Hi,
I've got this login module working with no hashing, but when I introduce the md5 hash, it fails to authenticate my users.
I have previously stored the hashed passwords in the database using this routine called from ejbStore
public static String md5Hash(String source)
{
try{
// Obtain a message digest object.
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(source.getBytes("ISO-8859-1"));
// Calculate the digest for the given file.
byte[] raw = md.digest();
// Print out the digest in base64.
BASE64Encoder encoder = new BASE64Encoder();
return encoder.encode(raw);
}
catch (NoSuchAlgorithmException ae)
{
ae.printStackTrace();
}
catch (UnsupportedEncodingException ee)
{
ee.printStackTrace();
}
return "";
}
<application-policy name="secrealm">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/xpetstoreDS </module-option>
<module-option name="principalsQuery">select pwd from T_ACCOUNT where userId=?</module-option>
<module-option name="rolesQuery">select userRoles, roleGroup from T_ROLES where username=?</module-option>
<module-option name="unauthenticatedIdentity">nobody</module-option>
<module-option name="hashAlgorithm">MD5</module-option>
<module-option name="hashEncoding">base64</module-option>
<module-option name="hashCharset">ISO-8859-1</module-option>
</login-module>
</authentication>
</application-policy>
Derrrrrr
The password stored in the database was being at least doubley hashed.
Now working - please ignore.
Thanks
Martin