[jboss-user] [Installation, Configuration & DEPLOYMENT] - Configre DIGEST authentication

meme64310 do-not-reply at jboss.com
Sat Aug 22 04:56:22 EDT 2009


I try to configure DIGEST authentication to protect a web app on JBoss 5.1 and 5.0. This is how I configured login-config.xml:

  | <application-policy name="MyApp">
  |     <authentication>
  |         <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
  |                       flag="required">
  |             <module-option name="usersProperties">props/pbdigest-users.properties</module-option>
  |             <module-option name="rolesProperties">props/pb-roles.properties</module-option>
  |             <module-option name="hashAlgorithm">MD5</module-option>
  |             <module-option name="hashEncoding">rfc2617</module-option>
  |             <module-option name="hashUserPassword">false</module-option>
  |             <module-option name="hashStorePassword">true</module-option>
  |             <module-option name="passwordIsA1Hash">true</module-option>
  |             <module-option name="storeDigestCallback">
  |                 org.jboss.security.auth.spi.RFC2617Digest
  |             </module-option>
  |         </login-module>
  |     </authentication>
  | </application-policy>

Now the problem is, that it simple does not work. I cannot authenticate and I have no idea why it fails. The only thing I can think of is that I have stored plain-text-passwords in users.properties.
The whole setup works perfectly when I switch to BASIC authentication.
Unfortunately I cannot create encrypted password hashes for users.properties. I've tried this command: 

  | java -cp server/default/lib/jbosssx.jar org.jboss.security.auth.spi.RFC2617Digest admin2 "JBoss JMX Console" admin2

It does not work: I get this error: Exception in thread "main" java.lang.NoClassDefFoundError: org/jboss/security/auth/spi/RFC2617Digest

Does anybody have an idea what's wrong here?

Many thanks in advance,

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4250992#4250992

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4250992

More information about the jboss-user mailing list