yes, the null point exception is in these rows
if((pwcb.getIdentifier().equals("bob")) &&
(passwordforchecking.equals(pasandsalt[0])) )
and
passwordforchecking =
hash(pwcb.getPassword(),Base64.decodeBase64(pasandsalt[1]));
But the problem that drives me really mad is that I'm sure that I extract the
password and salt from the database because I have tested getdataforchecking in
java application and everything is fine
So I really don't know what to do?
and I should only use eclipse and axis2
-----------------------------------
I've made some changes to my Passwordcallback class so here is again my code
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException
{
for (int i = 0; i < callbacks.length; i++)
{
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
try {
pasandsalt = getdataforChecking();
} catch (ClassNotFoundException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
try {
passwordforchecking =
hash(pwcb.getPassword(),Base64.decodeBase64(pasandsalt[1]));
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
if((pwcb.getIdentifier().equals("bob")) &&
(passwordforchecking.equals(pasandsalt[0])) )
{
return;
}
}
}
private static String hash(String password, byte[] salt) throws Exception
{
SecretKeyFactory f =
SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 65536,
256);
return
Base64.encodeBase64String(f.generateSecret(spec).getEncoded());
}
public static String[] getdataforChecking() throws ClassNotFoundException
{
String[] arr = new String [2];
Connection conn = null;
Class.forName("org.postgresql.Driver");
try
{
conn = DriverManager.getConnection(
"jdbc:postgresql://localhost:5432/plovdivbizloca",
"postgres", "tan");
}
catch (SQLException ex)
{
ex.printStackTrace();
}
Statement mystmt = null;
String selectQuery = "select * from passwordforservice;";
try
{
mystmt = conn.createStatement();
ResultSet mysr = mystmt.executeQuery(selectQuery);
while (mysr.next())
{
arr[0] = mysr.getString(1);
arr[1]= mysr.getString(2);
}
}
catch (Exception ex)
{
ex.printStackTrace();
}
return arr;
}
}
________________________________
From: robert lazarski <[email protected]>
To: Tania Marinova <[email protected]>
Cc: "[email protected]" <[email protected]>
Sent: Wednesday, May 8, 2013 12:54 PM
Subject: Re: org.apache.axis2.AxisFault: The security token could not be
authenticated or authorized
On Wed, May 8, 2013 at 3:06 AM, Tania Marinova <[email protected]> wrote:
>
> I store the hashed password but also the salt in a separate column (because
> I should hash then the plain text password with the same same hash)
>
IMHO you are not doing this correctly, you want to store the result of
the salt + hash, ie digest, in only one db column as a Base64 String.
Plus you are getting an NPE because either your password is null, or
the constructor of PBEKeySpec is throwing the NPE because your salt is
null. I can't tell from the stacktrace but the error is on line 68 of
your PWCB class.
As I mentioned in another email, I suggest using a higher level API
like Jasypt to create the digest, then only store that result in just
one column in the db.
- R
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
