An alternative to appending something to the encrypted password string that
you can check to determine if the password requires encryption or not is to
change the access method from PROPERTY to FIELD (map the fields instead of the
getter method).
This will allow the persistence provider to inject the value as stored in the
database on the field and allow you to define behaviour to the getter and
setter methods independently; allowing you to encrypt the data. Each entity
can only have a single access method; so you'll have to make the same change
for all your mapped columns in this entity.
For a two-way hash my preference is to create a user type that encrypts and
decrypts the data as it is sent to or retrieved from the database. (Hibernate
specific)
| @Column(name = "password", nullable = false, length = 255)
| private String password;
|
| public String getPassword() {
| return this.password;
| }
|
|
| public void setPassword(String password) {
| this.password = Util.createPasswordHash("MD5",
Util.BASE64_ENCODING, null, null, password);
| }
|
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4069197#4069197
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4069197
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
