Darran Lofthouse wrote:
Anyway this is a combination that won't be used because users cannot be added to that properties file.
Not really sure what you mean here - the point of the properties files is that users can be added to them.
The users and passwords that will use the application should be managed in users database table not in a properties file held on application server.
In your config I see the following line: -
What is this password? This property need to be the plain text password - not the pre-hashed password from the properties.
The password is hashed with md5 when saving user credentials. So it will be hashed when looking up the EJB to work like this: md5(users_password_from_password_field) = database_stored_password according to the login module