Daniel Keir Haywood created ISIS-2884:
-----------------------------------------
Summary: Passwords not matching after restart
Key: ISIS-2884
URL: https://issues.apache.org/jira/browse/ISIS-2884
Project: Isis
Issue Type: Improvement
Reporter: Daniel Keir Haywood
Fix For: 2.0.0
When I restart the web app the old passwords don’t work.
I think this might be the cause of that:
@Service
@Named("isis.ext.secman.PasswordEncryptionServiceUsingJBcrypt")
@javax.annotation.Priority(PriorityPrecedence.MIDPOINT)
@Qualifier("JBCrypt")
public class PasswordEncryptionServiceUsingJBcrypt implements
PasswordEncryptionService {
private String salt;
private String getSalt() {
if (salt == null) {
salt = BCrypt.gensalt();
}
return salt;
}
@Override
public String encrypt(String password) {
return password == null ? null : BCrypt.hashpw(password, getSalt());
}
That looks like the salt is set on the service and would be different after the
service is used following an app restart.
One solution might be a variant that picks up the salt from a property file.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
