Below code is always returning false in my custom plugin. Is there any working A

Bala K over 8 years ago

Below code is always returning false in my custom plugin. Is there any working API available to check if the username, password supplied is valid? or am I missing something? Please help.

MessageDigest mdg = MessageDigest.getInstance("SHA-512");
                    byte[] passwordBytes = password.getBytes("UTF-8");
                    byte[] hashBytes = mdg.digest(passwordBytes);
                    byte[] hashedPasswordBytes = Base64.encodeBase64(hashBytes);
                    UserService userService = ServiceLocator.getUserService(sc);
                    boolean valid = true;
                    try {
                              valid = userService.isPasswordValid(user, password);
                              System.out.println("1.valid="+valid);
                              valid = userService.isUserPasswordValid(user, hashedPasswordBytes);
                              System.out.println("2.valid="+valid);

Discussion posts and replies are publicly visible

0 Eduardo Fuentes
Appian Employee
over 8 years ago

That wouldn't work. You'd need to know the salt Appian uses to create passwords which for security reasons is not public.

You might want to use a servlet plug-in instead which requires authentication and where the credentials are evaluated directly by Appian without your intervention.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Shyam Bommakanti
Certified Lead Developer
over 8 years ago

I agree with Eduardo. Please check my other post related to this. Case 1:
forum.appian.com/.../e-179482
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel