axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robert lazarski <>
Subject Re: org.apache.axis2.AxisFault: The security token could not be authenticated or authorized
Date Wed, 08 May 2013 09:54:18 GMT
On Wed, May 8, 2013 at 3:06 AM, Tania Marinova <> wrote:
> I store the hashed password but also the salt in a separate column (because
> I should hash then the plain text password with the same same hash)

IMHO you are not doing this correctly, you want to store the result of
the salt + hash, ie digest, in only one db column as a Base64 String.
Plus you are getting an NPE because either your password is null, or
the constructor of PBEKeySpec is throwing the NPE because your salt is
null. I can't tell from the stacktrace but the error is on line 68 of
your PWCB class.

As I mentioned in another email, I suggest using a higher level API
like Jasypt to create the digest, then only store that result in just
one column in the db.

- R

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message