Below code is always returning false in my custom plugin. Is there any working A

Bala K over 10 years ago

Below code is always returning false in my custom plugin. Is there any working API available to check if the username, password supplied is valid? or am I missing something? Please help.

MessageDigest mdg = MessageDigest.getInstance("SHA-512");
                    byte[] passwordBytes = password.getBytes("UTF-8");
                    byte[] hashBytes = mdg.digest(passwordBytes);
                    byte[] hashedPasswordBytes = Base64.encodeBase64(hashBytes);
                    UserService userService = ServiceLocator.getUserService(sc);
                    boolean valid = true;
                    try {
                              valid = userService.isPasswordValid(user, password);
                              System.out.println("1.valid="+valid);
                              valid = userService.isUserPasswordValid(user, hashedPasswordBytes);
                              System.out.println("2.valid="+valid);

Discussion posts and replies are publicly visible

0 Eduardo Fuentes
Appian Employee
over 10 years ago

That wouldn't work. You'd need to know the salt Appian uses to create passwords which for security reasons is not public.

You might want to use a servlet plug-in instead which requires authentication and where the credentials are evaluated directly by Appian without your intervention.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Shyam Bommakanti
Certified Lead Developer
over 10 years ago

I agree with Eduardo. Please check my other post related to this. Case 1:
forum.appian.com/.../e-179482
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel