Marco Mistroni wrote:
Hello Ben,
thanx, following those links i was able to see the 'power' of
acegi!! it's simply great!
i have one question though..
in one of sampe sql files, password were encrypted... and i was
wondering how to deal with encryption in acegi
1 - which encryption mechanism is used?
2 - if i want to add a new user, how do i encrypt its password?
3 - how and when (and which parameter is used) for encrypting the
passsword provided via the web to acegi so that the validty can be
checked against the database?
is it hte saltSource parameter of authenticationManager?
Acegi Security doesn't have any encryption libraries. Encryption is two
directional, as in you can take unencrypted input, encrypt it, then
decrypt it back to the original. Acegi Security uses one-way hash
algorithms such as MD5 and SHA1, which take unencrypted input and
generate a hash code. A hash code cannot be used to regenerate the
original unencrypted input. The DaoAuthenticationProvider offers a
PasswordEncoder property that handles all of this. It's discussed
further at
http://acegisecurity.sourceforge.net/docbook/acegi.html#security-authentication-provider-dao
and in the JavaDocs.
where can i get the sources of the Contacts application?
CVS. Take a look at http://acegisecurity.sourceforge.net/cvs-usage.html.
Best regards
Ben
-------------------------------------------------------
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
