Java Development Tools

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

SHA-1 Encryption is not working in Container managed security

JayJay ZhengFeb 10 2010 — edited Feb 11 2010

Hi,

I have to turn to your help after no luck with other possible resource.

I implemented container managed security on my apps and it works well without the encrypted password(clear text) in the table column. Now I referred OC4J Security guide to implement the password encryption as follows:

1. Using the DBTableOraDataSourceLoginModule, set the option pw_encoding_class = oracle.security.jazn.login.module.db.util.DBLoginModuleSHA1Encoder

2. run the following procedure:

DECLARE
    l_password VARCHAR2(50) := 'welcome';
    l_password_raw RAW(128) := utl_raw.CAST_TO_RAW(l_password);
    l_encrypted_raw RAW(2048);
    l_encrypted_string VARCHAR2(2048);
    l_encrypted_string2 VARCHAR2(2048);
BEGIN
    dbms_output.put_line('Password in String: ' || l_password);

    dbms_output.put_line('Password in raw: ' || l_password_raw);
    
    l_encrypted_raw := dbms_crypto.hash(l_password_raw, dbms_crypto.HASH_SH1);
    dbms_output.put_line('SH1: ' || l_encrypted_raw);
    
    l_encrypted_string := UTL_ENCODE.BASE64_ENCODE(l_encrypted_raw);
    dbms_output.put_line('Base64Encoding: ' || l_encrypted_string);
END;
/

3. update the clear text password with the SHA-1 encrypted password and encoded in Base64Encoding (in my case, it's the parameter "l_encrypted_string")

Now I run the application and login says "password not matching!" If anyone know what's going on, please advise me what's wrong...pls

thanks very much,

Locked Post

New comments cannot be posted to this locked post.

Locked on Mar 11 2010

Added on Feb 10 2010

#application-development-in-java, #jdeveloper-and-adf

1 comment

657 views