[jboss-user] [Security & JAAS/JBoss] - hashAlgorithm is not working with DatabaseServerLoginModule
VAkuthota
do-not-reply at jboss.com
Mon Nov 6 17:21:20 EST 2006
Hi,
I have to store the user password in encrypted formated in the Oracle database. This i am achieving like below :
import java.io.UnsupportedEncodingException;
| import java.security.MessageDigest;
| import java.security.NoSuchAlgorithmException;
|
| import sun.misc.BASE64Encoder;
|
| public class PasswordEncrypter {
|
| private static PasswordEncrypter instance;
|
| private PasswordEncrypter()
| {
| }
|
| /**
| *
| * @return
| */
| public static synchronized PasswordEncrypter getInstance(){
| if(instance == null){
| instance = new PasswordEncrypter();
| }
|
| return instance;
| }
|
| /**
| *
| * @param plainPassword
| * @return
| * @throws Exception
| */
| public synchronized String encrypt(String plainPassword) throws Exception {
|
| MessageDigest md = null;
|
| //get the message digest for the SHA-1 algorithm
| try{
| md = MessageDigest.getInstance("SHA"); //SHA-1 algorithm
| }catch(NoSuchAlgorithmException e){
| throw new Exception(e.getMessage());
| }
|
| //feed the utf-8 formatted plain password to message digest
| try{
| md.update(plainPassword.getBytes("UTF-8")); //byte-representation using UTF-8 encoding format
| }catch(UnsupportedEncodingException e){
| throw new Exception(e.getMessage());
| }
|
| //get the byte representation of digested password
| byte raw[] = md.digest();
|
| //get the string representation from the byte array
| String hash = (new BASE64Encoder()).encode(raw);
|
| //return the encrypted password
| return hash;
|
| }
| }
This class encrypts and stores the user password in the database.
To authenticate the user i am using the JAAS with JBoss.
Here is my login-config.xml
<application-policy name="ngirm">
| <authentication>
| <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
| <module-option name="dsJndiName">java:/ngirmDS</module-option>
| <module-option name="principalsQuery">Select PASSWORD from USERS where LOGINNAME =?</module-option>
| <module-option name="rolesQuery">Select GROUPNAME , 'Roles' from USERGRPASSOC where LOGINNAME =?</module-option>
| <module-option name="hashAlgorithm">SHA</module-option>
| <module-option name="hashEncoding">Base64</module-option>
| <module-option name="hashCharset">UTF-8</module-option>
| </login-module>
| </authentication>
| </application-policy>
I have mentioned the hashAlgorithm and encoding in the login-config as above.
But when i am trying to login, it fails everytime.
It simply showing the default error page.
Did i miss any thing ?? i even tried with MD5 algorithm.
I did not get any clue from the log. Here is the snippet from log.
| 2006-11-06 14:17:02,692 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /ngirm/j_security_check
| 2006-11-06 14:17:02,692 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authenticating username 'venu1'
| 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jboss.naming.ENCFactory, false)
| 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
| 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jboss.naming.ENCFactory)
| 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.jboss.naming.ENCFactory)
| 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException
| 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader at 148b272
| 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
| 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory, false)
| 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
| 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory)
| 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory)
| 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException
| 2006-11-06 14:17:02,712 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader at 148b272
| 2006-11-06 14:17:02,712 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
| 2006-11-06 14:17:02,712 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.lang.reflect.Proxy, false)
| 2006-11-06 14:17:02,712 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.lang.reflect.UndeclaredThrowableException, false)
| 2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.lang.NoSuchMethodError, false)
| 2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.lang.reflect.InvocationHandler, false)
| 2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.naming.Name, false)
| 2006-11-06 14:17:02,732 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager at d4a1d3
| 2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jboss.security.plugins.JaasSecurityManagerService$DefaultCacheObjectFactory, false)
| 2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
| 2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jboss.security.plugins.JaasSecurityManagerService$DefaultCacheObjectFactory)
| 2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.jboss.security.plugins.JaasSecurityManagerService$DefaultCacheObjectFactory)
| 2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException
| 2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader at 148b272
| 2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
| 2006-11-06 14:17:02,742 DEBUG [org.jboss.security.plugins.JaasSecurityManager.ngirm] CachePolicy set to: org.jboss.util.TimedCachePolicy at 1cc3baa
| 2006-11-06 14:17:02,742 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy at 1cc3baa
| 2006-11-06 14:17:02,742 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added ngirm, org.jboss.security.plugins.SecurityDomainContext at 1611aec to map
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.core.ApplicationDispatcher] servletPath=/error.jsp, pathInfo=null, queryString=null, name=null
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.core.ApplicationDispatcher] Path Based Forward
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.core.StandardWrapper] Returning non-STM instance
| 2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] JspEngine --> /error.jsp
| 2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] ServletPath: /error.jsp
| 2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] PathInfo: null
| 2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] RealPath: D:\products\jboss-4.0.2\server\ngirm\.\tmp\deploy\tmp57799ngirm-web-exp.war\error.jsp
| 2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] RequestURI: /ngirm/error.jsp
| 2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] QueryString: null
| 2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] Request Params:
| 2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] j_username = venu1
| 2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] j_password = tcs at 123
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.apache.jasper.runtime.JspSourceDependent, false)
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.apache.jasper.runtime.JspSourceDependent)
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.apache.jasper.runtime.JspSourceDependent)
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader at 148b272
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.apache.jasper.runtime.HttpJspBase, false)
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.apache.jasper.runtime.HttpJspBase)
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.apache.jasper.runtime.HttpJspBase)
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader at 148b272
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.lang.Object, false)
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Returning class from cache
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.servlet.ServletRequest, false)
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Returning class from cache
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.servlet.Servlet, false)
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(javax.servlet.Servlet)
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(javax.servlet.Servlet)
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader at 148b272
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
| 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.servlet.ServletResponse, false)
|
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3983584#3983584
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3983584
More information about the jboss-user
mailing list