[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3408) Define available @UserPassword hash constants as an enumeration
11:25 a.m.
Define available @UserPassword hash constants as an enumeration
---------------------------------------------------------------
Key: JBSEAM-3408
URL: https://jira.jboss.org/jira/browse/JBSEAM-3408
Project: Seam
Issue Type: Feature Request
Components: Security
Affects Versions: 2.1.0.BETA1
Reporter: Jacob Orshalick
Priority: Optional
As specified in the documentation, the available hash algorithm string values are the
strings: md5, sha. There is also a value of "none" which is not specified in
the documentation but avoids hashing the password all-together. It would be nice to wrap
these strings with an enumeration that holds the necessary String values for a bit more
type-safety when using the annotation. This would also help to make the options it a bit
more clear from a user perspective.
The annotation could then be defined as:
@Target({METHOD,FIELD})
@Documented
@Retention(RUNTIME)
@Inherited
public @interface UserPassword
{
HashAlgorithm hash() default HashAlgorithm.MD5;
}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
11:29 a.m.
New subject: [jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-3408) Define available @UserPassword hash constants as an enumeration
[
https://jira.jboss.org/jira/browse/JBSEAM-3408?page=com.atlassian.jira.pl...
]
Jacob Orshalick updated JBSEAM-3408:
------------------------------------
Attachment: HashAlgorithm.java
Attaching potential HashAlgorithm enumeration. If you would like me to implement the full
solution, please let me know. Will require a patch to the JpaIdentityStore.
Define available @UserPassword hash constants as an enumeration
---------------------------------------------------------------
Key: JBSEAM-3408
URL: https://jira.jboss.org/jira/browse/JBSEAM-3408
Project: Seam
Issue Type: Feature Request
Components: Security
Affects Versions: 2.1.0.BETA1
Reporter: Jacob Orshalick
Priority: Optional
Attachments: HashAlgorithm.java
As specified in the documentation, the available hash algorithm string values are the
strings: md5, sha. There is also a value of "none" which is not specified in
the documentation but avoids hashing the password all-together. It would be nice to wrap
these strings with an enumeration that holds the necessary String values for a bit more
type-safety when using the annotation. This would also help to make the options it a bit
more clear from a user perspective.
The annotation could then be defined as:
@Target({METHOD,FIELD})
@Documented
@Retention(RUNTIME)
@Inherited
public @interface UserPassword
{
HashAlgorithm hash() default HashAlgorithm.MD5;
}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5:18 p.m.
New subject: [jbossseam-issues] [JBoss JIRA] Closed: (JBSEAM-3408) Define available @UserPassword hash constants as an enumeration
[
https://jira.jboss.org/jira/browse/JBSEAM-3408?page=com.atlassian.jira.pl...
]
Shane Bryzak closed JBSEAM-3408.
--------------------------------
Resolution: Won't Fix
Assignee: Shane Bryzak
The problem with doing that, is that there are many other hash algorithms which we
don't implement, and the PasswordHash class was specifically implemented as a Seam
component so that it would be possible to extend it to support other algorithms. I will
improve the documentation in this area though, I didn't realise that I'd forgotten
to include the "none" value.
Define available @UserPassword hash constants as an enumeration
---------------------------------------------------------------
Key: JBSEAM-3408
URL: https://jira.jboss.org/jira/browse/JBSEAM-3408
Project: Seam
Issue Type: Feature Request
Components: Security
Affects Versions: 2.1.0.BETA1
Reporter: Jacob Orshalick
Assignee: Shane Bryzak
Priority: Optional
Attachments: HashAlgorithm.java
As specified in the documentation, the available hash algorithm string values are the
strings: md5, sha. There is also a value of "none" which is not specified in
the documentation but avoids hashing the password all-together. It would be nice to wrap
these strings with an enumeration that holds the necessary String values for a bit more
type-safety when using the annotation. This would also help to make the options it a bit
more clear from a user perspective.
The annotation could then be defined as:
@Target({METHOD,FIELD})
@Documented
@Retention(RUNTIME)
@Inherited
public @interface UserPassword
{
HashAlgorithm hash() default HashAlgorithm.MD5;
}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5:47 p.m.
New subject: [jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-3408) Define available @UserPassword hash constants as an enumeration
[
https://jira.jboss.org/jira/browse/JBSEAM-3408?page=com.atlassian.jira.pl...
]
Jacob Orshalick commented on JBSEAM-3408:
-----------------------------------------
Yes, on the drive home that occurred to me after looking thinking further about why
PasswordHash was a component :) My first thought was that we could simply enumerate what
is defined in the crypto spec:
http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html#AppA
But, you're absolutely right that this would become limiting should someone want to
provide their own algorithms. Perhaps we could also link to the spec to provide a
reference for available algorithms.
Maybe also make note that the PasswordHash component defines constants for available
default algorithms? I think this might help as well. Thanks Shane.
Define available @UserPassword hash constants as an enumeration
---------------------------------------------------------------
Key: JBSEAM-3408
URL: https://jira.jboss.org/jira/browse/JBSEAM-3408
Project: Seam
Issue Type: Feature Request
Components: Security
Affects Versions: 2.1.0.BETA1
Reporter: Jacob Orshalick
Assignee: Shane Bryzak
Priority: Optional
Attachments: HashAlgorithm.java
As specified in the documentation, the available hash algorithm string values are the
strings: md5, sha. There is also a value of "none" which is not specified in
the documentation but avoids hashing the password all-together. It would be nice to wrap
these strings with an enumeration that holds the necessary String values for a bit more
type-safety when using the annotation. This would also help to make the options it a bit
more clear from a user perspective.
The annotation could then be defined as:
@Target({METHOD,FIELD})
@Documented
@Retention(RUNTIME)
@Inherited
public @interface UserPassword
{
HashAlgorithm hash() default HashAlgorithm.MD5;
}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5899
days inactive
5899
days old
3 comments
2 participants
participants (2)
-
Jacob Orshalick (JIRA) -
Shane Bryzak (JIRA)