The best way to secure password in database is by using Bcrypt, it is a password hashing function. BCrypt is based on the Blowfish block cipher cryptomatic algorithm and takes the form of an adaptive hash function. Bcrypt has the best kind of repute that can be achieved for a cryptographic algorithm .
Example: $2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy
Here $2a means it is a bcrypt encoding technique and $10 means how many round it takes for encryption.
There are implementations of bcrypt for C, C++, C#, Elixir, Go, Java, JavaScript,Perl, PHP, Python,Ruby, and other languages. But here we will use Java and Mysql as a Database.
Here we will store and fetch bcrypt encoded password from database. This is a Maven structured so we include maven dependency for Bcrypt. Best way to secure password in database, Highly secured, Bcrypt.
In POM.xml file include bcrypt maven dependency
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-crypto</artifactId>
</dependency>This is the pojo/Entity class
package com.datacyper.model;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
@Entity
@Table(name="admin_detail")
public class AdminDetail {
@Id
@GeneratedValue(strategy=GenerationType.AUTO)
private int adminID;
public String emailId;
public String name;
public String password;
public String role;
public AdminDetail() { }
public AdminDetail(int adminID, String emailId, String name, String password, String role) {
super();
this.adminID = adminID;
this.emailId = emailId;
this.name = name;
this.password = password;
this.role = role;
}
public int getAdminID() {
return adminID;
}
public void setAdminID(int adminID) {
this.adminID = adminID;
}
public String getEmailId() {
return emailId;
}
public void setEmailId(String emailId) {
this.emailId = emailId;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getRole() {
return role;
}
public void setRole(String role) {
this.role = role;
}
@Override
public String toString() {
return "AdminDetail [adminID=" + adminID + ", emailId=" + emailId + ", name=" + name + ", password=" + password
+ ", role=" + role + "]";
}
}In daoImpl file which is the database object implementation file, there we will save the user/admin details and function for login.
//This function is used to save login details/User registration details.
public int saveAdminDetail(AdminDetail adminDetail) {
Session session = null;
try
{
session = sessionFactory.getCurrentSession();
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String password=passwordEncoder.encode(adminDetail.getPassword()); adminDetail.setPassword(passwordEncoder.encode(password));
int id = (Integer) session.save(adminDetail);
return id;
}
catch(Exception exception)
{
System.out.println("Excecption while saving admin Details : " + exception.getMessage());
return 0;
}
finally
{
session.flush();
}
}
//This function is used for login or validation
public int adminLogin(String emailId, String password) {
Session session = null;
try
{
session = sessionFactory.getCurrentSession();
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
Query query = session.createQuery("from AdminDetail where emailId=:emailId");
query.setParameter("emailId", emailId);
List<AdminDetail> list = query.list();
int size = list.size();
if(size == 1)
{
if(passwordEncoder.matches(password, list.get(0).getPassword()))//here we matches password with the stored password and input password.
return list.get(0).getAdminID();
else
return -1;
}
else
return -1;
}
catch(Exception exception)
{
System.out.println("Excecption while saving admin Details : " + exception.getMessage());
return 0;
}
finally
{
session.flush();
}
}
I hope these two function helps you to save the login details and fetch the login details.
If you have any query regarding this, feel free to contact us!!
