Jasypt with Hibernate and ACEGI, best practice for digesting new passwords?
My application uses a BasicPasswordEncryptor wired into the Acegi DaoAuthentication provider, which works fine. My question is what is the best practice for when a new user is created, in regards to Hibernate?
Specifically I know I want to digest a string before it gets persisted in the database (No need to ever decrypt, just compare digested strings for authentication). The two ways I was thinking of doing that are:
1) Tell hibernate to store the password in an encrypted way, using the same BasicPasswordEncryptor (Which I have not found documentation on, at least in a way to force it to use the same encryptor acegi is using)
or 2) In my UserDetails implementation, I can change the getPassword() method to return an ecrypted version (which would make it secure from any call at all)
So which is the more appropriate way to encrypt a new password? If its 1, can anyone show me some example on how to make hibernate use the same digestor, and if its 2, can someone explain how to best do this? I was thinking wire in the encryptor into the userdetails implementation?