[jboss-cvs] jboss-seam/examples/seamspace/src/org/jboss/seam/example/seamspace ...
Norman Richards
norman.richards at jboss.com
Fri Feb 2 18:16:48 EST 2007
User: nrichards
Date: 07/02/02 18:16:48
Modified: examples/seamspace/src/org/jboss/seam/example/seamspace
Authenticator.java Member.java Register.java
RegisterAction.java
Log:
JBSEAM-734: md5 hash for passwords
Revision Changes Path
1.10 +24 -5 jboss-seam/examples/seamspace/src/org/jboss/seam/example/seamspace/Authenticator.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: Authenticator.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/examples/seamspace/src/org/jboss/seam/example/seamspace/Authenticator.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -b -r1.9 -r1.10
--- Authenticator.java 30 Jan 2007 23:58:07 -0000 1.9
+++ Authenticator.java 2 Feb 2007 23:16:48 -0000 1.10
@@ -29,12 +29,17 @@
{
try
{
- authenticatedMember = (Member) entityManager.createQuery(
- "from Member where username = :username and password = :password")
+ Member member = (Member) entityManager.createQuery(
+ "from Member where username = :username")
.setParameter("username", username)
- .setParameter("password", password)
.getSingleResult();
+ if (!compareHash(member.getHashedPassword(), password)) {
+ return false;
+ }
+
+ authenticatedMember = member;
+
if (authenticatedMember.getRoles() != null)
{
for (MemberRole mr : authenticatedMember.getRoles())
@@ -48,4 +53,18 @@
return false;
}
}
+
+ private boolean compareHash(String hash, String password) {
+ if (hash == null || password == null) {
+ return false;
+ }
+
+ String newHash = Hash.instance().hash(password);
+ if (newHash == null) {
+ return false;
+ }
+
+ return hash.equalsIgnoreCase(newHash);
+ }
+
}
1.18 +7 -7 jboss-seam/examples/seamspace/src/org/jboss/seam/example/seamspace/Member.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: Member.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/examples/seamspace/src/org/jboss/seam/example/seamspace/Member.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -b -r1.17 -r1.18
--- Member.java 31 Jan 2007 02:56:07 -0000 1.17
+++ Member.java 2 Feb 2007 23:16:48 -0000 1.18
@@ -59,7 +59,8 @@
private Integer memberId;
private String username;
- private String password;
+
+ private String hashedPassword;
private String memberName;
private String firstName;
private String lastName;
@@ -100,15 +101,14 @@
}
@NotNull
- @Length(min = 3, max = 20)
- public String getPassword()
+ public String getHashedPassword()
{
- return password;
+ return hashedPassword;
}
- public void setPassword(String password)
+ public void setHashedPassword(String hashedPassword)
{
- this.password = password;
+ this.hashedPassword = hashedPassword;
}
@NotNull
1.8 +2 -0 jboss-seam/examples/seamspace/src/org/jboss/seam/example/seamspace/Register.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: Register.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/examples/seamspace/src/org/jboss/seam/example/seamspace/Register.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -b -r1.7 -r1.8
--- Register.java 2 Feb 2007 16:39:52 -0000 1.7
+++ Register.java 2 Feb 2007 23:16:48 -0000 1.8
@@ -9,6 +9,8 @@
void start();
void next();
void uploadPicture() throws LoginException;
+ String getPassword();
+ void setPassword(String password);
String getConfirm();
void setConfirm(String confirm);
String getGender();
1.10 +18 -5 jboss-seam/examples/seamspace/src/org/jboss/seam/example/seamspace/RegisterAction.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: RegisterAction.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/examples/seamspace/src/org/jboss/seam/example/seamspace/RegisterAction.java,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -b -r1.9 -r1.10
--- RegisterAction.java 2 Feb 2007 16:39:52 -0000 1.9
+++ RegisterAction.java 2 Feb 2007 23:16:48 -0000 1.10
@@ -15,7 +15,6 @@
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Out;
-import org.jboss.seam.core.Conversation;
import org.jboss.seam.core.FacesMessages;
import org.jboss.seam.security.CaptchaService;
import org.jboss.seam.security.Identity;
@@ -36,8 +35,10 @@
/**
* Password confirmation
*/
+ private String password;
private String confirm;
+
private String gender;
private byte[] picture;
@@ -59,13 +60,15 @@
{
newMember.setGender(Member.Gender.valueOf(gender.toLowerCase()));
- verified = (confirm != null && confirm.equals(newMember.getPassword()));
+ verified = (confirm != null && confirm.equals(password));
if (!verified)
{
FacesMessages.instance().add("confirmPassword", "Passwords do not match");
}
+ newMember.setHashedPassword(Hash.instance().hash(password));
+
try
{
if (!CaptchaService.instance().getService().validateResponseForID(
@@ -109,10 +112,20 @@
// Login the user
identity.setUsername(newMember.getUsername());
- identity.setPassword(newMember.getPassword());
+ identity.setPassword(password);
identity.login();
}
+ public String getPassword()
+ {
+ return password;
+ }
+
+ public void setPassword(String password)
+ {
+ this.password = password;
+ }
+
public String getConfirm()
{
return confirm;
More information about the jboss-cvs-commits
mailing list