aes-example | Learn how to build AES encryption | Encryption library

I'm trying to implement a aes/cbc/pkcs5padding algorithm. I started off with some CryptoJS in JS and found out how wonderful the encryption and decryption works in some seconds. I searched for many compatible solutions because the value that got returned was always wrong.

Unimportant: My goal is the following concept:

1. The user account is created server-side and the password is hashed with SHA-256
2. The user tries to log-in on the webpage (client-side JS) where a packet is sent to the server beginning with his plain username followed by an AES encrypted JSONObject with a simple success message. The key for the AES is the SHA-256 of the user's password hashed locally
3. The server receives this packet and checks for all user accounts if any of the names match with the beginning of the packet. In that case, the application separates the AES part of it and tries to decrypt it with the SHA-256 hashed password the server knows since the creation of the user
4. If the decryption succeeded, client and server will continue using this key and have a nice communication without transmitting the plain AES key with the websocket at any time. If the decryption fails, the user gets an error message "credentials incorrect"

That's just for your information to help me ;) Because I could not know what CryptoJS exactly does with the data it gets I started with Java and ended up with the following Java implementation:

I'm looking at an C# AES asymmetric encryption and decryption example here and not sure if i should store the IV in a safe place (also encrypted??). Or i can just attach it to the encrypted text for using later when i with to decrypt. From a short reading about AES it seems it's not needed at all for decryption but i'm not sure i got it right and also the aes.CreateDecryptor(keyBytes, iv) need it as parameter.

I use a single key for all encryptions.