I blogged about how you could hash your password using Seam 2.1.1 hash-user-password-in-seam-211-manually.
In the latest production release of JBoss Seam 2.1.2 and the @UserPassword annotation, an attribute of iteration is now added with a default of 1000.
We should then modify our GeneratePasswordHash method to the following:
/**
        * This method will generate a hash password
        *
        * @param password
        *            - The password in cleartext
        * @param salt
        *            - The username is used as salt
        * @return - hash password based on password and username
        */
       public static String generatePasswordHash(String password, String salt) throws GeneralSecurityException {
               char[] passToChar;
               byte[] saltToByte;
               String thePassword;
               try {
                       passToChar = password.toCharArray();
                       saltToByte = salt.getBytes();
                       AnnotatedBeanProperty<UserPassword> userPasswordProperty = new AnnotatedBeanProperty<UserPassword>(ProcessUser.class, UserPassword.class);
                       // Will get the hash value from annotation UserPassword in ProcessUser.class
                       PasswordHash.instance().setHashAlgorithm(userPasswordProperty.getAnnotation().hash().toUpperCase());
                       thePassword = PasswordHash.instance().createPasswordKey(passToChar, saltToByte, userPasswordProperty.getAnnotation().iterations());
                       return thePassword;
               } finally {
                       // Ensure that the password is not in memory
                       password = null;
                       passToChar = null;
                       salt = null;
                       saltToByte = null;
                       thePassword = null;
               }
       }
 
 

 
 Posts
Posts
 
