[jboss-user] [Installation, Configuration & DEPLOYMENT] - Configre DIGEST authentication
meme64310
do-not-reply at jboss.com
Sat Aug 22 04:56:22 EDT 2009
Hi,
I try to configure DIGEST authentication to protect a web app on JBoss 5.1 and 5.0. This is how I configured login-config.xml:
| <application-policy name="MyApp">
| <authentication>
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag="required">
| <module-option name="usersProperties">props/pbdigest-users.properties</module-option>
| <module-option name="rolesProperties">props/pb-roles.properties</module-option>
| <module-option name="hashAlgorithm">MD5</module-option>
| <module-option name="hashEncoding">rfc2617</module-option>
| <module-option name="hashUserPassword">false</module-option>
| <module-option name="hashStorePassword">true</module-option>
| <module-option name="passwordIsA1Hash">true</module-option>
| <module-option name="storeDigestCallback">
| org.jboss.security.auth.spi.RFC2617Digest
| </module-option>
| </login-module>
| </authentication>
| </application-policy>
|
Now the problem is, that it simple does not work. I cannot authenticate and I have no idea why it fails. The only thing I can think of is that I have stored plain-text-passwords in users.properties.
The whole setup works perfectly when I switch to BASIC authentication.
Unfortunately I cannot create encrypted password hashes for users.properties. I've tried this command:
| java -cp server/default/lib/jbosssx.jar org.jboss.security.auth.spi.RFC2617Digest admin2 "JBoss JMX Console" admin2
|
It does not work: I get this error: Exception in thread "main" java.lang.NoClassDefFoundError: org/jboss/security/auth/spi/RFC2617Digest
Does anybody have an idea what's wrong here?
Many thanks in advance,
Michael
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4250992#4250992
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4250992
More information about the jboss-user
mailing list