[jboss-user] [Security & JAAS/JBoss] - Encrypted Passwords in LDAP

kc5mzr do-not-reply at jboss.com
Tue Dec 26 13:11:42 EST 2006 

In my LDAP server the userPassword attribute is encrypted looks like:

dn: cn=Jim Yates,ou=userAccounts,dc=accuserverx,dc=com
objectClass: accuserverxPerson
uid: jyates
sn: Yates
userPassword: {CRYPT}VDtMsA.7lGcqY
givenName: Jim
cn: Jim Yates

I can authenticate users with clear text stored in the userPassword attribute, but not the encrypted ones.
I've looked at the wiki pages, but I can't figure out how to use the encrypted passwords.  I'm using jsp's for most of my application, including the login with the j_security_check form.

login-config.xml  fragment

  <application-policy name="accuserverx-security">
        
            <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
                          flag="required">
                <module-option name="java.naming.provider.url">
                    ldap://10.5.80.50:389/
                </module-option>
		<module-option name="bindDN">cn=Manager,dc=accuserverx,dc=com</module-option>
            <module-option name="bindCredential">secret</module-option>
            <module-option name="baseCtxDN">ou=userAccounts,dc=accuserverx,dc=com</module-option>
            <module-option name="baseFilter">(uid={0})</module-option>
            <module-option name="rolesCtxDN">ou=Roles,dc=accuserverx,dc=com</module-option>
            <module-option name="roleFilter">(member={1})</module-option>
            <module-option name="roleAttributeID">cn</module-option>
            <module-option name="roleAttributeIsDN">true</module-option>
            <module-option name="roleNameAttributeID">cn</module-option>
            <module-option name="roleRecursion">-1</module-option>
            <module-option name="searchScope">ONELEVEL_SCOPE</module-option>            </login-module>
        
    </application-policy>

web.xml  fragment

	<security-constraint>
		<web-resource-collection>
	<web-resource-name>accuserverx-security</web-resource-name>
			Require users to authenticate
			<url-pattern>*.jsp</url-pattern>
			<url-pattern>*.do</url-pattern>
			<http-method>POST</http-method>
			<http-method>GET</http-method>
	</web-resource-collection>
		<auth-constraint>
			Only allow Authenticated_users role
			<role-name>Managers</role-name>
			<role-name>Clerks</role-name>
		</auth-constraint>
		<user-data-constraint>
			Encryption is not required for the application in general.
			
			<transport-guarantee>NONE</transport-guarantee>
		</user-data-constraint>
	</security-constraint>
 <security-role>
        The role required to access restricted content 
        <role-name>Managers</role-name>
    </security-role>
 <security-role>
        The role required to access restricted content 
        <role-name>Clerks</role-name>
    </security-role>
	<login-config>
		<auth-method>FORM</auth-method>
		<form-login-config>
			<form-login-page>login.jsp</form-login-page>
			<form-error-page>login_error.html</form-error-page>
		</form-login-config>
	</login-config>



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3996316#3996316

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3996316

More information about the jboss-user mailing list