Broadleaf Commerce Discussion Forums

It looks like BroadleafCommerce only provides DefaultEncryptModule that does no encryption/decryption work. So we'll need to implement EncryptionModule ourselves? Does this apply to both payment info encryption and password encryption?

Thank you!

If you're storing your customer's payment account information (not recommended), then yes, you'll need to provide the encryption module to support encryption of the PAN, etc... See this "securing account information" section of this page for more information:

http://wiki.broadleafcommerce.org/confl ... ng+Payment

As far as customer passwords, these are easily handled in Spring Security. By default, we set the bean blPasswordEncoder to an instance of org.springframework.security.authentication.encoding.PlaintextPasswordEncoder, but you can easily override to a different encoder that fits your needs.

Got it. Thank you!

FYI, the documentation for this is moved to http://docs.broadleafcommerce.org/curre ... iance.html

Hi

I am using Broadleaf 1.6.2 SNAPSHOT.

I want to add custom salt when storing password during login.

Below is what I did


then I overrided saveCustomer method


mycompany-core-applicationContext-entity.xml



/mycompany-applicationContext.xml


When it is trying to register a customer, it is always going to the CustomerServiceImpl.save(...) and not to the one I implemented and overrided(which is CustomEncryptionServiceImpl". Can you please tell me where I am doing it wrong.

Appreciate your help on this.

Thanks

First of all, you overriding the wrong bean id. If you look at the Broadleaf CustomerServiceImpl, it is annotated with @Service("blCustomerService"), meaning "blCustomerService" should be the bean id that you are overriding:



Note that I also do not have the scope as prototype; you shouldn't need prototype unless you have a very specific use case that you haven't notated. Really, the only classes that definitely should have the scope as "prototype" are your entity bean definitions (that are in mycompany-core-applicationContext-entity.xml).

The other problem is that you should really be overriding services in a different application context file; one that is specified in the "patchConfigLocation" context parameter in web.xml. I would probably put this override in mycompany-applicationContext.

Doing those 2 things should alleviate your issues.

Thank you for the reply. That works.

Is there a common way I can use the custom salt to apply in all other locations. Because now it will not let me login into website because of salt.

I see in all locations where ever the PasswordEncoder is used a null value is passed for salt. Do I have to override all those locations and have them use the salt.

In other words, in the applicationContext how can I give the salt when user is trying to log in.

Please advise.