The way I encode the password is using the following create method in
UserServiceImpl:
...
public UserServiceImpl(PasswordEncoder encoder, SaltSource salt, UserDAO
userDao, Logger logger, IRoleService roleService) {
this.encoder = encoder;
this.salt = salt;
this.userDao = userDao;
this.logger = logger;
this.roleService = roleService;
}
...
public long createUser(User user) {
String clearTextPassword = user.getPassword();
user.setPassword( encoder.encodePassword(clearTextPassword,
salt.getSalt(user)));
user.addRole(roleService.findByAuthority("USER_ROLE"));
this.save(user);
return user.getId();
}
The password is stored as VARCHAR in the DB. I had suspected that as
well, but since encoder is configured in appmodule and salt and encoder
both injected, I assumed this should be fine. Do I have to implement
SaltSourceService myself?
Am 10.06.2010 10:39, schrieb Christophe Cordenier:
Have you checked that the encoder used by Spring filter is the same you use
to encode it in your DB ?
Password Encoding is made of a salt and an algorithm.
2010/6/10 Daniel Henze<dhe...@googlemail.com>
Thanks for your reply.
Yes, I did check that. And it's ok, lovely long and encrypted passwords.
Daniel
Am 10.06.2010 09:51, schrieb Christophe Cordenier:
Hi
I guess you already did it but have you checked if the password is stored
in
SHA1 ?
2010/6/10 Daniel Henze<dhe...@googlemail.com>
Hi there,
I installed Tapestry-Spring-Security and followed the installation and
configuration advise. But I have no luck as the login does not work for
me
and always returns "Username and/or password was wrong!". There was a
recent
post about the "Bad credentials" and it was the wrong SaltService at the
end, but I doubt that is the reason here as I'm following standard
installation.
I tried different approaches (the IUserService extending the
UserDetailsService and all methods implemented in UserServiceImpl) to not
setting the Password encoder and even switching from MySQL to HSQLDB and
back. It's probably just a glitch, but I'd appreciate if someone could
enlighten me.
Cheers
Daniel
-----------
My Setup:
class: User implements UserDetails
service: UserDetailsServiceImpl implements UserDetailsService
public UserDetails loadUserByUsername(String username) throws
UsernameNotFoundException, DataAccessException {
User u = userDao.findByUsername(username);
if (u != null) {
return u;
}
return null;
}
service: UserServiceImpl implements IUserService (Domain specific
methods,
e.g. User creation)
DAO: UserDAOHibernate
public User findByUsername(String username) {
return (User) session.createCriteria(User.class)
.add(Restrictions.eq("username", username))
.uniqueResult();
}
page: LoginPage and it's template
AppModule:
public static void bind(ServiceBinder binder) {
...
binder.bind(IUserService.class, UserServiceImpl.class);
}
public static void contributeApplicationDefaults(
MappedConfiguration<String, String> configuration) {
...
configuration.add("spring-security.failure.url",
"/loginpage/failed");
configuration.add("spring-security.accessDenied.url",
"/forbidden");
...
}
public static UserDetailsService buildUserDetailsService(
@Inject UserDAO userDao) {
System.out.println("Building UserDetailService");
return new UserDetailsServiceImpl(userDao);
}
public static void contributeAlias(
Configuration<AliasContribution<PasswordEncoder>>
configuration) {
configuration.add(AliasContribution.create(
PasswordEncoder.class,
new ShaPasswordEncoder()));
}
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
