Implementing MD5 passwords

[thobson]

I have been using acegi for a while now and we would now like to store our passwords in the DB as MD5 hashes

Could anyone give me some pointers for how to do this?

My understanding was that I need to pass an instance of PasswordEncoder to the DaoAuthenticationProvider:

Code:

<bean id="md5Encoder" class="org.acegisecurity.providers.encoding.Md5PasswordEncoder" />
	
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
  <property name="userDetailsService" ref="userDetailsService"/>
  <property name="passwordEncoder" ref="md5Encoder" />
  <property name="userCache" ref="userCache"/>
</bean>

Then when a user registers on our app we will need to convert his plaintext password to an MD5 hash and save this as the password. Is this correct?

Cheers

Toby

[thobson]

I have now implemented this successfully i.e. I can register users and they can login using the acegi filter but I have hit one problem: I am trying to programatically authenticate the user after they register on our site:

Code:

/**
 * Programatically authenticate the user so he doesn't have to sign in
 * 
 * @param email
 * @param password
 */
private void authenticateUser(String email, String password) {
	Authentication auth = new UsernamePasswordAuthenticationToken(email, password);  
	Authentication result = authenticationManager.authenticate(auth);  
	SecurityContext ctx = new SecurityContextImpl();  
	ctx.setAuthentication(result);  
	SecurityContextHolder.setContext(ctx);  
}

This code worked fine when we were using plaintext passwords, but it no longer works no I am using MD5 hashes, what do I need to change?

Thanks

Toby