problem in authentication
hai
I have created LoginAuthentication module in struts...
for security purpose I am using MAC to encrypt the given password and then stored it in database from RegistrationForm.
During authentication time also I have calculated mac value for the given password and I compared that calculated MAC value with the MAC value retrieved from the database I am getting failure page not getting success page. But I am getting the success page when I am using File to store and retrieve the mac value.
can any one tell me the solution,please...........
Thanks in advance
haican't you understand my question?please reply........thanks
Please post the code in questionManuel Leiria
thanks for ur kind reply...
here is my Registration code
..........
String pass=register.getPass();
byte[] b=pass.getBytes();
String str="userkey";
char[] c=str.toCharArray();
PBEKeySpec pbe=new PBEKeySpec(c);
SecretKetFactory seckey=SecretKeyFactory.getInstance("PBEWithMD5AndDES");
SecretKey key=seckey.generateSecret(pbe);
Mac mac=Mac.getInstance("HmacSHA1");
mac.init(key);
byte[] macbytes=mac.doFinal(b);
String ms=new String(macbytes);
using PreparedStatement I have inserted my values into the database and I am retrieving data from database and stored it in Vector.
here is my LoginAction class....
public ActionForward execute(ActionMapping mapping,.........................)
{
LoginForm loginForm=(LoginForm) form;
String username=loginForm.getUsername();
String password=loginForm.getPassword();
byte[] b=password.getBytes();
String str="userkey";
char[] c=str.toCharArray();
PBEKeySpec pbe=new PBEKeySpec(c);
SecretKetFactory seckey=SecretKeyFactory.getInstance("PBEWithMD5AndDES");
SecretKey key=seckey.generateSecret(pbe);
Mac mac=Mac.getInstance("HmacSHA1");
mac.init(key);
byte[] macbytes=mac.doFinal(b);
String newmac=new String(macbytes);
here i am retrieving data from vector
Vector vector;
int i;
String st[];
for(i=0;i<vector.size();i++)
{
st=(String) vector.get(i);
}
if(username.equals(st[0])&&newmac.equals(st[1]))//here is bug.........
{
return mapping.findForward("success");
}
else
return mapping.findForward("failure");
}
Please tell me the solution..........>
May be the field in the database is truncating some chars. Have you checked that?If the code works for a file and doesn't work with the database, it might have to do with truncation.Manuel Leiria
Ya I have checked that also, like
-
String s=st[1].trim();
if(username.equals(st[0])&&newmac.equals(s))
{
return mapping.findForward("success")
}
else
return mapping.findForward("failure")
even I have tried with StringTokenizer too,
but it has forwarding to failure page only.....
can you tell me further what to do,please...
thanks...
I think there is no chance of truncation in database because the length of calculated MAC value is 19 and I have fixed the field size in database is varchar(50)......
I thoutht it may add some null characters in database thats why I tried with trim() and StringTokenizer....
thilagavathi
haiI am still having the same problem....Where I am doing mistake?.Can anyone tell me the solution, please......Thanks in advance..........
> String ms=new String(macbytes);Here's your problem. Don't do that. String is not a container for binary data. Either base64-encode it or use a database Blob to store it.
ejpa at 2007-7-12 21:26:35 >
>Thanks for your reply...Just I have converted into String and then I have stored it Database only....
Don't.
ejpa at 2007-7-12 21:26:35 >
hai
I have stored stringformat MAC value in my database using PreparedStatement.
I am getting String from user after that I am calculating MAC value for the same and then I am storing it in database, How could I use Blob for the string which is I am getting from user?, is it possible? if so please give me some more details to use Blob,please...
here is my code
String query="insert into sample values(?,?)";
Class.forName("-").newInstance();
Connection conn=dataSource.getConnection();
PreparedStatement pst=conn.prepareStatement(query);
.................
pst.setString(2,pass);
pst.executeUpdate();
Please help me............
Thanks in advance.............
Like I said, don't use Strings to hold binary data. It doesn't work, there are losses in both directions. You have to find another solution between the MAC bytep] array and the database.
> I am getting String from user after that I am
> calculating MAC value for the same and then I am
> storing it in database, How could I use Blob for the
> string which is I am getting from user?
No, use the Blob to store the calculated MAC in its original byte[] format. Look up Blob in your database documentation.If you can't change the database, you have to convert the MAC byte[] array into a String via base-64 encoding, and base-64-decode it when you want to treat it as a MAC byte[] array again. Base-64 encoding. Look it up.
ejpa at 2007-7-12 21:26:35 >
haiI have used Blob to store the data into database as well as to retrieve from database, I got output for the same..........Thanks for your kind and valuable replies............Thank you very much!!!!!!!!!!!!RegardsThilagavathi
