1 Reply Latest reply on Mar 5, 2004 10:52 AM by martin0

    DatabaseServerLoginModule with MD5 not working for me

    martin0

      Hi,

      I've got this login module working with no hashing, but when I introduce the md5 hash, it fails to authenticate my users.

      I have previously stored the hashed passwords in the database using this routine called from ejbStore

      public static String md5Hash(String source)
      {
      try{
      // Obtain a message digest object.
      MessageDigest md = MessageDigest.getInstance("MD5");
      md.update(source.getBytes("ISO-8859-1"));
      // Calculate the digest for the given file.
      byte[] raw = md.digest();
      // Print out the digest in base64.
      BASE64Encoder encoder = new BASE64Encoder();
      return encoder.encode(raw);
      }
      catch (NoSuchAlgorithmException ae)
      {
      ae.printStackTrace();
      }
      catch (UnsupportedEncodingException ee)
      {
      ee.printStackTrace();
      }
      return "";

      }




      My application policy looks like this:
      <application-policy name="secrealm">
      <authentication>
      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
      <module-option name="dsJndiName">java:/xpetstoreDS </module-option>
      <module-option name="principalsQuery">select pwd from T_ACCOUNT where userId=?</module-option>
      <module-option name="rolesQuery">select userRoles, roleGroup from T_ROLES where username=?</module-option>
      <module-option name="unauthenticatedIdentity">nobody</module-option>
      <module-option name="hashAlgorithm">MD5</module-option>
      <module-option name="hashEncoding">base64</module-option>
      <module-option name="hashCharset">ISO-8859-1</module-option>
      </login-module>
      </authentication>
      </application-policy>


      I took a quick look at the source code for DatabaseServerLoginModule (v1.9) and couldn't see where the hashAlgorithm setting is used (also not mentioned in the javadoc tags)

      Can anyone comment on how to get this to work?
      I am using JBoss 3.2.3

      Many Thanks
      Martin