Joget DX Beta Available for Download

Check out Joget DX, the next generation successor to Joget Workflow for faster, simpler digital transformation.

Skip to end of metadata
Go to start of metadata

Description

  • Used in JSON API authentication and JavaScript Single Sign ON (SSO)
  • Prevents a user's password from being directly exposed during authentication
  • This Hashed Password method is only supported by Joget Workflow Internal Directory Manager.

 

Please note that LDAP Directory Manager & Security Enhanced Directory Manager does not support Hashed Password in JSON API authentication.

Formula

md5(username + “::” + md5Base16(password));

E.g.: Assuming that the username is “admin” and the password is “admin”, the resulting hash should be “14ACD782DCFEB2BCDE2B271CCD559477”.

Sample Code (Java)

public static String md5(String content) {
    try {
        MessageDigest m = MessageDigest.getInstance("MD5");
        byte[] data = content.getBytes();
        m.update(data, 0, data.length);
        BigInteger i = new BigInteger(1, m.digest());
        return String.format("%1$032X", i);
    } catch (Exception ex) {}
    return "";
}

public static String md5Base16(String content) {
    try {
        MessageDigest md = MessageDigest.getInstance("MD5");
        byte[] bytes = md.digest(content.getBytes());
        StringBuffer sb = new StringBuffer();
        for (int i = 0; i < bytes.length; i++) {
            byte b = bytes[i];
            String hex = Integer.toHexString((int) 0x00FF & b);
            if (hex.length() == 1) {
                sb.append("0");
            }
            sb.append(hex);
        }
        return sb.toString();
    } catch (Exception e) {}
    return "";
}
  • No labels