-
1. Re: MD5/base64 doesn't work with DatabaseServerLoginModule
wesyah234 May 12, 2003 10:12 AM (in response to rfoxcroft)I have the same setup, however I do not specify the base64, maybe that is the default.
Here is what I have
<application-policy name = "status">
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name = "dsJndiName">java:/StatusDS</module-option>
<module-option name = "principalsQuery">select password from user where userId=?</module-option>
<module-option name = "rolesQuery">select role, 'Roles' from userrole where userId=?</module-option>
<module-option name = "hashAlgorithm">MD5</module-option>
</login-module>
</application-policy>
----
Then, the other thing to investigate is how are you getting the encrypted passwords into the database?
I had to write a short java app that would generate encrpypted passwords to get things going. Then I would cut and paste the encrpyted password into the db to get the auth to work. (eventually, you'll have an admin screen, or something, to create new users)
I found a Base64 encoding utility class at:
http://iharder.sourceforge.net/base64/
Then I used this in combination with the MessageDigest class from the JDK to do the following:
String plainPassword = "password";
MessageDigest md=MessageDigest.getInstance("MD5");
System.out.println( Base64.encodeBytes(md.digest(plainPassword.getBytes()))); -
2. Re: MD5/base64 doesn't work with DatabaseServerLoginModule
wesyah234 May 12, 2003 10:19 AM (in response to rfoxcroft)My first reply here didn't show up, so here goes again:
I am not specifying the base64, maybe try taking that element out of your xml config. (or try making it all caps)
The other thing is, how are you getting the encrypted password into the database? I had to locate a Base64 encoding utility: http://iharder.sourceforge.net/base64/ then use this in conjunction with the MessageDigest class from the JDK.
As follows:
// password is the plaintext password
// this returns the encrpyted password
MessageDigest md=MessageDigest.getInstance("MD5");
return Base64.encodeBytes(md.digest(password.getBytes()));
Hope this helps,
Wes