This blog is mainly about Java...

Sunday, June 28, 2009

Iteration on password is added in JBoss Seam 2.1.2

I blogged about how you could hash your password using Seam 2.1.1 hash-user-password-in-seam-211-manually.

In the latest production release of JBoss Seam 2.1.2 and the @UserPassword annotation, an attribute of iteration is now added with a default of 1000.

We should then modify our GeneratePasswordHash method to the following:

* This method will generate a hash password
* @param password
* - The password in cleartext
* @param salt
* - The username is used as salt
* @return - hash password based on password and username
public static String generatePasswordHash(String password, String salt) throws GeneralSecurityException {
char[] passToChar;
byte[] saltToByte;
String thePassword;
try {
passToChar = password.toCharArray();
saltToByte = salt.getBytes();
AnnotatedBeanProperty<UserPassword> userPasswordProperty = new AnnotatedBeanProperty<UserPassword>(ProcessUser.class, UserPassword.class);
// Will get the hash value from annotation UserPassword in ProcessUser.class
thePassword = PasswordHash.instance().createPasswordKey(passToChar, saltToByte, userPasswordProperty.getAnnotation().iterations());
return thePassword;
} finally {
// Ensure that the password is not in memory
password = null;
passToChar = null;
salt = null;
saltToByte = null;
thePassword = null;

No comments: