[jboss-user] [Security] - MD5 Authentication Fails with JBoss 5.1
ssisDeveloper
do-not-reply at jboss.com
Wed Nov 11 03:56:30 EST 2009
Hello everybody
I have a question regarding the MD5 Authentication in JBoss 5.1 GA.
I used the normal authentication without MD5 hashes so far, but now i have to migrate an old version to a new version and the passwords are stored as MD5 strings in the database.
So all I did was changing the login-config.xml and I was adding the following lines:
| <module-option name="hashAlgorithm">MD5</module-option>
| <module-option name="hashEncoding">base64</module-option>
The other part of my login-config.xml looks like this. I have tested the queries and the rolename and the password (as hash) is returned:
<module-option name="principalsQuery">SELECT password FROM users WHERE username=? AND active=1</module-option>
|
| <module-option name="rolesQuery">SELECT USERROLE.rolename, 'Roles' FROM USERS INNER JOIN (USERROLE INNER JOIN MAPUSERUSERROLE ON USERROLE.roleid = MAPUSERUSERROLE.roleid) ON USERS.userid = MAPUSERUSERROLE.userid where USERS.username=?</module-option>
Unfortunately, the login always fails and I have no idea why. I guess it's the MD5 Hash which jboss generates is not equal to this in the database. In the jboss-log4j.xml I enabled tracing for org.jboss.security, and that's all I get from the server.log file:
2009-11-02 11:25:14,314 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1) initialize
| 2009-11-02 11:25:14,314 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1) Security domain: SSIS2-domain
| 2009-11-02 11:25:14,314 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1) Password hashing activated: algorithm = MD5, encoding = base64, charset = {default}, callback = null, storeCallback = null
| 2009-11-02 11:25:14,315 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1) DatabaseServerLoginModule, dsJndiName=java:SSIS2DSprod
| 2009-11-02 11:25:14,315 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1) principalsQuery=SELECT password FROM users WHERE username=? AND active=1
| 2009-11-02 11:25:14,315 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1) rolesQuery=SELECT USERROLE.rolename, 'Roles' FROM USERS INNER JOIN (USERROLE INNER JOIN MAPUSERUSERROLE ON USERROLE.roleid = MAPUSERUSERROLE.roleid) ON USERS.userid = MAPUSERUSERROLE.userid where USERS.username=?
| 2009-11-02 11:25:14,315 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1) suspendResume=true
| 2009-11-02 11:25:14,319 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1) login
| 2009-11-02 11:25:14,326 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1) suspendAnyTransaction
| 2009-11-02 11:25:14,329 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1) Excuting query: SELECT password FROM users WHERE username=? AND active=1, with username: tlubrpa1
| 2009-11-02 11:25:15,116 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1) Obtained user password
| 2009-11-02 11:25:15,116 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1) resumeAnyTransaction
| 2009-11-02 11:25:15,116 DEBUG [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1) Bad password for username=tlubrpa1
| 2009-11-02 11:25:15,116 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-127.0.0.1-8084-1) abort
Does anyone have an idea how I can debug the MD5 Hash Jboss generates? Or can I do anything else to know why I can't login?
Thanks a lot!
Patrick
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4264967#4264967
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4264967
More information about the jboss-user
mailing list