[jboss-user] [Security & JAAS/JBoss] - Problem with encrypting passwords in Dynamic Login Config on
vphagura
do-not-reply at jboss.com
Mon May 25 13:50:04 EDT 2009
I need to encrypt the user passwords in the Db and I'm using Dynamic Login Config. here is my file called as META-INF/dynamic-login-config.xml(in the EAR)
<policy>
|
| <application-policy name = "reservator-security-domain">
| <authentication>
| <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
| <module-option name="dsJndiName">
| java:/ReservatorDS
| </module-option>
| <module-option name="hashAlgorithm">MD5</module-option>
| <module-option name="hashEncoding">base64</module-option>
| <module-option name="principalsQuery">
| select passwd from Users userName where userName=?
| </module-option>
| <module-option name="rolesQuery">
| select userRoles, 'Roles' from UserRoles where userName=?
| </module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| </policy>
And I have genrated my encypted passwords using openssl as:
echo somepassword | openssl dgst -md5 -binary | openssl base64
which is:PnF0L/NODGgfmihE7O4AAA==
and put this in the Db but when I login as the user and type in the password it gives me the following error:
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
| ControlFlag: LoginModuleControlFlag: required
| Options:
| name=hashAlgorithm, value=MD5
| name=principalsQuery, value=select passwd from Users userName where userName=?
| name=hashEncoding, value=base64
| name=dsJndiName, value=java:/ReservatorDS
| name=rolesQuery, value=select userRoles, 'Roles' from UserRoles where userName=?
|
| 2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) initialize
| 2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) Security domain: reservator-security-domain
| 2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) Password hashing activated: algorithm = MD5, encoding = base64, charset = {default}, callback = null, storeCallback = null
| 2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) DatabaseServerLoginModule, dsJndiName=java:/ReservatorDS
| 2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) principalsQuery=select passwd from Users userName where userName=?
| 2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) rolesQuery=select userRoles, 'Roles' from UserRoles where userName=?
| 2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) suspendResume=true
| 2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) login
| 2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) suspendAnyTransaction
| 2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) Excuting query: select passwd from Users userName where userName=?, with username: vsp
| 2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) Obtained user password
| 2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) resumeAnyTransaction
| 2009-05-25 10:27:09,906 DEBUG [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) Bad password for username=vsp
| 2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) abort
| 2009-05-25 10:27:09,906 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.reservator-security-domain] (http-0.0.0.0-8443-1) Login failure
| javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
| at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:597)
| at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
| at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
| at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
| at java.security.AccessController.doPrivileged(Native Method)
| at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
| at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
| at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
| at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
| at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
| at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
| at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
| at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
| at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
| at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
| at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
| at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
| at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
| at java.lang.Thread.run(Thread.java:619)
| 2009-05-25 10:27:09,906 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.reservator-security-domain] (http-0.0.0.0-8443-1) End isValid, false
| 2009-05-25 10:27:09,906 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-0.0.0.0-8443-1) User: vsp is NOT authenticated
| 2009-05-25 10:27:09,906 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-0.0.0.0-8443-1) End authenticate, principal=null
| 2009-05-25 10:27:09,921 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-0.0.0.0-8443-1) default, runAs: null
| 2009-05-25 10:27:09,921 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-0.0.0.0-8443-1) default, runAs: null
| 2009-05-25 10:27:09,937 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-0.0.0.0-8443-1) default, runAs: null
| 2009-05-25 10:27:09,937 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-0.0.0.0-8443-1) default, runAs: null
| 2009-05-25 10:27:09,937 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/reservator].[default]] (http-0.0.0.0-8443-1) Disabling the response for futher output
| 2009-05-25 10:27:09,937 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-0.0.0.0-8443-1) Failed authenticate() test ??/reservator/html/j_security_check
| 2009-05-25 10:27:09,937 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8443-1) Setting threadlocal:null
| 2009-05-25 10:27:09,937 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8443-1) Setting threadlocal:null
| 2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1243272434812 sessioncount 0
| 2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0
| 2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1243272434812 sessioncount 0
| 2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0
| 2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1243272434812 sessioncount 0
| 2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0
| 2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1243272434812 sessioncount 0
| 2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0
| 2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1243272434812 sessioncount 0
| 2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0
|
| Please help!!
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4233099#4233099
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4233099
More information about the jboss-user
mailing list