Querying for data using jayspt and hibernate

Question

Hey guys I'm using Hibernate to store user models in a db, well found out that you can use jayspt in tandem to abstract the encryption of usernames and passwords away from the business logic. Here's a link describing what I mean. Here's another link from the hibernate site. Now I can store the data just fine. It's encrypted. I can read it, cool, but when I try to query things become problematic. I'm also little unsure about whats happening. I first tried querying with unencrypted strings. I got a null pointer. I queried w/ encrypted strings. I got a null pointer, so I'm a little puzzled as to what's going on. Here's the query:

public String getUserId(String email, String password)  {   
    String encryptedPass = encryptor.encrypt(password);
    String encryptedEMail = encryptor.encrypt(email);
    Session sess = manager.getSession();
    Criteria crit = sess.createCriteria(MobsterUser.class);
    crit.add(Restrictions.eq("email", encryptedEMail )).add(Restrictions.eq("password", encryptedPass));
    MobsterUser user = (MobsterUser) crit.uniqueResult();
    sess.flush();
    return user.getUserId();
}

Anyone have any input about what maybe happening here?

I did one last thing. I hard coded my test user's email and password in to the query. That didn't help either. — Andy McCall, Jul 13 '12 at 07:55

score 1 · Answer 1 · answered Sep 13 '12 at 15:16

You can not query for encrypted data. You should not encrypt but hash the password. You should never query by the password. Using the Hibernate/Jasypt integration you do not need to care about encryption in your source code (no "encryptor.encrypt"). That is the main idea behind it.

Querying for data using jayspt and hibernate

1 Answers1