This discussion is archived
4 Replies Latest reply: May 29, 2012 12:48 PM by BradW RSS

Custom Security Runtime

BradW Explorer
Currently Being Moderated
We are trying to look at the Custom Security Runtime in JHeadstart 11.1.1.3. We have it all working, but notice that the password information is stored in plain text in the JHS_USERS table. I am wondering what we would need to do in order to store a hashed value instead of plain text.

Can we implement our own Custom Login Module Class? How does that interact with the Authorization (JHeadstart or ADF)?

Any pointers would be appreciated.

Thanks,


BradW
  • 1. Re: Custom Security Runtime
    Stephen J. Journeyer
    Currently Being Moderated
    Yes, you can extend the oracle.jheadstart.controller.jsf.bean.LoginBean and override the doCustomAuthentication method and stick in an encrypter function (just remember to add the same encrypter function to the user creation process that inserts/updates the password).

    Not sure if that's the only way, but I've used the same custom class in 4 JHS projects and it works fine.
  • 2. Re: Custom Security Runtime
    BradW Explorer
    Currently Being Moderated
    What is the best way to do the user creation override if using the JhsModel? To be honest, I feel like creating a separate Model that we can do whatever we want with, such as adding the hashing to the entity object for JHS_USERS. Have you ever modified the Model supplied from JHS? Or do you just create your own model from an admin perspective.

    If you can help me with part two, that would be great and I can mark this question as answered!

    Thanks again,


    BradW
  • 3. Re: Custom Security Runtime
    BradW Explorer
    Currently Being Moderated
    I think I know the answer to part 2. We need to use ADF BC Substitutions. I see that is what the JDev team also recommends. Doing it this way, I could extend off the base class, add the one requirement to hash the value and update the model appropriately.

    Thanks,


    BradW
  • 4. Re: Custom Security Runtime
    BradW Explorer
    Currently Being Moderated
    Thanks again for pointing me in the right direction.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points