[jboss-user] [Security & JAAS/JBoss] - Re: Issue in encrypting the password using MD5
Tony Jim
do-not-reply at jboss.com
Mon May 11 07:20:59 EDT 2009
I donot how to log it, since I am very weak at log4j. I have tried with the following. I have included both by login-config.xml anf jboss-log4j.xml file. Can you please help to advice?
| <?xml version='1.0'?>
| <!DOCTYPE policy PUBLIC
| "-//JBoss//DTD JBOSS Security Config 3.0//EN"
| "http://www.jboss.org/j2ee/dtd/security_config.dtd">
|
| <!-- The XML based JAAS login configuration read by the
| org.jboss.security.auth.login.XMLLoginConfig mbean. Add
| an application-policy element for each security domain.
|
| The outline of the application-policy is:
| <application-policy name="security-domain-name">
| <authentication>
| <login-module code="login.module1.class.name" flag="control_flag">
| <module-option name = "option1-name">option1-value</module-option>
| <module-option name = "option2-name">option2-value</module-option>
| ...
| </login-module>
|
| <login-module code="login.module2.class.name" flag="control_flag">
| ...
| </login-module>
| ...
| </authentication>
| </application-policy>
|
| $Revision: 64598 $
| -->
|
| <policy>
| <!-- Used by clients within the application server VM such as
| mbeans and servlets that access EJBs.
| -->
| <application-policy name = "client-login">
| <authentication>
| <login-module code = "org.jboss.security.ClientLoginModule"
| flag = "required">
| <!-- Any existing security context will be restored on logout -->
| <module-option name="restore-login-identity">true</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| <!-- Security domain for JBossMQ -->
| <!--application-policy name = "jbossmq">
| <authentication>
| <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
| flag = "required">
| <module-option name = "unauthenticatedIdentity">guest</module-option>
| <module-option name = "dsJndiName">java:/DefaultDS</module-option>
| <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
| <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
| </login-module>
| </authentication>
| </application-policy-->
|
| <!-- Security domain for JBossMQ when using file-state-service.xml
| <application-policy name = "jbossmq">
| <authentication>
| <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
| flag = "required">
| <module-option name = "unauthenticatedIdentity">guest</module-option>
| <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
| </login-module>
| </authentication>
| </application-policy>
| -->
|
| <!-- Security domains for testing new jca framework -->
| <application-policy name = "HsqlDbRealm">
| <authentication>
| <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
| flag = "required">
| <module-option name = "principal">sa</module-option>
| <module-option name = "userName">sa</module-option>
| <module-option name = "password"></module-option>
| <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| <application-policy name = "JmsXARealm">
| <authentication>
| <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
| flag = "required">
| <module-option name = "principal">guest</module-option>
| <module-option name = "userName">guest</module-option>
| <module-option name = "password">guest</module-option>
| <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| <!-- A template configuration for the jmx-console web application. This
| defaults to the UsersRolesLoginModule the same as other and should be
| changed to a stronger authentication mechanism as required.
| -->
| <application-policy name = "jmx-console">
| <authentication>
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag = "required">
| <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
| <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| <!-- A template configuration for the web-console web application. This
| defaults to the UsersRolesLoginModule the same as other and should be
| changed to a stronger authentication mechanism as required.
| -->
| <application-policy name = "web-console">
| <authentication>
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag = "required">
| <module-option name="usersProperties">web-console-users.properties</module-option>
| <module-option name="rolesProperties">web-console-roles.properties</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| <!--
| A template configuration for the JBossWS security domain.
| This defaults to the UsersRolesLoginModule the same as other and should be
| changed to a stronger authentication mechanism as required.
| -->
| <!--application-policy name="JBossWS">
| <authentication>
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag="required">
| <module-option name="usersProperties">props/jbossws-users.properties</module-option>
| <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
| <module-option name="unauthenticatedIdentity">anonymous</module-option>
| </login-module>
| </authentication>
| </application-policy-->
|
| <!-- The default login configuration used by any security domain that
| does not have a application-policy entry with a matching name
| -->
| <application-policy name = "other">
| <!-- A simple server login module, which can be used when the number
| of users is relatively small. It uses two properties files:
| users.properties, which holds users (key) and their password (value).
| roles.properties, which holds users (key) and a comma-separated list of
| their roles (value).
| The unauthenticatedIdentity property defines the name of the principal
| that will be used when a null username and password are presented as is
| the case for an unuathenticated web client or MDB. If you want to
| allow such users to be authenticated add the property, e.g.,
| unauthenticatedIdentity="nobody"
| -->
| <authentication>
| <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag = "required" />
| </authentication>
| </application-policy>
|
|
| <application-policy name="testDB">
| <authentication>
| <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
| flag="required">
| <module-option name="hashAlgorithm">MD5</module-option>
| <module-option name="hashEncoding">base64</module-option>
| <module-option name="hashUserPassword">true</module-option>
| <module-option name="hashStorePassword">true</module-option>
|
| <module-option name="dsJndiName">java:/MySqlDS</module-option>
| <module-option name="principalsQuery">
| select passwd from Users username where username=?</module-option>
| <module-option name="rolesQuery">
| select userRoles, 'Roles' from UserRoles where username=?</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| </policy>
|
| <?xml version="1.0" encoding="UTF-8"?>
| <!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
|
| <!-- ===================================================================== -->
| <!-- -->
| <!-- Log4j Configuration -->
| <!-- -->
| <!-- ===================================================================== -->
|
| <!-- $Id: jboss-log4j.xml 65459 2007-09-19 00:25:51Z dimitris at jboss.org $ -->
|
| <!--
| | For more configuration infromation and examples see the Jakarta Log4j
| | owebsite: http://jakarta.apache.org/log4j
| -->
|
| <log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
|
| <!-- ================================= -->
| <!-- Preserve messages in a local file -->
| <!-- ================================= -->
|
|
| <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
| <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
| <param name="Target" value="System.out"/>
| <param name="Threshold" value="DEBUG" />
|
| <layout class="org.apache.log4j.PatternLayout">
| <!-- The default pattern: Date Priority [Category] Message\n -->
| <param name="ConversionPattern" value="%d{ABSOLUTE} %-5p [%c{1}] %m%n"/>
| </layout>
| </appender>
|
|
| <!-- A time/date based rolling appender -->
| <appender name="FILE" class="org.jboss.logging.appender.DailyRollingFileAppender">
| <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
| <param name="File" value="${jboss.server.log.dir}/server.log"/>
| <param name="Append" value="false"/>
|
| <!-- Rollover at midnight each day -->
| <param name="DatePattern" value="'.'yyyy-MM-dd"/>
|
| <!-- Rollover at the top of each hour
| <param name="DatePattern" value="'.'yyyy-MM-dd-HH"/>
| -->
|
| <layout class="org.apache.log4j.PatternLayout">
| <!-- The default pattern: Date Priority [Category] Message\n -->
| <param name="ConversionPattern" value="%d %-5p [%c] %m%n"/>
|
| <!-- The full pattern: Date MS Priority [Category] (Thread:NDC) Message\n
| <param name="ConversionPattern" value="%d %-5r %-5p [%c] (%t:%x) %m%n"/>
| -->
| </layout>
| </appender>
|
|
| <!-- A size based file rolling appender
| <appender name="FILE" class="org.jboss.logging.appender.RollingFileAppender">
| <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
| <param name="File" value="${jboss.server.log.dir}/server.log"/>
| <param name="Append" value="false"/>
| <param name="MaxFileSize" value="500KB"/>
| <param name="MaxBackupIndex" value="1"/>
|
| <layout class="org.apache.log4j.PatternLayout">
| <param name="ConversionPattern" value="%d %-5p [%c] %m%n"/>
| </layout>
| </appender>
| -->
|
| <!-- ============================== -->
| <!-- Append messages to the console -->
| <!-- ============================== -->
|
| <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
| <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
| <param name="Target" value="System.out"/>
| <param name="Threshold" value="INFO"/>
|
| <layout class="org.apache.log4j.PatternLayout">
| <!-- The default pattern: Date Priority [Category] Message\n -->
| <param name="ConversionPattern" value="%d{ABSOLUTE} %-5p [%c{1}] %m%n"/>
| </layout>
| </appender>
|
| <!-- ====================== -->
| <!-- More Appender examples -->
| <!-- ====================== -->
|
| <!-- Buffer events and log them asynchronously
| <appender name="ASYNC" class="org.apache.log4j.AsyncAppender">
| <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
| <appender-ref ref="FILE"/>
| <appender-ref ref="CONSOLE"/>
| <appender-ref ref="SMTP"/>
| </appender>
| -->
|
| <!-- EMail events to an administrator
| <appender name="SMTP" class="org.apache.log4j.net.SMTPAppender">
| <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
| <param name="Threshold" value="ERROR"/>
| <param name="To" value="admin at myhost.domain.com"/>
| <param name="From" value="nobody at myhost.domain.com"/>
| <param name="Subject" value="JBoss Sever Errors"/>
| <param name="SMTPHost" value="localhost"/>
| <param name="BufferSize" value="10"/>
| <layout class="org.apache.log4j.PatternLayout">
| <param name="ConversionPattern" value="[%d{ABSOLUTE},%c{1}] %m%n"/>
| </layout>
| </appender>
| -->
|
| <!-- Syslog events
| <appender name="SYSLOG" class="org.apache.log4j.net.SyslogAppender">
| <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
| <param name="Facility" value="LOCAL7"/>
| <param name="FacilityPrinting" value="true"/>
| <param name="SyslogHost" value="localhost"/>
| <layout class="org.apache.log4j.PatternLayout">
| <param name="ConversionPattern" value="[%d{ABSOLUTE},%c{1}] %m%n"/>
| </layout>
| </appender>
| -->
|
| <!-- Log events to JMS (requires a topic to be created)
| <appender name="JMS" class="org.apache.log4j.net.JMSAppender">
| <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
| <param name="Threshold" value="ERROR"/>
| <param name="TopicConnectionFactoryBindingName" value="java:/ConnectionFactory"/>
| <param name="TopicBindingName" value="topic/MyErrorsTopic"/>
| </appender>
| -->
|
| <!-- Log events through SNMP
| <appender name="TRAP_LOG" class="org.apache.log4j.ext.SNMPTrapAppender">
| <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
| <param name="ImplementationClassName" value="org.apache.log4j.ext.JoeSNMPTrapSender"/>
| <param name="ManagementHost" value="127.0.0.1"/>
| <param name="ManagementHostTrapListenPort" value="162"/>
| <param name="EnterpriseOID" value="1.3.6.1.4.1.24.0"/>
| <param name="LocalIPAddress" value="127.0.0.1"/>
| <param name="LocalTrapSendPort" value="161"/>
| <param name="GenericTrapType" value="6"/>
| <param name="SpecificTrapType" value="12345678"/>
| <param name="CommunityString" value="public"/>
| <param name="ForwardStackTraceWithTrap" value="true"/>
| <param name="Threshold" value="DEBUG"/>
| <param name="ApplicationTrapOID" value="1.3.6.1.4.1.24.12.10.22.64"/>
| <layout class="org.apache.log4j.PatternLayout">
| <param name="ConversionPattern" value="%d,%p,[%t],[%c],%m%n"/>
| </layout>
| </appender>
| -->
|
| <!-- Emit events as JMX notifications
| <appender name="JMX" class="org.jboss.monitor.services.JMXNotificationAppender">
| <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
|
| <param name="Threshold" value="WARN"/>
| <param name="ObjectName" value="jboss.system:service=Logging,type=JMXNotificationAppender"/>
|
| <layout class="org.apache.log4j.PatternLayout">
| <param name="ConversionPattern" value="%d %-5p [%c] %m"/>
| </layout>
| </appender>
| -->
|
| <!-- ================ -->
| <!-- Limit categories -->
| <!-- ================ -->
|
| <!-- Added by Micheal John --->
| <!--category name="org.jboss.security">
| <priority value="TRACE"/>
| </category-->
|
|
| <category name="org.jboss.ejb.plugins.cmp">
| <priority value="DEBUG"/>
| </category>
|
| <category name="org.jboss.ejb.plugins.cmp">
| <priority value="TRACE" class="org.jboss.logging.XLevel"/>
| </category>
|
| <!-- Limit the org.apache category to INFO as its DEBUG is verbose -->
| <category name="org.apache">
| <priority value="INFO"/>
| </category>
|
| <!-- Limit the jacorb category to WARN as its INFO is verbose -->
| <category name="jacorb">
| <priority value="WARN"/>
| </category>
|
| <!-- Limit the org.jgroups category to WARN as its INFO is verbose -->
| <category name="org.jgroups">
| <priority value="WARN"/>
| </category>
|
| <!-- Limit the org.quartz category to INFO as its DEBUG is verbose -->
| <category name="org.quartz">
| <priority value="INFO"/>
| </category>
|
| <!-- Limit JBoss categories
| <category name="org.jboss">
| <priority value="INFO"/>
| </category>
| -->
|
| <!-- Limit the JSR77 categories -->
| <category name="org.jboss.management">
| <priority value="INFO"/>
| </category>
|
| <!-- Show the evolution of the DataSource pool in the logs [inUse/Available/Max]
| <category name="org.jboss.resource.connectionmanager.JBossManagedConnectionPool">
| <priority value="TRACE"/>
| </category>
| -->
|
| <!-- Limit the org.jboss.serial (jboss-serialization) to INFO as its DEBUG is verbose -->
| <category name="org.jboss.serial">
| <priority value="INFO"/>
| </category>
|
| <!-- Decrease the priority threshold for the org.jboss.varia category
| <category name="org.jboss.varia">
| <priority value="DEBUG"/>
| </category>
| -->
|
| <!-- Enable JBossWS message tracing
| <category name="org.jboss.ws.core.MessageTrace">
| <priority value="TRACE"/>
| </category>
| -->
|
| <!--
| | An example of enabling the custom TRACE level priority that is used
| | by the JBoss internals to diagnose low level details. This example
| | turns on TRACE level msgs for the org.jboss.ejb.plugins package and its
| | subpackages. This will produce A LOT of logging output.
| |
| | Note: since jboss AS 4.2.x, the trace level is supported natively by
| | log4j, so although the custom org.jboss.logging.XLevel priority will
| | still work, there is no need to use it. The two examples that follow
| | will both enable trace logging.
| <category name="org.jboss.system">
| <priority value="TRACE" class="org.jboss.logging.XLevel"/>
| </category>
| <category name="org.jboss.ejb.plugins">
| <priority value="TRACE"/>
| </category>
| -->
|
| <!--
| | Logs these events to SNMP:
| - server starts/stops
| - cluster evolution (node death/startup)
| - When an EJB archive is deployed (and associated verified messages)
| - When an EAR archive is deployed
|
| <category name="org.jboss.system.server.Server">
| <priority value="INFO" />
| <appender-ref ref="TRAP_LOG"/>
| </category>
|
| <category name="org.jboss.ha.framework.interfaces.HAPartition.lifecycle">
| <priority value="INFO" />
| <appender-ref ref="TRAP_LOG"/>
| </category>
|
| <category name="org.jboss.deployment.MainDeployer">
| <priority value="ERROR" />
| <appender-ref ref="TRAP_LOG"/>
| </category>
|
| <category name="org.jboss.ejb.EJBDeployer">
| <priority value="INFO" />
| <appender-ref ref="TRAP_LOG"/>
| </category>
|
| <category name="org.jboss.deployment.EARDeployer">
| <priority value="INFO" />
| <appender-ref ref="TRAP_LOG"/>
| </category>
| -->
|
| <!-- Clustering logging -->
| <!-- Uncomment the following to redirect the org.jgroups and
| org.jboss.ha categories to a cluster.log file.
|
| <appender name="CLUSTER" class="org.jboss.logging.appender.RollingFileAppender">
| <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
| <param name="File" value="${jboss.server.log.dir}/cluster.log"/>
| <param name="Append" value="false"/>
| <param name="MaxFileSize" value="500KB"/>
| <param name="MaxBackupIndex" value="1"/>
|
| <layout class="org.apache.log4j.PatternLayout">
| <param name="ConversionPattern" value="%d %-5p [%c] %m%n"/>
| </layout>
| </appender>
| <category name="org.jgroups">
| <priority value="DEBUG" />
| <appender-ref ref="CLUSTER"/>
| </category>
| <category name="org.jboss.ha">
| <priority value="DEBUG" />
| <appender-ref ref="CLUSTER"/>
| </category>
| -->
|
| <!-- ======================= -->
| <!-- Setup the Root category -->
| <!-- ======================= -->
|
| <root>
| <appender-ref ref="CONSOLE"/>
| <appender-ref ref="FILE"/>
| </root>
|
| </log4j:configuration>
|
|
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4230015#4230015
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4230015
More information about the jboss-user
mailing list