-
1. Re: how to use MD5 hashalgorithm and base64 hashencoding
tool Oct 4, 2002 11:05 AM (in response to kenryu)The username field in the database should not be hashed. However.....the password field needs to be a hash of a MessageDigest object containing both the username AND the password. That is the way that JBoss handles the hashing for password. It places both into the MessageDigest, hashes it, and uses that as the password value. So generate a hash of the username and password in one MessageDigest object, place that value into the user's password field in the database and you should be good to go.
Hope it helps,
tool -
2. Re: how to use MD5 hashalgorithm and base64 hashencoding
kenryu Oct 4, 2002 2:40 PM (in response to kenryu)hi ;
Thank's for replying. Can you attach me an example and step by step how to do it? Thank's before. I'm new in this.
^_^ -
3. Re: how to use MD5 hashalgorithm and base64 hashencoding
kenryu Oct 4, 2002 2:42 PM (in response to kenryu)From message on forum, I know that we can use a Util class in org.jboss.security package to generate the hash password but not really sure how to use it. Can somebody give me an example? Thank's
-
4. Re: how to use MD5 hashalgorithm and base64 hashencoding
tool Oct 7, 2002 2:18 PM (in response to kenryu)This is out of the UsernamePasswordLoginModule code:
import org.jboss.security.Util;
protected String createPasswordHash(String username, String password)
{
String passwordHash = Util.createPasswordHash(hashAlgorithm, hashEncoding,
hashCharset, username, password);
return passwordHash;
}
I suggest downloading the source code for the version you are using and tracking down the Util class. The source code is pretty well documented and you should be able to figure out the specifics of using the Util class. If you use a login module that extends UsernamePasswordLoginModule then all you have to do is supply the correct hash in the database and the correct parameters to the login module (hash algorith, encoding, etc.).
Brian
PS.....example login-config.xml entry
<application-policy name="YourDomain">
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/yourDS</module-option>
<module-option name="principalsQuery">SELECT Password FROM Principals WHERE PrincipalID=?</module-option>
<module-option name="rolesQuery">SELECT Role, RoleGroup FROM Roles WHERE PrincipalID=?</module-option>
<module-option name="hashAlgorithm">MD5</module-option>
<module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=yourDS</module-option>
</login-module>
</application-policy> -
5. Re: how to use MD5 hashalgorithm and base64 hashencoding
kenryu Oct 8, 2002 7:24 PM (in response to kenryu)hi thank's for the reply. What should I put for the hashAlgorithm and hashEncoding??? can you give me example?? how about hashCharset?? I know one of them is a constants variable. Can you give me working example please?
Please reply.
^_^