Problem solved.  After researching the source for the security.auth.spi
package (you gotta love open source) and some MySQl docs, I discovered
that MySQL returns MD5() encrypted passwords in HEX format.  SO I simply
changed the <hashEncoding> to HEX, and all worked just as
documented/expected.

Thanks again for your assistance.

-----Original Message-----
From: Contact [mailto:contact@;abilsoft.com] 
Sent: Tuesday, November 05, 2002 9:25 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [JBoss-user] DatabaseServerLoginModule


Scott:

Thanks so much for the tip, jboss-web.xml visibility was a big part of
the problem here.  I am indeed much closer now - but not quite there
yet.

My only remaining problem is with the hashAlgorithm. Everything is
working perfectly as long as I have a clear password in the database and
I do not add the hashAlgorithm and hashEncoding <module-option>s to the
following section of my login-config.xml.  As soon as I put an MD5'ed
password in the database and add the hasAlgorithm and hashEncoding
options, it stops working (with typical invalid password Error msg).

<application-policy name = "AbilSoftRealm">
<authentication>
<login-module code =
"org.jboss.security.auth.spi.DatabaseServerLoginModule" flag =
"requisite"> <module-option name =
"dsJndiName">java:/SecurityPool</module-option>
<module-option name = "principalsQuery">select password from users where
username=?</module-option> <module-option name = "rolesQuery">select
role, rolegroup from roles where username=?</module-option>
<module-option name = "hashAlgorithm">MD5</module-option>
<module-option name = "hashEncoding">base64</module-option>
</login-module>
</authentication>
</application-policy>

I am using JBoss 3.0.4 with a MySQL database. The database contains the
password in MD5 encrypted format and I have verified the query by hand
from a mysql prompt (to verify it returns expected MD5 encrypted
password). 

What else do I need to do to make this encryption work?  Does my
princiaplsQuery need to be modified?  As uunderstand from the Quick
Start Guide, the hashAlgorithm will cause the clear text password
retrieved from the CallBackHandler to be MD5'ed before it's passed for
comparison.  Since the database contains and MD5 encrypted password,
these should match with the query as is?  Am I missing something else?

Thanks again.
 


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:jboss-user-admin@;lists.sourceforge.net] On Behalf Of Scott M
Stark
Sent: Tuesday, November 05, 2002 7:51 AM
To: [EMAIL PROTECTED]
Subject: Re: [JBoss-user] DatabaseServerLoginModule


Turn on DEBUG level messages by editing the conf/lo4j.xml file and
removing the <param name="Threshold" value="INFO"/> from the FILE
appender and then look of the following msgs:

Binding security/securityMgr to NullSecurityManager
Linking security/securityMgr to JNDI name: x

Most likely the war/WEB-INF/jboss-web.xml file is not being seen.

xxxxxxxxxxxxxxxxxxxxxxxx
Scott Stark
Chief Technology Officer
JBoss Group, LLC
xxxxxxxxxxxxxxxxxxxxxxxx

----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, November 04, 2002 9:37 AM
Subject: Re: [JBoss-user] DatabaseServerLoginModule


> Then why am I not seeing any output in the console or logfiles
> indicating that authentication is even occuring, let alone
having any problems?  Is there something in some other file that I need
to modify to turn this on?  I have verified the queries against my
schema via mysql by hand - there doe not appear to be any problem there.
I just don't think that authentication is really being processed in my
environment - although the login.html is presented as expected - just
not really validated against anything (always appears to return success
regardless of input).
>
> Todd



-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user




-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to