[
https://issues.apache.org/jira/browse/ISIS-2884?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andi Huber updated ISIS-2884:
-----------------------------
Issue Type: Bug (was: Improvement)
> Passwords not matching after restart
> ------------------------------------
>
> Key: ISIS-2884
> URL: https://issues.apache.org/jira/browse/ISIS-2884
> Project: Isis
> Issue Type: Bug
> Reporter: Daniel Keir Haywood
> Assignee: Andi Huber
> Priority: Major
> Fix For: 2.0.0
>
>
> When I restart the web app the old passwords don’t work.
>
> I think this might be the cause of that:
>
> @Service
> @Named("isis.ext.secman.PasswordEncryptionServiceUsingJBcrypt")
> @javax.annotation.Priority(PriorityPrecedence.MIDPOINT)
> @Qualifier("JBCrypt")
> public class PasswordEncryptionServiceUsingJBcrypt implements
> PasswordEncryptionService {
> private String salt;
> private String getSalt() {
> if (salt == null) {
> salt = BCrypt.gensalt();
> }
> return salt;
> }
> @Override
> public String encrypt(String password) {
> return password == null ? null : BCrypt.hashpw(password, getSalt());
> }
> That looks like the salt is set on the service and would be different after
> the service is used following an app restart.
>
> One solution might be a variant that picks up the salt from a property file.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
