powered by Jive Software

Encode password with MD5

Is DefaultAuthProvider class provide all user’'s authentications?

I modified authenticate(String username, String password) method:

pstmt.setString(2, md5.getMD5ofStr(password.trim())); // encode password with MD5

Finally, admin console login successfully, but other jive client login failed.

Thanks,

-Rosen

Hi!

Did you also change DefaultUserProvider.createUser(…)?

  • Jörg

EDIT: You may also look at this http://www.jivesoftware.org/forums/thread.jspa?threadID=13920&tstart=15

Message was edited by:

Jörg Weinmann

Hi Jörg,

Thanks for your attention! I did not change DefaultUserProvider.createUser(…) method, i cannot use MD5 login indeed (only admin user login “Admin Console” successfully but other jive client login Jive server failed).

Could anybody post a detail info explaining “How to” ?

Thanks

-Rosen

Hi Rosen,

I think what Jörg is trying to say is that you need to make sure that anywhere a database operation takes place involving a password you need to make sure to use the StringUtils.hash() method. If you do not, sometimes the passwords are going to be stored in plaintext and other times they will be hashed, so when you try to match them you will run into troubles.

I have not tried to implement the password encoding myself but after doing a quick search you will want to change the following methods:

DefaultUserProvider.createUser(); //line ~107

DefaultUserProvider.setPassword(); //line ~366

DefaultAuthProvider.authenticate() //line ~49

/code

I might have missed a spot or two where you will need to make the changes, so be sure to look through DefaultUserProvider and DefaultAuthProvider yourself for anyplace a password is used.

Hope that helps,

Ryan