Geek Answers Handbook

Java.lang.ClassCastException: [B cannot be added to java.lang.String

I wrote a right class with Field LoginId and Password.

Iam encrypts passwrd and stops it in db using AES_ENCRYPT.

I want to extract only the decrypted password. therefore im uses AES_DECRYPT using NAtiveQueryis in OPen JPA 2.0.

The query I wrote is:

Query q = em.createNativeQuery("select AES_DECRYPT(l.password,?2) from loginDetails l where l.loginID = ?1"); q.setParameter(1, loginId); q.setParameter(2, getKey()); String s = q.getSingleResult();

But I get the following exception:

 java.lang.ClassCastException: [B cannot be cast to java.lang.String at com.rcs.chef.validation.UserValidation.decryptedPasswordForID(UserValidation.java:99) at com.rcs.chef.validation.UserValidation.validateUser(UserValidation.java:81) at com.rcs.chef.validation.UserValidation.activate(UserValidation.java:72) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:226) at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:824) at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:636) at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:724) at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:64) at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:219) at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:147) at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:640) at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:331) at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:227)

I even tried this:

 Query q = em.createNativeQuery("select AES_DECRYPT(l.password,?2) from loginDetails l where l.loginID = ?1"); q.setParameter(1, loginId); q.setParameter(2, getKey()); List<Object> s = q.getResultList(); String s1 = null; for(Object o : s){ s1= (String) o; }

Even here you can also get the same Exception as:

 java.lang.ClassCastException: [B cannot be cast to java.lang.Object

Can you tell me what the error is with the request and the processing of the request.

+4
source share
1 answer

A similar question: What type of Java is "[B"?

MySQL AES_DECRYPT does not return a String , but is an array of bytes, denoted by "[B". Pass the result to byte[] and build a string from it.

It seems you don’t even need to decrypt the password; you just want validateUser , right? β€œIn this case, as others have noted, secure hashes should be used.”

You can easily do this with MySQL, as it already provides the necessary functions : MD5 (considered unsafe), SHA1 (pretty much standard) and SHA2 (even more secure than SHA1).

So, your circuit might basically look like this:

insert into loginDetails (..., passwordHashSalt, passwordHash) values ( ..., ?1, SHA1(CONCAT( ?1, ?2 )) ) , where ?1 sets a unique salt, which can be, for example, username, ?2 is the actual password. Please note that the salt must also be stored in the database and "must" be unique to each user / password; thus, a username is a natural choice for this.

Then, in order to verify the password, you can:

select 'OK' from loginDetails where ... and passwordHash = SHA1(CONCAT( passwordHashSalt, ?1 )) , where ?1 is the password to be verified.

For more information, search the Internet for "password hashing", see, for example, here or here .

These hashing operations can also be performed in the database client code, if necessary.

+6
source

More articles:


All Articles