[jboss-user] [Security & JAAS/JBoss] - Re: Implement digestCallback into login-config.xml
fjaouen
do-not-reply at jboss.com
Thu Feb 28 17:49:13 EST 2008
Hi, I progress but I'm still blocked...
My JBoss config is:
<application-policy name="WebAppE2E">
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="unauthenticatedIdentity">guest</module-option>
<module-option name="dsJndiName">java:/jdbc/accovia/e2e</module-option>
<module-option name="principalsQuery">SELECT age_nom_cle FROM age WHERE age_cd=?</module-option>
<module-option name="rolesQuery">SELECT age_roles_cd, 'Roles' FROM age_roles WHERE age_cd=?</module-option>
<module-option name="hashEncoding">HEX</module-option>
<module-option name="hashAlgorithm">SHA-1</module-option>
<module-option name="digestCallback">com.myclass.MyDigestCallback</module-option>
</login-module>
</application-policy>
My code is:
package com.myclass;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Iterator;
import java.util.Map;
import org.jboss.crypto.digest.DigestCallback;
public class MyDigestCallback implements DigestCallback {
private byte[] username;
@Override
public void init(Map arg0) {
// TODO Auto-generated method stub
System.out.println("AccoviaDigestCallback.init");
for (Iterator iter = arg0.entrySet().iterator(); iter.hasNext();) {
Map.Entry entry = (Map.Entry) iter.next();
String key = (String) entry.getKey();
String value = (String) entry.getValue();
System.out.println("Key=" + key + " value=" + value);
if (key.contains("javax.security.auth.login.name")) {
this.username = value.getBytes();
}
}
}
@Override
public void preDigest(MessageDigest arg0) {
}
@Override
public void postDigest(MessageDigest arg0) {
arg0.update(this.username);
}
And JBoss is still complaining:
2008-02-28 17:45:03,040 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize, instance=@10135900
2008-02-28 17:45:03,040 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Security domain: WebAppE2E
2008-02-28 17:45:03,040 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Saw unauthenticatedIdentity=guest
2008-02-28 17:45:03,040 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Password hashing activated: algorithm = SHA-1, encoding = HEX, charset = {default}, callback = com.myclass.MyDigestCallback, storeCallback = null
2008-02-28 17:45:03,040 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/jdbc/accovia/e2e
2008-02-28 17:45:03,040 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=SELECT age_password FROM age WHERE age_cd=?
2008-02-28 17:45:03,040 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=SELECT age_roles_cd, 'Roles' FROM age_roles WHERE age_cd=?
2008-02-28 17:45:03,040 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendResume=true
2008-02-28 17:45:03,040 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
2008-02-28 17:45:03,040 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Created DigestCallback: com.myclass.MyDigestCallback at 681070
2008-02-28 17:45:03,040 INFO [STDOUT] AccoviaDigestCallback.init
2008-02-28 17:45:03,040 INFO [STDOUT] Key=digestCallback value=com.myclass.MyDigestCallback
2008-02-28 17:45:03,040 INFO [STDOUT] Key=javax.security.auth.login.password value=fj9!2619
2008-02-28 17:45:03,040 INFO [STDOUT] Key=javax.security.auth.login.name value=FJ9
2008-02-28 17:45:03,040 INFO [STDOUT] username=FJ9
2008-02-28 17:45:03,040 INFO [STDOUT] Key=jboss.security.security_domain value=WebAppE2E
2008-02-28 17:45:03,040 INFO [STDOUT] Key=hashAlgorithm value=SHA-1
2008-02-28 17:45:03,040 INFO [STDOUT] Key=principalsQuery value=SELECT age_password FROM age WHERE age_cd=?
2008-02-28 17:45:03,071 INFO [STDOUT] Key=unauthenticatedIdentity value=guest
2008-02-28 17:45:03,071 INFO [STDOUT] Key=hashEncoding value=HEX
2008-02-28 17:45:03,071 INFO [STDOUT] Key=dsJndiName value=java:/jdbc/accovia/e2e
2008-02-28 17:45:03,071 INFO [STDOUT] Key=rolesQuery value=SELECT age_roles_cd, 'Roles' FROM age_roles WHERE age_cd=?
2008-02-28 17:45:03,071 INFO [STDOUT] AccoviaDigestCallback.preDigest >>>
2008-02-28 17:45:03,071 INFO [STDOUT] AccoviaDigestCallback.postDigest >>>
2008-02-28 17:45:03,071 INFO [STDOUT] strDigest=2DBFF16D448199F9156EF54533C284FBE10988D6
2008-02-28 17:45:03,071 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction
2008-02-28 17:45:03,071 DEBUG [org.jboss.resource.connectionmanager.IdleRemover] internalRegisterPool: registering pool with interval 900000 old interval: 9223372036854775807
2008-02-28 17:45:03,071 DEBUG [org.jboss.resource.connectionmanager.IdleRemover] internalRegisterPool: about to notify thread: old next: 1204239153071, new next: 1204239153071
2008-02-28 17:45:03,134 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: SELECT age_password FROM age WHERE age_cd=?, with username: FJ9
2008-02-28 17:45:03,134 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Obtained user password
2008-02-28 17:45:03,134 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction
2008-02-28 17:45:03,134 DEBUG [org.jboss.security.auth.spi.DatabaseServerLoginModule] Bad password for username=FJ9
2008-02-28 17:45:03,134 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] abort
2008-02-28 17:45:03,134 TRACE [org.jboss.security.plugins.JaasSecurityManager.WebAppE2E] Login failure
javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
ANY IDEAS ???
Thank you All !!!
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4133018#4133018
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4133018
More information about the jboss-user
mailing list