Login | Register   
LinkedIn
Google+
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


advertisement
 

Implementing Secure Automatic Authentication in ColdFusion  : Page 4

Don't just set a plain-text cookie to match users with stored server data; let users log on automatically and securely by taking advantage of CF's ability to interact with Java.


advertisement

Creating a Digital Signature
Now that you have the ability to generate a key pair and persist and retrieve them from the file system you're ready to create a digital signature. First, use the getInstance method to obtain an instance of the Signature object. Like the key pair generator, the method expects a parameter indicating which algorithm to use, and also accepts an optional provider parameter, but the example code skips the provider for simplicity. After creating an instance of the Signature object you need to initialize it for signing. To do that, call the initSign method, which expects a privateKey object parameter.

After initializing the Signature object you need to pass it the data to be signed. This data must be unique for each user, so we will want to pass it the user's ID, which in this case is simply their email address. The Signature object has an update method that you can use to pass it the data to be signed. The update method expects a byte array as a parameter, but that won't work well for passing data from CF, because CF can't pass structured data to Java. Fortunately, the Java String class provides a method called getBytes, which accepts a string and returns a byte array. You can call the update method as many times as you like to feed the Signature object data to sign. When you're done feeding it data you call the sign method to get the digital signature. Again, you have a problem because the sign method returns a byte array, but again, the String class saves you by offering a constructor that accepts a byte array. Here's the sign method.

      public String sign(String buffer) throws Exception
      {
         Signature dsa = Signature.getInstance("SHA/DSA");
         dsa.initSign(privateKey);
         dsa.update(buffer.getBytes());
         String signature = new String(dsa.sign());
         return signature;
      }


Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap
Thanks for your registration, follow us on our social networks to keep up-to-date