0
public Login authenticate(Login login) {
         String query = "SELECT L FROM Login AS L WHERE L.email=? AND L.password=?";
         Object[] parameters = { login.getEmail(), login.getPassword() };
         List<Login> resultsList = (getHibernateTemplate().find(query,parameters));
         if (resultsList.isEmpty()) {
             //error dude
         }
         else if (resultsList.size() > 1) {
             //throw expections
         }
         else {
           Login login1 = (Login) resultsList.get(0);
           return login1;
         }       
       return null;  
    }

I have my DB tables password col set as MD5, now how to retrieve it back here.

Qwerky
  • 18,217
  • 6
  • 44
  • 80
theJava
  • 14,620
  • 45
  • 131
  • 172

2 Answers2

2

You'll have to hash the password and pass the hash as a parameter. Some thing like:

String hash = hash(login.getPassword());
Object[] parameters = { login.getEmail(), hash };

For how to implement the hash(..) method, see this question. However, avoid MD5. Use SHA instead.

Community
  • 1
  • 1
Bozho
  • 588,226
  • 146
  • 1,060
  • 1,140
  • Can u covert my method and show it using SHA as i am not able to figure out from the post. which class does contain hash method – theJava Jan 10 '11 at 15:39
  • NO such algorithim i get when i try MessageDigest md = MessageDigest.getInstance("SHA-256"); – theJava Jan 10 '11 at 15:43
  • Works fine here. Your environment is somehow wrong. Or you mistyped it. – Bozho Jan 10 '11 at 15:46
  • You might want to consider salting it too. What version of Java are you using? If your version is old (1.4 or earlier) or you're not using Sun's JRE it might not support SHA-256 and you might need an external security provider, such as Bouncy Castle. OWASP has a run down of java credential checking and storage here; http://www.owasp.org/index.php/Hashing_Java – Qwerky Jan 10 '11 at 16:47
1

I beleive you would want to convert your L.password to md5 before calling the authenticate.

See this useful link

import java.security.*;

..

byte[] bytesOfMessage = yourString.getBytes("UTF-8");

MessageDigest md = MessageDigest.getInstance("MD5");
byte[] thedigest = md.digest(bytesOfMessage);
Community
  • 1
  • 1
VoodooChild
  • 9,776
  • 8
  • 66
  • 99
  • Can u covert my method and show it using SHA as i am not able to figure out from the post. which class does contain hash method – theJava Jan 10 '11 at 15:42
  • @theJava: Bozho has a good link in his answer comment. Try using http://stackoverflow.com/questions/3103652/hash-string-via-sha-256-in-java/3103727#3103727 answer. – VoodooChild Jan 10 '11 at 16:12