Problem solved. After researching the source for the security.auth.spi package (you gotta love open source) and some MySQl docs, I discovered that MySQL returns MD5() encrypted passwords in HEX format. SO I simply changed the <hashEncoding> to HEX, and all worked just as documented/expected.
Thanks again for your assistance. -----Original Message----- From: Contact [mailto:contact@;abilsoft.com] Sent: Tuesday, November 05, 2002 9:25 PM To: '[EMAIL PROTECTED]' Subject: RE: [JBoss-user] DatabaseServerLoginModule Scott: Thanks so much for the tip, jboss-web.xml visibility was a big part of the problem here. I am indeed much closer now - but not quite there yet. My only remaining problem is with the hashAlgorithm. Everything is working perfectly as long as I have a clear password in the database and I do not add the hashAlgorithm and hashEncoding <module-option>s to the following section of my login-config.xml. As soon as I put an MD5'ed password in the database and add the hasAlgorithm and hashEncoding options, it stops working (with typical invalid password Error msg). <application-policy name = "AbilSoftRealm"> <authentication> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "requisite"> <module-option name = "dsJndiName">java:/SecurityPool</module-option> <module-option name = "principalsQuery">select password from users where username=?</module-option> <module-option name = "rolesQuery">select role, rolegroup from roles where username=?</module-option> <module-option name = "hashAlgorithm">MD5</module-option> <module-option name = "hashEncoding">base64</module-option> </login-module> </authentication> </application-policy> I am using JBoss 3.0.4 with a MySQL database. The database contains the password in MD5 encrypted format and I have verified the query by hand from a mysql prompt (to verify it returns expected MD5 encrypted password). What else do I need to do to make this encryption work? Does my princiaplsQuery need to be modified? As uunderstand from the Quick Start Guide, the hashAlgorithm will cause the clear text password retrieved from the CallBackHandler to be MD5'ed before it's passed for comparison. Since the database contains and MD5 encrypted password, these should match with the query as is? Am I missing something else? Thanks again. -----Original Message----- From: [EMAIL PROTECTED] [mailto:jboss-user-admin@;lists.sourceforge.net] On Behalf Of Scott M Stark Sent: Tuesday, November 05, 2002 7:51 AM To: [EMAIL PROTECTED] Subject: Re: [JBoss-user] DatabaseServerLoginModule Turn on DEBUG level messages by editing the conf/lo4j.xml file and removing the <param name="Threshold" value="INFO"/> from the FILE appender and then look of the following msgs: Binding security/securityMgr to NullSecurityManager Linking security/securityMgr to JNDI name: x Most likely the war/WEB-INF/jboss-web.xml file is not being seen. xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 04, 2002 9:37 AM Subject: Re: [JBoss-user] DatabaseServerLoginModule > Then why am I not seeing any output in the console or logfiles > indicating that authentication is even occuring, let alone having any problems? Is there something in some other file that I need to modify to turn this on? I have verified the queries against my schema via mysql by hand - there doe not appear to be any problem there. I just don't think that authentication is really being processed in my environment - although the login.html is presented as expected - just not really validated against anything (always appears to return success regardless of input). > > Todd ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user