[jboss-user] [Beginners Corner] - Re: Auth How to

[PeterJ]

OK, now I see what you mean.  The DataBaseServerLoginModule is written incorrectly. It expects you to be able to write a select statement that returns the unencrypted password. If you have a password that is encrypted using one-way encryption, the DataBaseServerLoginModule will not be able to use it because it does not support any way of dealing with the password. What is needed is a new login module that allows the following entry (if using MySQL and ecrypting the password with the SHA1() function):

<module-option name = "principalsQuery">SELECT loginId FROM User WHERE loginId=? and password=sha1(?)</module-option>

This login module would accept the loginId an password is the select statement returns a single result.

An alternative would be to add a new option to the existing login module, something like:

<module-option name = "passwordQuery">SELECT sha1(?)

The existing login module could then use this query to encode the password before testing it against the password returned by the current query (which returns the value of the password column).

On further thought, looking at the code, there does appear to be support for this. I see references to a callback method related to passwords (UsernamePasswordLoginModule.createPasswordHash), and a method to truend a hashed password (DabaseServerLoginModule). Though it looks as if you have to write your own subclass of DabaseServerLoginModule. Hmm, a subclass that supports my 'passwordQuery' option might be a good idea.



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4024751#4024751

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4024751