[jboss-jira] [JBoss JIRA] (WFLY-11013) Hash encoding Exception when using @DatabaseIdentityStoreDefinition

Francesco Marchioni (JIRA) issues at jboss.org
Thu Sep 13 11:48:00 EDT 2018 

    [ https://issues.jboss.org/browse/WFLY-11013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13633097#comment-13633097 ] 

Francesco Marchioni commented on WFLY-11013:
--------------------------------------------

[~msvehla] I have updated the reproducer to use a password hash like:

{code:java}
@DatabaseIdentityStoreDefinition(dataSourceLookup = "java:/MySqlDS", callerQuery = "select password from USERS where login=?", groupsQuery = "select role, 'Roles' from USERS where login=?", hashAlgorithm = Pbkdf2PasswordHash.class, priorityExpression = "#{100}", hashAlgorithmParameters = {
        "Pbkdf2PasswordHash.Iterations=3072", "${applicationConfig.dyna}" })
@ApplicationScoped
@Named
public class ApplicationConfig {

    public String[] getDyna() {
        return new String[] { "Pbkdf2PasswordHash.Algorithm=PBKDF2WithHmacSHA256",
                "Pbkdf2PasswordHash.SaltSizeBytes=64" };
    }
{code}

I've updated the password on the DB too with a hashed password but the error remains.

> Hash encoding Exception when using @DatabaseIdentityStoreDefinition
> -------------------------------------------------------------------
>
>                 Key: WFLY-11013
>                 URL: https://issues.jboss.org/browse/WFLY-11013
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 14.0.0.Final
>         Environment: WildFly 14. Generic Linux. JDK 8/9
>            Reporter: Francesco Marchioni
>            Assignee: Darran Lofthouse
>         Attachments: javaee8-secure-servlet.zip
>
>
> When deploying one application using @DatabaseIdentityStoreDefinition, upon successful login, the following exception is thrown
> {code:java}
> java.lang.IllegalArgumentException: Bad hash encoding
> 	at org.glassfish.soteria.identitystores.hash.Pbkdf2PasswordHashImpl$EncodedPasswordHash.decode(Pbkdf2PasswordHashImpl.java:209)
> 	at org.glassfish.soteria.identitystores.hash.Pbkdf2PasswordHashImpl$EncodedPasswordHash.<init>(Pbkdf2PasswordHashImpl.java:191)
> 	at org.glassfish.soteria.identitystores.hash.Pbkdf2PasswordHashImpl.verify(Pbkdf2PasswordHashImpl.java:147)
> 	at org.glassfish.soteria.identitystores.DatabaseIdentityStore.validate(DatabaseIdentityStore.java:121)
> 	at org.glassfish.soteria.identitystores.DatabaseIdentityStore.validate(DatabaseIdentityStore.java:101)
> 	at org.jboss.weldx.security.enterprise.identitystore.IdentityStore$635317201$Proxy$_$$_WeldClientProxy.validate(Unknown Source)
> 	at org.glassfish.soteria.cdi.DefaultIdentityStoreHandler.validate(DefaultIdentityStoreHandler.java:97)
> {code}



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list