5.3.9 Enhanced support of authentication password encryption
WebPasswordLoginModule and WebPasswordJDBCLoginModule allow password authentication even if the passwords stored in the repository are not encrypted in SHA-2 or SHA-1 or MD5 or in plain text.
Thanks to the enhanced support of authentication password encryption, it is possible to perform password authentication even if the passwords stored in the repository are encrypted in any non-default format. To use the enhanced support, the application developer must create the implementation class in advance.
The login module converts the entered password in HttpServletRequest to compare it to the password obtained from the database.
When com.cosminexus.admin.auth.jdbc.password.encrypt.ex is set in ua.conf (the integrated user management configuration file), the module instantiates the class implementation to convert the entered password in HttpServletRequest.
When the byte characters of the converted password completely match the password in the database, authentication is successful. The following figure shows an overview of the enhanced support of authentication password encryption.
|
|
![[Figure]](GRAPHICS/ZU102000.GIF)
To learn more about creating the implementation class, see 5.10 Implementation of API-based user authentication.