4. DAO

@Repository
public class LoginDaoImpl implements LoginDao{

@PersistenceContext
private EntityManager entityManager;

public EntityManager getEntityManager() {
return entityManager;
}

public void setEntityManager(EntityManager entityManager) {
this.entityManager = entityManager;
}

@Override
@Transactional
public User createUser(User newUser) {

//get password hash
newUser.setPassword(getHashedPassword(newUser));

entityManager.persist(newUser);

entityManager.flush();

return newUser;
}

@Override
@Transactional
public User authenticateUser(User user) {

Query query = entityManager.createQuery("FROM User WHERE userName = :userName AND password = :password");
query.setParameter("userName", user.getUserName());
query.setParameter("password", getHashedPassword(user));

User u = null;

try {
u = (User) query.getSingleResult();
} catch (Exception e) {
// there is no record for the user name and password combo
u = null;
}

return u;
}


private String getHashedPassword(User user) {

MessageDigest md = null;

try {
md = MessageDigest.getInstance("SHA-256");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}

md.update(user.getPassword().getBytes());

byte byteData[] = md.digest();

//convert the byte to hex format
StringBuffer sb = new StringBuffer();
for (int i = 0; i < byteData.length; i++) {
sb.append(Integer.toString((byteData[i] & 0xff) + 0x100, 16).substring(1));
}

return sb.toString();
}

}