@Override protected String getSalt(String username) { try { AttributesManager am = getIdentitySession().getAttributesManager(); Attribute salt = am.getAttribute(username, PASSWORD_SALT_USER_ATTRIBUTE); // User does not have salt attribute in DB. Let's generate a fresh one and save it to DB. if (salt == null) { SecureRandom pseudoRng = getSecureRandomInstance(); String saltStr = String.valueOf(pseudoRng.nextLong()); am.addAttribute(username, PASSWORD_SALT_USER_ATTRIBUTE, saltStr); log.fine("Salt has been randomly generated for user " + username); return saltStr; } else { return (String)salt.getValue(); } } catch (Exception ie) { throw new RuntimeException(ie); } }