tags:

views:

596

answers:

2
+1  Q: 

Acegi password encryption

Hi! I am using the acegi groovy plugin for user registration and authentication. The User domain class which comes with the plug-in has the following definition (and comments).

class User {
static transients = ['pass']
static hasMany = [authorities: Role]
static belongsTo = Role

/** Username */
String username
/** User Real Name*/
String userRealName
/** MD5 Password */
String passwd
/** enabled */
boolean enabled

String email
boolean emailShow

/** description */
String description = ''
...

}

and so on. Therefore I've assumed that the password encryption method is MD5.

I have to register many thousand of users, generating a random password for each user. (username is already given).

I wrote a script which generates random -plain- passwords and MD5 Encrypted paswords and make the respective inserts into the DB. Unfortunately none of these users can log in.

Is the acegi security plug in using MD5 encryption?

Seems to be that it is using something else. Unfortunately I didn't find anything at the documentation.

Anybody knows how is this encryption done?

Thanks!

Luis

+1  A: 

If you are using DaoAuthenticationProvider and do not set the passwordEncoder property, the default password encoder is PlaintextPasswordEncoder. To configure an MD5 password encoder, do

  <bean
      id="passwordEncoder"
      class="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/>

  <bean
      id="daoAuthenticationProvider"
      class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
    <property name="userDetailsService" ref="userDetailsService"/>
    <property name="passwordEncoder" ref="passwordEncoder"/>
  </bean>
Jim Huang  2009-09-24 15:43:26
Thanks for your answer. +1 for you. No, I didn't set anything. Now, I found at the DefaultSecurityConfig.groovy that the algorithm is 'SHA'.Do you know how to generate SHA-encrypted passwords?Thanks!
Luixv  2009-09-24 16:00:38
echo -n password | openssl sha1
Roshan  2009-09-24 21:35:29
Thanks Roshanico!
Luixv  2009-09-25 06:53:04
A: 

or you could use the authenticateService.encodePassword("password"). See the plugin's RegisterController's save method for example

aldrin  2010-06-02 16:53:46

related questions

What are some good security questions?
What's a good alternative to security questions?
Protect embedded password
How do you generate passwords?
Should I impose a maximum length on passwords?
How best to generate a random string in Ruby
What is the best way to check the strength of a password?
In a client-server application: How to send to the DB the user's application password?
How does your company manage credentials?
Replacing plain text password for app
How to implement password protection for individual files?
Password generation, best practice
Unique key generation
Generating Random Passwords
Oracle lost sysdba password
How does one decrypt a PDF with an owner password, but no user password?
Storing Windows passwords.
How do I avoid having the database password stored in plaintext in sourcecode?
How do I write Firefox add-on that automatically enters proxy passwords?
How to store passwords in Winforms application?
Two-way password encryption without ssl
Disable browser 'Save Password' functionality
Simple password encryption
Best way to store a database password in a startup script / config file?
Encrypting Passwords