Encrypt passwords

Contains useful source code for specific use cases.

Encrypt passwords

Postby rjahn » Thu Jun 06, 2013 7:29 pm

We don't encrypt passwords on client-side and not in the database. We use our middleware for that. It's super easy with server-side triggers/events:

Add the method:

Code: Select all
 * Encrypts a password, if password is changed.
 * @param pEvent the storage event
 * @throws Exception if encryption or data change fails
public void doEncryptPwd(StorageEvent pEvent) throws Exception
   IBean bn = pEvent.getNew();

   String sNew = (String)bn.get("PASSWORD");
   String sOld;

   IBean bnOld = pEvent.getOld();

   if (bnOld != null)
      sOld = (String)bnOld.get("PASSWORD");
      sOld = null;

   if (!CommonUtil.equals(sOld, sNew))
      //use the configuration of the selected application!
      bn.put("PASSWORD", AbstractSecurityManager.getEncryptedPassword(
                           SessionContext.getCurrentSession().getConfig(), sNew));

to your life-cycle object e.g. Session.java.

Add an event to your storage

Code: Select all
//example storage
dbsUser = new DBStorage();

dbsUser.eventBeforeInsert().addListener(this, "doEncryptPwd");
dbsUser.eventBeforeUpdate().addListener(this, "doEncryptPwd");

As last step, you need the password algorithm in your config.xml:

Code: Select all
<?xml version="1.0" encoding="UTF-8"?>


Choose one of the following algorithm: MD2, MD4, MD5, SHA, SHA-256, SHA-384, SHA-512
Posts: 29
Joined: Sun Sep 13, 2009 1:54 pm

Return to Code snippets