encrypt password with apache struts action

+------------------------+
  Jasypt Users List      
  http://www.jasypt.org  
+------------------------+
  

---

Thank you Daniel. It's our first use of a library like jasypt and we're very pleased with it. I've one more question. What would be the recommended length of the password field in our mysql database? 80 characters seem to work, is this a proper configuration?
Sincerely,
Niklas

On Wed, Apr 9, 2008 at 1:01 AM, Daniel Fernández Garrido <dfernandez@...> wrote:

+------------------------+
 Jasypt Users List
 http://www.jasypt.org
+------------------------+

Hello,

As for the use of Jasypt, this seems correct...

Regards,
Daniel.


Niklasr wrote:
> +------------------------+
>   Jasypt Users List
>   http://www.jasypt.org
> +------------------------+
>
> Here is my class which encrypts the use password in an apache struts action.
> Does it seem to work? Any feed-back will be appreciated. Thank you //Niklas
> /*
>  * PreviewAction.java
>  *
>  * Created on den 31 maj 2006, 20:05
>  *
>  */
> package marketleader;
>
> /**
>  *
>  * @author NiklasRo@...
>  */
> import javax.servlet.http.*;
> import java.util.*;
> import java.sql.*;
> import org.apache.log4j.Logger;
> import org.apache.struts.action.*;
> import org.apache.struts.util.*;
> import org.jasypt.util.password.BasicPasswordEncryptor;
> import marketleader.util.*;
>
> public class PreviewAction extends Action {
>
>     Logger log = Logger.getLogger(this.getClass());
>
>     public ActionForward execute(
>             ActionMapping mapping,
>             ActionForm form,
>             HttpServletRequest request,
>             HttpServletResponse response) throws Exception {
>         setLocale(request, new Locale("pt", "BR"));//brazilian version
>
>         String email = null;
>         String name = null;
>         String locationid = null;
>         String id = null;
>         String subject = null;
>         PreviewForm myForm = (PreviewForm) form;
>         String userPassword = myForm.getPassword();
>         BasicPasswordEncryptor passwordEncryptor = new
> BasicPasswordEncryptor();
>         String encryptedPassword =
> passwordEncryptor.encryptPassword(userPassword);
>         Connection conn = null;
>         try {
>             log.info("id:" + (String)
> request.getSession().getAttribute("id"));
>             log.info("id i request:" + (String) request.getAttribute("id"));
>             conn = DBSettings.getConnection();
>             //TODO: preparedstatement
>             String sql = "update classifieds set password='" +
> encryptedPassword + "', submitted=1 where id=" + (String)
> request.getSession().getAttribute("id");
>             Statement st = conn.createStatement();
>             st.executeUpdate(sql);
>             //TODO: preparedstatement
>             sql = "select email, locationid, name, id, subject from
> classifieds where id=" + (String) request.getSession().getAttribute("id");
>             ResultSet rs = st.executeQuery(sql);
>             if (rs.next()) {
>                 email = rs.getString("email");
>                 name = rs.getString("name");
>                 id = rs.getString("id");
>                 subject = rs.getString("subject");
>                 locationid = rs.getString("locationid");
>             }
>             st.close();
>             conn.close();
>         } catch (Exception sqlEx) {
>             log.error("SQLException", sqlEx);
>         } finally {
>             try {
>                 conn.close();
>             } catch (SQLException sqlEx) {
>                 log.error("SQLException", sqlEx);
>             }
>         }
>         request.setAttribute("ac", myForm.getAc());
>         request.getSession().setAttribute("ac",
> DBSettings.getAc(locationid));
>         MessageResources messageResources = getResources(request);
>         String congrats = messageResources.getMessage(request.getLocale(),
> "congratulations");
>         String checkingad = messageResources.getMessage(request.getLocale(),
> "checking.ad");
>         String sendingautomatedmail =
> messageResources.getMessage(request.getLocale(), "sending.automated.mail");
>         String thanksforusingourservices =
> messageResources.getMessage(request.getLocale(),
> "thanks.for.using.our.services");
>         request.setAttribute("message", "<br><br>" + congrats + " " + name +
> ".<br><br>" + checkingad + "<br>" + sendingautomatedmail + "<br>" +
> thanksforusingourservices + "<br><br>");
>         String theText = messageResources.getMessage(request.getLocale(),
> "dear") + " " + name + ",<br><br>" +
> messageResources.getMessage(request.getLocale(), "was.received") + " " +
> request.getServerName().replaceAll("www.", "") + ", " +
> messageResources.getMessage(request.getLocale(), "in.accordance.with") + "
> \"http://" " + messageResources.getMessage(request.getLocale(),
> "rules.conditions") + " " + messageResources.getMessage(request.getLocale(),
> "of.the.site");
>         theText = theText + "<br><br>" +
> messageResources.getMessage(request.getLocale(), "when.approved");
>         //theText = theText + "<br><br>A sua senha é: " + password + "";
>         theText = theText + "<br><br>" +
> messageResources.getMessage(request.getLocale(), "staff.of") + "  \"http://"
> " + request.getServerName().replaceAll("www.", "") + " " +
> messageResources.getMessage(request.getLocale(),
> "is.thankful.for.using.our.services");
>         theText = theText + "<br><br>" +
> messageResources.getMessage(request.getLocale(), "please.note") + ": Esse
> e-mail é gerado automaticamente para informação ao cliente e não deve ser
> respondido. Se você recebeu esse e-mail sem ter anunciado é possível que
> alguém tenha usado o seu e-mail por engano. Neste caso entre em contato
> conosco.";
>         theText = theText + "<br><br> \"http://" " + request.getServerName()
> + "  - O site de compra e venda";
>         new MarketMail(Constants.SMTP_SERVER, email, "info@" +
> request.getServerName().replaceAll("www.", ""),
> messageResources.getMessage(request.getLocale(), "ad.waits.approval") + ": "
> + subject, theText, request.getServerName());
>         new MarketMail(Constants.SMTP_SERVER, Constants.MODERATOR_EMAIL,
> Constants.MODERATOR_EMAIL, request.getServerName().replaceAll("www.",
> ""),(String) request.getSession().getAttribute("id")+ " was SENT IN and for
> review. You can approve or disapprove this at http://" +
> request.getServerName().replaceAll("www.", "") + "/" + Constants.CONTEXT +
> "/Moderation?id=" + (String) request.getSession().getAttribute("id"),
> request.getServerName().replaceAll("www.", ""));
>         return mapping.findForward("success");
>     }
> }
>
>


-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Register now and save $200. Hurry, offer ends at 11:59 p.m.,
Monday, April 7! Use priority code J8TLD2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
jasypt-users mailing list
jasypt-users@...
https://lists.sourceforge.net/lists/listinfo/jasypt-users

--
niklasro.googlepages.com

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

_______________________________________________
jasypt-users mailing list
jasypt-users@...
https://lists.sourceforge.net/lists/listinfo/jasypt-users