[JBoss-user] [Security & JAAS/JBoss] - MD5/base64 encryption DatabaseServerLoginModule problem

Wed, 06 Jul 2005 09:03:24 -0700 

I'm having problems getting password verification to work when I encrypt 
passwords and store on the database.

Basically web app is secured with form based security over SSL - when user goes 
to a secured area they are prompted to logon or register.  Usernames/passwords 
held in mysql database connected to via EJB.
With plain text this all works fine.  However, when I try and use encryption 
the logon fails.  

I've checked the database table and the username and password are being 
encrypted.  I think the problem is with how I've setup the login-config.xml (or 
something else?) - I thought I'd configured it so that when a user attempted to 
logon the password (and username?) would be automatically converted to 
md5/base64 and compared against the table.

I've tried every setting I can think of (using hex rather than base64, encoding 
the username and password, just the password etc.) and still can't get this to 
work - any help/ideas appreciated.

login-config.xml
    <!-- Security domain for HomeSite -->
    <application-policy name = "homesite">
       
          <login-module code = 
"org.jboss.security.auth.spi.DatabaseServerLoginModule"
             flag = "required">
             <module-option name = "hashAlgorithm">MD5</module-option>  
             <module-option name = "hashEncoding">base64</module-option>
             <module-option name="hashCharset">UTF-8</module-option>
             <module-option name = "dsJndiName">java:/MySqlDS</module-option>
             <module-option name = "principalsQuery">SELECT client_id FROM 
gluser WHERE client_id=?</module-option>
             <module-option name = "rolesQuery">SELECT role, 'Roles' FROM 
glroles WHERE client_id=?</module-option>  

          </login-module>
       
    </application-policy>


Code to encrypt password 

        public static String encode(String password) throws
                        NoSuchAlgorithmException, UnsupportedEncodingException {
                //System.out.println("Password to encode is: " + password);
                MessageDigest md = MessageDigest.getInstance("MD5");
                md.update(password.getBytes("UTF8"));
                String encodedString =  new BASE64Encoder().encode(md.digest());
                //String encodedString = new 
HexDumpEncoder().encode(md.digest());
                // System.out.println("Encoded String is: " + encodedString);
                return encodedString;


View the original post : 
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3883886#3883886

Reply to the post : 
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3883886


-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to