I blogged about how you could hash your password using Seam 2.1.1 hash-user-password-in-seam-211-manually.
In the latest production release of JBoss Seam 2.1.2 and the @UserPassword annotation, an attribute of iteration is now added with a default of 1000.
We should then modify our GeneratePasswordHash method to the following:
/**
* This method will generate a hash password
*
* @param password
* - The password in cleartext
* @param salt
* - The username is used as salt
* @return - hash password based on password and username
*/
public static String generatePasswordHash(String password, String salt) throws GeneralSecurityException {
char[] passToChar;
byte[] saltToByte;
String thePassword;
try {
passToChar = password.toCharArray();
saltToByte = salt.getBytes();
AnnotatedBeanProperty<UserPassword> userPasswordProperty = new AnnotatedBeanProperty<UserPassword>(ProcessUser.class, UserPassword.class);
// Will get the hash value from annotation UserPassword in ProcessUser.class
PasswordHash.instance().setHashAlgorithm(userPasswordProperty.getAnnotation().hash().toUpperCase());
thePassword = PasswordHash.instance().createPasswordKey(passToChar, saltToByte, userPasswordProperty.getAnnotation().iterations());
return thePassword;
} finally {
// Ensure that the password is not in memory
password = null;
passToChar = null;
salt = null;
saltToByte = null;
thePassword = null;
}
}