01: package dinamica.security;
02:
03: import java.util.HashMap;
04: import javax.servlet.http.HttpServletRequest;
05: import dinamica.*;
06:
07: /**
08: * This is not a validator. it is used more like
09: * a value transformer. It will transform the parameter
10: * with name "passwd" into a MD5 hash using the following
11: * combination: userlogin:passwd<br>
12: * This validator must be used after all the other validators,
13: * because it does assume that the password and userogin parameters
14: * have been already validated.
15: * <br><br>
16: * Creation date: 10/03/2004<br>
17: * Last Update: 10/03/2004<br>
18: * (c) 2004 Martin Cordova<br>
19: * This code is released under the LGPL license<br>
20: * @author Martin Cordova (dinamica@martincordova.com)
21: * */
22: public class PasswordEncryptor extends AbstractValidator {
23:
24: /* (non-Javadoc)
25: * @see dinamica.AbstractValidator#isValid(javax.servlet.http.HttpServletRequest, dinamica.Recordset, java.util.HashMap)
26: */
27: @SuppressWarnings("unchecked")
28: public boolean isValid(HttpServletRequest req,
29: Recordset inputParams, HashMap attribs) throws Throwable {
30:
31: if (inputParams.isNull("userlogin"))
32: inputParams.setValue("userlogin", getSession()
33: .getAttribute("dinamica.userlogin"));
34:
35: if (inputParams.isNull("userlogin"))
36: inputParams.setValue("userlogin", getUserName());
37:
38: //retrieve values
39: String userid = inputParams.getString("userlogin");
40: String password = inputParams.getString("passwd");
41:
42: //create MD5 hash using the string: userlogin:passwd
43: java.security.MessageDigest md = java.security.MessageDigest
44: .getInstance("MD5");
45: byte[] b = (userid + ":" + password).getBytes();
46: byte[] hash = md.digest(b);
47: String pwd = Base64.encodeToString(hash, true);
48:
49: //set the "passwd" parameter value to the MD5 hash
50: inputParams.setValue("passwd", pwd);
51:
52: //always return true
53: return true;
54:
55: }
56:
57: }
|