You need to use the TurbineSecurity class.
If you TurbineResources.properties file is setup to use the encrypted
password service, TurbineSecurity will use that.
import org.apache.turbine.services.security.TurbineSecurity
I have a password reset function called doChange() that allows my users to
update their own password. I stripped it down for brevity
/**
* force update on user password
*/
public void doChange(RunData data, Context context)
throws Exception
{
String newPassword =
data.getParameters().getString("newPassword").trim();
String confirmNewPassword =
data.getParameters().getString("confirmNewPassword").trim();
if (!newPassword.equals(confirmNewPassword)) {
data.setMessage("Your password does not match the " +
"confirmation, please try again.");
return;
}
else {
try {
// forcePassword handles encrypting new password
IpmUser user = (IpmUser) data.getUser();
TurbineSecurity.forcePassword(user, newPassword);
data.setMessage("Your password has been changed.");
}
catch (Exception e) {
Log.error("PasswordReset doChange error: " +
e.toString());
data.setMessage("Your password was not changed due to " +
" some error in the system. Please alert the
administrator.");
}
}
}
On Tue, 11 May 2004, Ilan Azbel wrote:
> Hi,
>
> I have done what you have said, but the password still get stored in
> cleartext.
>
> Just to clarify what I am doing:
>
> 1) services.SecurityService.secure.passwords=true
> 2) install commons-codec-1.1
> 3) When I add a user I do the following:
> TurbineUser newUser = new TurbineUser();
> newUser.setEmail("[EMAIL PROTECTED]");
> newUser.setFirstName("ilan");
> newUser.setLastName("azbel");
> newUser.setPasswordValue("mypassword");
> newUser.setLoginName("ilan");
> newUser.save();
>
> Is the above correct? (I am new to Turbine so I am not sure).
>
> Ilan
>
>
>
>
>
> > -----Original Message-----
> > From: David Demner [mailto:[EMAIL PROTECTED]
> > Sent: 07 May 2004 04:53
> > To: 'Turbine Users List'
> > Subject: RE: using hashed passwords instead of clearext passwords
> >
> >
> > Hi Ilan,
> >
> > Set services.SecurityService.secure.passwords=true in your
> > TurbineResources.properties. Also you'll need to add
> > commons-codec-1.1 (NOT
> > the most recent version) to the classpath.
> >
> > Good luck,
> >
> > David
> >
> > -----Original Message-----
> > From: Ilan Azbel [mailto:[EMAIL PROTECTED]
> > Sent: Friday May 7, 2004 2:41 AM
> > To: Turbine-User
> > Subject: using hashed passwords instead of clearext passwords
> >
> >
> > Hello, how does one force Turbine to store hashed passwords in
> > the database
> > instead of cleartext passwords?
> >
> > Ilan
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
--
Regards,
Jeffery Painter
President
Kiasoft, Inc. (910) 254-9383 ext 129
- --
[EMAIL PROTECTED] http://kiasoft.com
PGP FP: 9CE8 83A2 33FA 32B1 0AB1 4E62 E4CB E4DA 5913 EFBC
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/qEQE5Mvk2lkT77wRAnMJAJ9vJ6qOkg/mvqqIpz7troCEQJ8bFACglu/U
YNXabx7DZOV2Hd9LwSTmGpY=
=dWiu
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
