[jboss-jira] [JBoss JIRA] (WFLY-11013) Hash encoding Exception when using @DatabaseIdentityStoreDefinition

Martin Švehla (JIRA) issues at jboss.org
Thu Sep 13 10:05:00 EDT 2018


    [ https://issues.jboss.org/browse/WFLY-11013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13633018#comment-13633018 ] 

Martin Švehla commented on WFLY-11013:
--------------------------------------

@DatabaseIdentityStoreDefinition expects password in DB to be hashed, your seems to be in plaintext.

Please see here for details: https://javaee.github.io/security-api/apidocs/javax/security/enterprise/identitystore/Pbkdf2PasswordHash.html
(TLDR is that stored password hash should be in form of <algorithm>:<iterations>:<base64(salt)>:<base64(hash)>, that's why you get error about incorrect hash encoding.)

> Hash encoding Exception when using @DatabaseIdentityStoreDefinition
> -------------------------------------------------------------------
>
>                 Key: WFLY-11013
>                 URL: https://issues.jboss.org/browse/WFLY-11013
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 14.0.0.Final
>         Environment: WildFly 14. Generic Linux. JDK 8/9
>            Reporter: Francesco Marchioni
>            Assignee: Darran Lofthouse
>         Attachments: javaee8-secure-servlet.zip
>
>
> When deploying one application using @DatabaseIdentityStoreDefinition, upon successful login, the following exception is thrown
> {code:java}
> java.lang.IllegalArgumentException: Bad hash encoding
> 	at org.glassfish.soteria.identitystores.hash.Pbkdf2PasswordHashImpl$EncodedPasswordHash.decode(Pbkdf2PasswordHashImpl.java:209)
> 	at org.glassfish.soteria.identitystores.hash.Pbkdf2PasswordHashImpl$EncodedPasswordHash.<init>(Pbkdf2PasswordHashImpl.java:191)
> 	at org.glassfish.soteria.identitystores.hash.Pbkdf2PasswordHashImpl.verify(Pbkdf2PasswordHashImpl.java:147)
> 	at org.glassfish.soteria.identitystores.DatabaseIdentityStore.validate(DatabaseIdentityStore.java:121)
> 	at org.glassfish.soteria.identitystores.DatabaseIdentityStore.validate(DatabaseIdentityStore.java:101)
> 	at org.jboss.weldx.security.enterprise.identitystore.IdentityStore$635317201$Proxy$_$$_WeldClientProxy.validate(Unknown Source)
> 	at org.glassfish.soteria.cdi.DefaultIdentityStoreHandler.validate(DefaultIdentityStoreHandler.java:97)
> {code}



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)



More information about the jboss-jira mailing list