axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robert lazarski <robertlazar...@gmail.com>
Subject Re: org.apache.axis2.AxisFault: The security token could not be authenticated or authorized
Date Wed, 08 May 2013 09:54:18 GMT
On Wed, May 8, 2013 at 3:06 AM, Tania Marinova <taniamm2002@yahoo.com> wrote:
>
> I store the hashed password but also the salt in a separate column (because
> I should hash then the plain text password with the same same hash)
>

IMHO you are not doing this correctly, you want to store the result of
the salt + hash, ie digest, in only one db column as a Base64 String.
Plus you are getting an NPE because either your password is null, or
the constructor of PBEKeySpec is throwing the NPE because your salt is
null. I can't tell from the stacktrace but the error is on line 68 of
your PWCB class.

As I mentioned in another email, I suggest using a higher level API
like Jasypt to create the digest, then only store that result in just
one column in the db.

- R

---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscribe@axis.apache.org
For additional commands, e-mail: java-user-help@axis.apache.org


Mime
View raw message