Hey folks,
I'm trying to implement a salted-hash authentication using a JBoss/Wildfly security-domain.
<default-security-domain value="StudiSec"/>
<security-domain name="StudiSec" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="RealmDirect" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="x.LoginModule" flag="required">
<module-option name="realm" value="ApplicationRealm"/>
<module-option name="dsJndiName" value="java:/ds/y"/>
<module-option name="hashAlgorithm" value="SHA-512"/>
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="hashUserPassword" value="true"/>
<module-option name="hashStorePassword" value="false"/>
<module-option name="ignorePasswordCase" value="false"/>
<module-option name="unauthenticatedIdentity" value="GUEST"/>
<module-option name="rolesQuery" value="SELECT role.name, 'Roles' FROM role JOIN _user ON _user.userrole = role.id WHERE _user.name = ?;"/>
<module-option name="principalsQuery" value="SELECT _user.password FROM _user WHERE _user.name = ?;"/>
</login-module>
</authentication>
</security-domain>
As you can see, my custom login module is called x.LoginModule. This LoginModule extends DatabaseServerLoginModule. My LoginModule overrides the createPasswordHash-Method only. But my LoginModule never seems to be called. Every login fails with the following exception:
15:19:59,461 DEBUG [org.jboss.security] (default task-11) PBOX000206: Login failure: javax.security.auth.login.FailedLoginException: PBOX000070: Password invalid/Password required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:284) [picketbox-4.0.21.Beta1.jar:4.0.21.Beta1]
at org.jboss.as.security.RealmDirectLoginModule.login(RealmDirectLoginModule.java:147) [wildfly-security-8.1.0.Final.jar:8.1.0.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_09]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_09]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_09]
at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_09]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) [rt.jar:1.7.0_09]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_09]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) [rt.jar:1.7.0_09]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) [rt.jar:1.7.0_09]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_09]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) [rt.jar:1.7.0_09]
at javax.security.auth.login.LoginContext.login(LoginContext.java:594) [rt.jar:1.7.0_09]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(JAASIdentityManagerImpl.java:111)
at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verify(JAASIdentityManagerImpl.java:82)
at io.undertow.security.impl.SecurityContextImpl.login(SecurityContextImpl.java:210) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.spec.HttpServletRequestImpl.login(HttpServletRequestImpl.java:418) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at javax.servlet.http.HttpServletRequestWrapper.login(HttpServletRequestWrapper.java:350) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
at com.vaadin.cdi.access.JaasAccessControl.login(JaasAccessControl.java:74) [vaadin-cdi-1.0.0.alpha2.jar:1.0.0.alpha2]
So, what steps are to do for implementing a custom login module correctly?
Comments