On Mon, Apr 14, 2008 at 8:06 AM, koevet <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I'm looking into porting some Appfuse 2.x code to an old Appfuse 1.9
> application and I have noticed some changes in the security model (password
> encryption).
> I have also noticed that the UserDao now exposes a new method named:
>
> String getUserPassword(String username);
>
> The implementation classes (UserDaoHibernate) has the following code for
> the getUserPassword method:
>
> public String getUserPassword(String username) {
> SimpleJdbcTemplate jdbcTemplate =
> new
> SimpleJdbcTemplate(SessionFactoryUtils.getDataSource(getSessionFactory()));
> Table table = AnnotationUtils.findAnnotation(User.class, Table.class);
> return jdbcTemplate.queryForObject(
> "select password from " + table.name() + " where username=?", String.class,
> username);
> }
> I don't quite understand why an Hibernate implementation class includes
> some Jdbc specific code. Am I missing something? Thanks Luciano
If we used Hibernate, we'd end up loading the User object which is
already in the session and would therefore do a dirty check and commit
it. It wouldn't give us the original password, but rather the modified
one. I tried to implement this code using Hibernate-only and it simply
didn't work. If you figure out how to do it, we'd be happy to accept
your contribution.
Matt
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
