Reputation: 4899
Using Wordpress wp_users table to perform Glassfish authentication
I'm struggling to find the best way to handle the following use case.
I've a Wordpress based website and I'm developing a Java EE based web application to handle a particular process that can't be handled in Wordpress.
The user base is the same, so I would like to allow the user to sign on on Wordpress and on my Glassfish deployed Java EE application with the same credentials. I'm not talking of SSO, I just need to ensure that the same username/password works in both applications.
The solutions that come into my mind are the following (each one has a drawback):
setup a jdbcRealm using the wp_users table via a custom jdbc resource. This is not working since Wordpress uses salt and IMHO there's no way to tell Glassfish how to use the same salting mechanism
implement a Glassfish authenticator (I've done it for FB login and it's easy) and compute the salted password from the plain text one. This is not going to work since I don't know how to compute WP salted passwords in Java
create the user from Glassfish directly into the wp_users table. This is not going to work because recent Wordpress versions can't use plain MD5 and because I've not found a way to compute WP salted passwords in Java
use WP XML-RPC API to check the credentials. Does some of you has ever tried to do this? Is this actually possible with the standard WP API?
finally the most promising solution is this library which is a Java implementation of the Portable PHP password hashing framework. Before trying this, I'd like to know if anyone has successfully tried it.
Any other idea is appreciated.
Thank you.
Upvotes: 0
Views: 154
Answers (1)
Reputation: 4899
After a bit of research it actually came out that computing WP Hashes in Java is really feasible, since they use the Portable PHP password hashing framework. There're several library out there that somehow helps in implementing PHPass in Java.
I've managed to modify this class a little bit to adapt it to be used in a Glassfish Authenticator created with Authentic Roast.
So the second option mentioned in my question was the one I finally implemented.
Upvotes: 0
Related Questions
- How I can create new user from Java class to GlassFish?
- User authentication in Java EE with enum
- How to implement user authentication in a jsp web application, using a glassfish JDBC Realm?
- MySQL.users table as application authentication
- Java EE 7 dynamic user roles
- glassfish 4 programmatic login
- How can I use Wordpress to authenticate a user in a spring web application?
- Programmatic login based on JDBCRealm
- Java based WS user authorization
- How to integrate OpenID into GlassFish?