.css
===================================================================
--- trunk/examples/seamspace/view/style/seamspace.css 2009-04-14 23:56:22 UTC (rev 10417)
+++ trunk/examples/seamspace/view/style/seamspace.css 2009-04-14 23:58:24 UTC (rev 10418)
@@ -447,10 +447,6 @@
padding: 8px 4px 8px 12px;
}
-div.formRow {
- padding: 3px 4px 3px 2px;
-}
-
form.register label {
float: left;
display: block;
@@ -507,8 +503,7 @@
/* General form styles */
div.formRow {
- padding-top: 2px;
- padding-bottom: 2px;
+ padding: 3px 4px 3px 2px;
clear: both;
}
5702
days inactive
5702
days old
0 comments
1 participants
participants (1)
-
seam-commits@lists.jboss.org