-
2. Re: how to secure passwords in login-config.xml ?
andrejsopsis Aug 26, 2004 5:56 PM (in response to andrejsopsis)I studied docs and your link about securing datasource passwords.
Tried to make as written, but it doesn't works in my situation.
IDEA: Client is authentificated using DB via "DatabaseServerLoginModule"
Client sends plain password but on server it is hashed in compared
with passwd field value that also is hashed
I need hide password in -ds.xml.
Client App logins to server using Security domain "IBAuthDomain"
user name and password is stored in DB in hashed view.
This configs works fine while
datasource not using <security-domain>IBSimpleDomain</>
but use sysdba masterkey in -ds.xml.
If I
comment in -ds.xml<user-name>sysdba</user-name> <password>masterkey</password>
uncomment
<!-- <security-domain>IBSimpleDomain</security-domain> -->
Error occures because principal = null
Whats wrong ?
Thanks.FILE: D:\JAVA\jboss-3.2.5\server\all\conf\login-config.xml ############################################################# <application-policy name = "IBSimpleDomain"> <authentication> <login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" flag = "required"> <module-option name = "UserName">sysdba</module-option> <module-option name = "Password">667f11fbdfef90b6d7b145018f031a36</module-option> <module-option name = "managedConnectionFactoryName">jboss.jca:servce=LocalTxCM,name=IBAuthDS1</module-option> <module-option name = "debug">true</module-option> </login-module> </authentication> </application-policy> <application-policy name = "IBAuthDomain"> <authentication> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> <module-option name = "hashAlgorithm">MD5</module-option> <module-option name = "hashEncoding">base64</module-option> <module-option name = "dsJndiName">java:/IBAuthDS1</module-option> <module-option name = "principalsQuery">select USER_PASS from USERS u where u.USER_NAME=?</module-option> <module-option name = "rolesQuery"> SELECT ROLE_NAME, 'Roles' FROM USERS U, USERS_GROUPS UG, GROUPS G, GROUPS_ROLES GP, ROLES R WHERE U.USER_ID = UG.USER_ID AND UG.GROUP_ID = G.GROUP_ID AND G.GROUP_ID = GP.GROUP_ID AND GP.ROLE_ID = R.ROLE_ID AND U.USER_NAME = ? </module-option> <module-option name = "debug">true</module-option> </login-module> </authentication> </application-policy> ############################################################# FILE: D:\JAVA\jboss-3.2.5\server\all\deploy\ibauth-ds.xml ############################################################# <?xml version="1.0" encoding="UTF-8"?> <!-- ==================================================================== --> <!-- New ConnectionManager setup for firebird dbs using jca-jdbc xa driver--> <!-- Build jmx-api (build/build.sh all) and view for config documentation --> <!-- ==================================================================== --> <connection-factories> <tx-connection-factory> <jndi-name>IBAuthDS1</jndi-name> <xa-transaction/> <adapter-display-name>Firebird Database Connector</adapter-display-name> <config-property name="Database" type="java.lang.String">localhost/3050:D:/JWORK/db/jfina.fdb</config-property> <user-name>sysdba</user-name> <password>masterkey</password> <!-- <security-domain>IBSimpleDomain</security-domain> --> <min-pool-size>5</min-pool-size> </tx-connection-factory> </connection-factories>
-
3. Re: how to secure passwords in login-config.xml ?
andrejsopsis Aug 31, 2004 7:34 AM (in response to andrejsopsis)Everything works fine with config ( may be it bacause of CASE for keys username, password, and jboss.jca:service=TxCM not XaTxCM I don't know I absolute newbie sorry) :
<application-policy name = "IBSimpleDomain"> <authentication> <login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" flag = "required"> <module-option name = "username">sysdba</module-option> <module-option name = "password">667f11fbdfef90b6d7b145018f031a36</module-option> <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=IBAuthDS1</module-option> <module-option name = "debug">true</module-option> </login-module> </authentication> </application-policy>