I am using spring 2.5 + hibernate 3. I am trying to encrypt my user password field. I set up an encryptor in spring as such:
<bean id="hibernateStringEncryptor"
class="org.jasypt.hibernate.encryptor.HibernatePBEStringEncryptor">
<property name="registeredName">
<value>strongHibernateStringEncryptor</value>
</property>
<property name="algorithm">
<value>PBEWithMD5AndTripleDES</value>
</property>
<property name="password">
<value>mypassword</value>
</property>
</bean>
In my user class mapping I have the following:
<hibernate-mapping auto-import="true">
<typedef name="encryptedString" class="org.jasypt.hibernate.type.EncryptedStringType">
strongHibernateStringEncryptor
</typedef>
.
<class name="User" table="USERS">
<id access="field" column="id" name="id" type="int" unsaved-value="-1">
<generator class="sequence">
SEQ_USERS
</generator>
</id>
<property column="USERNAME" name="username" not-null="true" type="string"/>
<property column="PASSWORD" name="password" not-null="true" type="encryptedString"/>
When I create a new user, the password is properly encrypted. I can also query users via load or through the object map and I tested that the password is being decrypted.
***However, I can not query a user using the password field:
String query = "select user from User user where active=? and username=? and password=?";
List results = getHibernateTemplate().find(query, new Object[]{true, userName, password});
I get no results whenever I query using the encrypted field. What am I doing wrong?
thanks
-ryan
