Authentication.java

/* Jug Management is a web application conceived to manage user groups or 
 * communities focused on a certain domain of knowledge, whose members are 
 * constantly sharing information and participating in social and educational 
 * events. Copyright (C) 2011 Ceara Java User Group - CEJUG.
 * 
 * This application is free software; you can redistribute it and/or modify it 
 * under the terms of the GNU Lesser General Public License as published by the 
 * Free Software Foundation; either version 2.1 of the License, or (at your 
 * option) any later version.
 * 
 * This application is distributed in the hope that it will be useful, but 
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 
 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public 
 * License for more details.
 * 
 * There is a full copy of the GNU Lesser General Public License along with 
 * this library. Look for the file license.txt at the root level. If you do not
 * find it, write to the Free Software Foundation, Inc., 59 Temple Place, 
 * Suite 330, Boston, MA 02111-1307 USA.
 * */
package org.cejug.yougi.entity;

import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.persistence.*;
import org.cejug.yougi.util.Base64Encoder;

/**
 * Represents the authentication credentials of the user.
 * @author Hildeberto Mendonca  - http://www.hildeberto.com
 */
@Entity
@Table(name="authentication")
public class Authentication implements Serializable {

    private static final long serialVersionUID = 1L;

    @Id
    private String username;
    
    @Column(nullable=false)
    private String password;
    
    @ManyToOne
    @JoinColumn(name="user_account")
    private UserAccount userAccount;

    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    /**
     * @return the hashed password.
     */
    public String getPassword() {
        return password;
    }

    /**
     * Receive a new password, hash it and set the password attribute.
     * @param password row password as informed by the user. This method should
     * be invoked only in case of changing the password.
     */
    public void setPassword(String password) {
        this.password = hashPassword(password);
    }
    

    /**
     * @return the userAccount that is associated to the authentication credentials.
     */
    public UserAccount getUserAccount() {
        return userAccount;
    }

    public void setUserAccount(UserAccount userAccount) {
        this.userAccount = userAccount;
    }

    /**
     * Hash a raw password using the MD5 algorithm.
     * @param rawPassword non-hashed password informed by the user.
     * @return the hashed password.
     */
    public String hashPassword(String rawPassword) {
        MessageDigest md = null;
        byte stringBytes[] = null;
        try {
            md = MessageDigest.getInstance("MD5");
            stringBytes = rawPassword.getBytes("UTF8");
        }
        catch(NoSuchAlgorithmException nsae) {
            throw new SecurityException("The Requested encoding algorithm was not found in this execution platform.", nsae);
        }
        catch(UnsupportedEncodingException uee) {
            throw new SecurityException("UTF8 is not supported in this execution platform.", uee);
        }
         
        byte stringCriptBytes[] = md.digest(stringBytes);
        char[] encoded = Base64Encoder.encode(stringCriptBytes);
        return String.valueOf(encoded);
    }
}