5.10.7 Implementation of enhanced support of authentication password encryption
Password authentication is possible even if passwords are not encrypted in the default encryption methods (SHA-2, SHA-1 or MD5) or in plain text. To provide enhanced encryption support, implementation classes must be created in advance.
This section describes the login modules that provide enhanced encryption support and the method used to implement classes for enhanced encryption support. To get an overview of enhanced encryption support, see 5.3.9 Enhanced support of authentication password encryption.
- Organization of this subsection
(1) Login modules that provide enhanced encryption support
WebPasswordLoginModule and WebPasswordJDBCLoginModule provide enhanced support of authentication password encryption.
(2) Method used to implement classes for enhanced encryption support
To achieve enhanced encryption support, the com.cosminexus.admin.auth.security.PasswordCryptography class must be inherited. The created class should be stored in the following directories as a class file.
-
Windows:
Cosminexus installation directory\manager\modules
-
UNIX:
/opt/Cosminexus/manager/modules
The directories can be changed by the com.cosminexus.admin.auth.custom.modules option in the integrated user management configuration file (ua.conf).
The following is an example of implementation in which the byte arrays are compared in the SHA-1 format.
package my; import com.cosminexus.admin.auth.security.PasswordCryptography; import java.security.*; public class CustomCryptography implements PasswordCryptography { public byte[] encrypt (byte[] plain) { byte[] encryptedPassword = null; try{ MessageDigest md = MessageDigest.getInstance("SHA"); md.update(plain); encryptedPassword = md.digest(); } catch (NoSuchAlgorithmException e) { encryptedPassword = plain; } return encryptedPassword; } }