Move the MD5 hashing algorithm into Authenticator where it belongs.
This commit is contained in:
j2blake
parent
7cc000e674
commit
39622d8b2b
7 changed files with 37 additions and 30 deletions
|
|
@ -2,10 +2,14 @@
|
|||
|
||||
package edu.cornell.mannlib.vitro.webapp.controller.authenticate;
|
||||
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.List;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.apache.commons.codec.binary.Hex;
|
||||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.User;
|
||||
|
||||
|
|
@ -115,4 +119,25 @@ public abstract class Authenticator {
|
|||
*/
|
||||
public abstract void recordUserIsLoggedOut();
|
||||
|
||||
// ----------------------------------------------------------------------
|
||||
// Public utility methods.
|
||||
// ----------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
* Apply MD5 to this string, and encode as a string of hex digits. Just
|
||||
* right for storing passwords in the database, or hashing the password
|
||||
* link.
|
||||
*/
|
||||
public static String applyMd5Encoding(String raw) {
|
||||
try {
|
||||
MessageDigest md = MessageDigest.getInstance("MD5");
|
||||
byte[] digest = md.digest(raw.getBytes());
|
||||
char[] hexChars = Hex.encodeHex(digest);
|
||||
return new String(hexChars).toUpperCase();
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
// This can't happen with a normal Java runtime.
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -66,8 +66,7 @@ public class BasicAuthenticator extends Authenticator {
|
|||
return false;
|
||||
}
|
||||
|
||||
String md5NewPassword = Authenticate
|
||||
.applyMd5Encoding(clearTextPassword);
|
||||
String md5NewPassword = applyMd5Encoding(clearTextPassword);
|
||||
return md5NewPassword.equals(user.getMd5password());
|
||||
}
|
||||
|
||||
|
|
@ -90,7 +89,7 @@ public class BasicAuthenticator extends Authenticator {
|
|||
return;
|
||||
}
|
||||
user.setOldPassword(user.getMd5password());
|
||||
user.setMd5password(Authenticate.applyMd5Encoding(newClearTextPassword));
|
||||
user.setMd5password(applyMd5Encoding(newClearTextPassword));
|
||||
getUserDao().updateUser(user);
|
||||
}
|
||||
|
||||
|
|
@ -226,7 +225,7 @@ public class BasicAuthenticator extends Authenticator {
|
|||
if (iDao == null) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
|
||||
String selfEditorUri = SelfEditingConfiguration.getBean(request)
|
||||
.getIndividualUriFromUsername(iDao, username);
|
||||
if (selfEditorUri == null) {
|
||||
|
|
@ -313,15 +312,15 @@ public class BasicAuthenticator extends Authenticator {
|
|||
if (wadf == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
IndividualDao individualDao = wadf.getIndividualDao();
|
||||
if (individualDao == null) {
|
||||
log.error("getIndividualDao: no IndividualDao");
|
||||
}
|
||||
|
||||
|
||||
return individualDao;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Get a reference to the WebappDaoFactory, or null.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -493,22 +493,6 @@ public class Authenticate extends VitroHttpServlet {
|
|||
// Public utility methods.
|
||||
// ----------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
* Encode this password for storage in the database. Apply an MD5 encoding,
|
||||
* and store the result as a string of hex digits.
|
||||
*/
|
||||
public static String applyMd5Encoding(String password) {
|
||||
try {
|
||||
MessageDigest md = MessageDigest.getInstance("MD5");
|
||||
byte[] digest = md.digest(password.getBytes());
|
||||
char[] hexChars = Hex.encodeHex(digest);
|
||||
return new String(hexChars).toUpperCase();
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
// This can't happen with a normal Java runtime.
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* The servlet context should contain a map from User URIs to
|
||||
* {@link HttpSession}s. Get a reference to it, creating it if necessary.
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.ManageUser
|
|||
import edu.cornell.mannlib.vitro.webapp.beans.User;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.authenticate.Authenticator;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.UserDao;
|
||||
|
||||
public class UserRetryController extends BaseEditController {
|
||||
|
|
@ -355,7 +356,7 @@ public class UserRetryController extends BaseEditController {
|
|||
log.error("Can't encode a null password");
|
||||
}
|
||||
|
||||
String encodedPassword = Authenticate.applyMd5Encoding(rawPassword);
|
||||
String encodedPassword = Authenticator.applyMd5Encoding(rawPassword);
|
||||
log.trace(action + ": Raw password '" + rawPassword
|
||||
+ "', encoded '" + encodedPassword + "'");
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue