Hello everybody
I have a question regarding the MD5 Authentication in JBoss 5.1 GA.
I used the normal authentication without MD5 hashes so far, but now i have to
migrate an old version to a new version and the passwords are stored as MD5
strings in the database.
So all I did was changing the login-config.xml and I was adding the following
lines:
| <module-option name="hashAlgorithm">MD5</module-option>
| <module-option name="hashEncoding">base64</module-option>
The other part of my login-config.xml looks like this. I have tested the
queries and the rolename and the password (as hash) is returned:
<module-option name="principalsQuery">SELECT password FROM users WHERE
username=? AND active=1</module-option>
|
| <module-option name="rolesQuery">SELECT USERROLE.rolename, 'Roles' FROM
USERS INNER JOIN (USERROLE INNER JOIN MAPUSERUSERROLE ON USERROLE.roleid =
MAPUSERUSERROLE.roleid) ON USERS.userid = MAPUSERUSERROLE.userid where
USERS.username=?</module-option>
Unfortunately, the login always fails and I have no idea why. I guess it's the
MD5 Hash which jboss generates is not equal to this in the database. In the
jboss-log4j.xml I enabled tracing for org.jboss.security, and that's all I get
from the server.log file:
2009-11-02 11:25:14,314 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1)
initialize
| 2009-11-02 11:25:14,314 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1)
Security domain: SSIS2-domain
| 2009-11-02 11:25:14,314 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1)
Password hashing activated: algorithm = MD5, encoding = base64, charset =
{default}, callback = null, storeCallback = null
| 2009-11-02 11:25:14,315 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1)
DatabaseServerLoginModule, dsJndiName=java:SSIS2DSprod
| 2009-11-02 11:25:14,315 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1)
principalsQuery=SELECT password FROM users WHERE username=? AND active=1
| 2009-11-02 11:25:14,315 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1)
rolesQuery=SELECT USERROLE.rolename, 'Roles' FROM USERS INNER JOIN (USERROLE
INNER JOIN MAPUSERUSERROLE ON USERROLE.roleid = MAPUSERUSERROLE.roleid) ON
USERS.userid = MAPUSERUSERROLE.userid where USERS.username=?
| 2009-11-02 11:25:14,315 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1)
suspendResume=true
| 2009-11-02 11:25:14,319 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1)
login
| 2009-11-02 11:25:14,326 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1)
suspendAnyTransaction
| 2009-11-02 11:25:14,329 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1)
Excuting query: SELECT password FROM users WHERE username=? AND active=1, with
username: tlubrpa1
| 2009-11-02 11:25:15,116 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1)
Obtained user password
| 2009-11-02 11:25:15,116 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1)
resumeAnyTransaction
| 2009-11-02 11:25:15,116 DEBUG
[org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1)
Bad password for username=tlubrpa1
| 2009-11-02 11:25:15,116 TRACE
[org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1)
abort
Does anyone have an idea how I can debug the MD5 Hash Jboss generates? Or can I
do anything else to know why I can't login?
Thanks a lot!
Patrick
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4264967#4264967
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4264967
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
