Home/ Questions/Q 6967533
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T16:20:03+00:00

Hi I am trying to retrive a simple object from a db via its

  • 0

Hi I am trying to retrive a simple object from a db via its password hash and username combination ….

username = request.getParameter("username");
password = request.getParameter("password");

// Converting request password to hash
String passwordHash = SecurityUtil.convertStringToSHA1(password);


Session hs = HibernateUtil.getSessionFactory().getCurrentSession();
hs.beginTransaction();

//query for a single result of matching username with password
//Query hquery = hs.createQuery("from User where id = :id");
//hquery.setParameter("id", 33l);  <- THIS QUERY WORKS

Query hquery = hs.createQuery("from User where password = :password and userName = :userName"); //<- password is a sha1 hash in the db
hquery.setString("userName", username);
hquery.setParameter("password", passwordHash);

User user = (User)hquery.uniqueResult(); //<- Always NULL WHY There should be a unique result.
log.info("UR: "+username);
log.info("PR: "+passwordHash);

if(user!=null) {
    //never reached
    log.info("UDB: "+user.getUserName());
    log.info("PDB: "+user.getPassword());

} else {
    always reaches here
}

Any Ideas? Or does that mean that there are no uniqueResults?

My sha1 hashes are not salted, however the password hashes are generated from a random string using apache commons which should be more or less collision free …

Further it is my first time doing hibernate stuff so I might be in the wrong somewhere …

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Ok I know now where all went down the drain. I have jaspy string encryption enabled on these fields. Due to the random salt it is obvious that these fields in a WHERE clause just do not fly … :-/

    • 0