This is how my entity processes my password.
I grab a salt, massage the password and store it.
public void setEncodedPassword(String encodedPassword)
{
this.encodedPassword = encodedPassword;
}
public void setPassword(String password)
{
if (password != null && !password.equals(encodedPassword) &&
!"".equals(password))
{
ByteSource saltSource = new
SecureRandomNumberGenerator().nextBytes();
this.passwordSalt = new String(saltSource.getBytes());
this.encodedPassword = new Sha1Hash(password,
saltSource).toString();
}
}
But I am wondering is subsequent credentials matching needs supplemental
attention.
My login form attempts to enter the system with username/password right off the
form text...
example administrator/administrator
But my entity password is stored and hashed encrypted.
