Problem
I need to hash user password on entity level (not on Controller level) and @Converter seems to be right choice, with JavaEE, no spring.
Show me the code
Here the code using Jpa AttributeConverter:
import java.nio.charset.StandardCharsets;
import javax.inject.Inject;
import javax.persistence.AttributeConverter;
import javax.persistence.Converter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.google.common.hash.Hashing;
@Converter
public class JPACryptoConverter implements AttributeConverter<String, String> {
private static Logger logger = LoggerFactory.getLogger(JPACryptoConverter.class);
private String salt = "helloWorld";
@Inject
private UserRepository userRepository;
@Override
public String convertToDatabaseColumn(String sensitive) {
return Hashing.sha512().hashString(salt + sensitive, StandardCharsets.UTF_8).toString();
}
@Override
public String convertToEntityAttribute(String sensitive) {
String tmp = Hashing.sha512().hashUnencodedChars(sensitive).toString();
return tmp.substring(0, salt.length());
}
}
I want to substitute salt string to entity defined salt on user table, but how to get this information ?
In order to get this information, I need to access userRepository using entity id and get salt, there is a way to find this information using @Converter ?
Note: I have tried with lifecycle listeners, preload, preupdate, prepersist, but because I'm using jpa Criteria, listeners are called after the query
I don't know exactly what you want, is that you want hash the user's pw before store into db? You create a converter and want to using it? something to do is add @Convert(converter = JPACryptoConverter.class)
@Entity
class UserEntity {
@Column(name = "pw")
@Convert(converter = JPACryptoConverter.class)
private String pw;
}
And please remove @Converter from your JPACryptoConverter. It just:
public class JPACryptoConverter implements AttributeConverter<String, String>...
not:
@Converter
public class JPACryptoConverter implements AttributeConverter<String, String>...
//To using Strong pw hash
public static String hash(String plainPassword) {
if (StringUtils.isBlank(plainPassword)) {
throw new EmptyPasswordException("Password could not be empty");
}
return BCrypt.hashpw(plainPassword, BCrypt.gensalt());
}
public static boolean checkPassword(String plainPassword, String hash) {
return BCrypt.checkpw(plainPassword, hash);
}
If it`s for Authentication in SpringBoot then you should use a WebSecurityConfigurereAdapter and implement the configure method. and have something like this:
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsServiceImpl).passwordEncoder(passwordEncoder());
}
private PasswordEncoder passwordEncoder() {
return new PasswordEncoder() {
@Override
public String encode(CharSequence charSequence) {
return charSequence.toString();
}
@Override
public boolean matches(CharSequence charSequence, String s) {
return charSequence.toString().equals(s);
}
};
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.