Version 1
Created by steve.vater on Jul 25, 2014 9:31 AM. Last modified by steve.vater on May 26, 2015 9:52 AM.

    Hey folks,

     

    I'm trying to implement a salted-hash authentication using a JBoss/Wildfly security-domain.

     

     

     

    <default-security-domain value="StudiSec"/>

     

    <security-domain name="StudiSec" cache-type="default">

                        <authentication>

                            <login-module code="Remoting" flag="optional">

                                <module-option name="password-stacking" value="useFirstPass"/>

                            </login-module>

                            <login-module code="RealmDirect" flag="required">

                                <module-option name="password-stacking" value="useFirstPass"/>

                            </login-module>

                            <login-module code="x.LoginModule" flag="required">

                                <module-option name="realm" value="ApplicationRealm"/>

                                <module-option name="dsJndiName" value="java:/ds/y"/>

                                <module-option name="hashAlgorithm" value="SHA-512"/>

                                <module-option name="password-stacking" value="useFirstPass"/>

                                <module-option name="hashUserPassword" value="true"/>

                                <module-option name="hashStorePassword" value="false"/>

                                <module-option name="ignorePasswordCase" value="false"/>

                                <module-option name="unauthenticatedIdentity" value="GUEST"/>

                                <module-option name="rolesQuery" value="SELECT role.name, 'Roles' FROM role JOIN _user ON _user.userrole = role.id WHERE _user.name = ?;"/>

                                <module-option name="principalsQuery" value="SELECT _user.password FROM _user WHERE _user.name = ?;"/>

                            </login-module>

                        </authentication>

                    </security-domain>

     

     

     

    As you can see, my custom login module is called x.LoginModule.  This LoginModule extends DatabaseServerLoginModule. My LoginModule overrides the createPasswordHash-Method only. But my LoginModule never seems to be called. Every login fails with the following exception:


    15:19:59,461 DEBUG [org.jboss.security] (default task-11) PBOX000206: Login failure: javax.security.auth.login.FailedLoginException: PBOX000070: Password invalid/Password required

      at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:284) [picketbox-4.0.21.Beta1.jar:4.0.21.Beta1]

      at org.jboss.as.security.RealmDirectLoginModule.login(RealmDirectLoginModule.java:147) [wildfly-security-8.1.0.Final.jar:8.1.0.Final]

      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_09]

      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_09]

      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_09]

      at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_09]

      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) [rt.jar:1.7.0_09]

      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_09]

      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) [rt.jar:1.7.0_09]

      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) [rt.jar:1.7.0_09]

      at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_09]

      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) [rt.jar:1.7.0_09]

      at javax.security.auth.login.LoginContext.login(LoginContext.java:594) [rt.jar:1.7.0_09]

      at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]

      at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]

      at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]

      at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]

      at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(JAASIdentityManagerImpl.java:111)

      at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verify(JAASIdentityManagerImpl.java:82)

      at io.undertow.security.impl.SecurityContextImpl.login(SecurityContextImpl.java:210) [undertow-core-1.0.15.Final.jar:1.0.15.Final]

      at io.undertow.servlet.spec.HttpServletRequestImpl.login(HttpServletRequestImpl.java:418) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]

      at javax.servlet.http.HttpServletRequestWrapper.login(HttpServletRequestWrapper.java:350) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]

      at com.vaadin.cdi.access.JaasAccessControl.login(JaasAccessControl.java:74) [vaadin-cdi-1.0.0.alpha2.jar:1.0.0.alpha2]

     

    So, what steps are to do for implementing a custom login module correctly?

    1631 Views Categories: Tags: