Description

  • Used in JSON API authentication and JavaScript Single Sign ON (SSO)
  • Prevents a user's password from being directly exposed during authentication
  • This Hashed Password method is only supported by Joget Workflow Internal Directory Manager.

 

Please note that LDAP Directory Manager & Security Enhanced Directory Manager does not support Hashed Password in JSON API authentication.

Formula

md5(username + “::” + md5Base16(password));

E.g.: Assuming that the username is “admin” and the password is “admin”, the resulting hash should be “14ACD782DCFEB2BCDE2B271CCD559477”.

Sample Code (Java)

public static String md5(String content) {
    try {
        MessageDigest m = MessageDigest.getInstance("MD5");
        byte[] data = content.getBytes();
        m.update(data, 0, data.length);
        BigInteger i = new BigInteger(1, m.digest());
        return String.format("%1$032X", i);
    } catch (Exception ex) {}
    return "";
}

public static String md5Base16(String content) {
    try {
        MessageDigest md = MessageDigest.getInstance("MD5");
        byte[] bytes = md.digest(content.getBytes());
        StringBuffer sb = new StringBuffer();
        for (int i = 0; i < bytes.length; i++) {
            byte b = bytes[i];
            String hex = Integer.toHexString((int) 0x00FF & b);
            if (hex.length() == 1) {
                sb.append("0");
            }
            sb.append(hex);
        }
        return sb.toString();
    } catch (Exception e) {}
    return "";
}
  • No labels