[jboss-jira] [JBoss JIRA] (WFLY-11013) Hash encoding Exception when using @DatabaseIdentityStoreDefinition

Francesco Marchioni (JIRA) issues at jboss.org
Thu Sep 13 12:14:00 EDT 2018 

    [ https://issues.jboss.org/browse/WFLY-11013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13633127#comment-13633127 ] 

Francesco Marchioni edited comment on WFLY-11013 at 9/13/18 12:13 PM:
----------------------------------------------------------------------

[~mchoma] I've used:

{code:java}
echo -n "admin" | openssl dgst -md5 -binary | openssl base64
ISMvKXpXpadDiUoOSoAfww==

update USERS set password = 'ISMvKXpXpadDiUoOSoAfww==' where login = 'admin';
{code}

I could try with pbkdf2PasswordHash.generate("HelloWorld".toCharArray()) instead even if the issue appears to be related to the hash defined in @DatabaseIdentityStoreDefinition.


was (Author: f_marchioni):
[~mchoma] I've used:

{code:java}
echo -n "admin" | openssl dgst -md5 -binary | openssl base64
ISMvKXpXpadDiUoOSoAfww==
{code}

I could try with pbkdf2PasswordHash.generate("HelloWorld".toCharArray()) instead even if the issue appears to be related to the hash defined in @DatabaseIdentityStoreDefinition.

> Hash encoding Exception when using @DatabaseIdentityStoreDefinition
> -------------------------------------------------------------------
>
>                 Key: WFLY-11013
>                 URL: https://issues.jboss.org/browse/WFLY-11013
>             Project: WildFly
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 14.0.0.Final
>         Environment: WildFly 14. Generic Linux. JDK 8/9
>            Reporter: Francesco Marchioni
>            Assignee: Darran Lofthouse
>         Attachments: javaee8-secure-servlet.zip
>
>
> When deploying one application using @DatabaseIdentityStoreDefinition, upon successful login, the following exception is thrown
> {code:java}
> java.lang.IllegalArgumentException: Bad hash encoding
> 	at org.glassfish.soteria.identitystores.hash.Pbkdf2PasswordHashImpl$EncodedPasswordHash.decode(Pbkdf2PasswordHashImpl.java:209)
> 	at org.glassfish.soteria.identitystores.hash.Pbkdf2PasswordHashImpl$EncodedPasswordHash.<init>(Pbkdf2PasswordHashImpl.java:191)
> 	at org.glassfish.soteria.identitystores.hash.Pbkdf2PasswordHashImpl.verify(Pbkdf2PasswordHashImpl.java:147)
> 	at org.glassfish.soteria.identitystores.DatabaseIdentityStore.validate(DatabaseIdentityStore.java:121)
> 	at org.glassfish.soteria.identitystores.DatabaseIdentityStore.validate(DatabaseIdentityStore.java:101)
> 	at org.jboss.weldx.security.enterprise.identitystore.IdentityStore$635317201$Proxy$_$$_WeldClientProxy.validate(Unknown Source)
> 	at org.glassfish.soteria.cdi.DefaultIdentityStoreHandler.validate(DefaultIdentityStoreHandler.java:97)
> {code}



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list