3 Replies Latest reply on Nov 6, 2006 5:27 PM by vakuthota

    Custom Password encryption on authentication

    askmahesh
    askmahesh Jan 31, 2006 3:02 PM

      This has been discussed different topics but i did not find the answer iwas looking for. So i am posting it as a new topic.

      I have a Webapp where the password entered by the User for login is encrypted (custom encryption) and stored in the db
      Currently there is no decrypt for the password.
      So, during authentication i would have to encrypt the password entered by the user on the Login form and compare it with the encrypted password stored in db.

      How can i acheive this ?

      We had our application deployed under tomcat earlier and in tomcat there is a way where you can specify the Enrcyption class and the encyrption method.

      Is there a similar way in JBoss ? I have seen people using the custom DatabaseLoginModule, but i don' think i can acheive what i want with that ..

      Any help is appreciated....

      Thanks
      Mahesh

      • 4051 Views
      • Tags:
        • 1. Re: Custom Password encryption on authentication
          askmahesh
          askmahesh Feb 8, 2006 4:20 PM (in response to askmahesh)

          Ok... Since none replied to this post i had to figure out myself and got it working.

          Here's what i did

          - Created a Custom DatabaseLogonModule which extends jboss - DatabaseServerLoginModule

          public class DatabaseLogonModule extends DatabaseServerLoginModule
{
 /**
 * @param username the username which is actually ignored
 * @param password the password from which to create the MD5 hash
 * @return the unmodified password
 * @see org.jboss.security.auth.spi.UsernamePasswordLoginModule#createPasswordHash(java.lang.String, java.lang.String)
 */
 protected String createPasswordHash( String username, String password )
 {
 return customEncryption(password);
 }


          - create a custom-jboss.jar (or any name you want ) and place it in your webapp.sar folder
          - Modify the login-config.xml 
          <login-module code="path.to.your.custom.logon.module.DatabaseLogonModule"
 flag="required">

          And Jboss will now authenticate with the encrypted password provided in the Custom Logon Module.




            • Actions
          • 2. Re: Custom Password encryption on authentication
            vakuthota Nov 5, 2006 8:55 PM (in response to askmahesh)

            Hi,

            I have the same requirement. I tried as you said. but it seems that it is not invoked. everytime user login failing.

            I just did what you said..

            I even enabled the trace logging, There it shows my custom login module is loaded. But it is failing.

            Do i need do anything else to make it work ??

            Appreciate your help.

              • Actions
            • 3. Re: Custom Password encryption on authentication
              vakuthota Nov 6, 2006 5:27 PM (in response to askmahesh)

              Why do we have to write our own custom class, as per documentation it is supporting the hashalgorithm already.

              if you mention the following options in login-config.xml

              <application-policy name="myapp">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
 <module-option name="dsJndiName">java:/ngirmDS</module-option>
 <module-option name="principalsQuery">Select PASSWORD from USERS where LOGINNAME =?</module-option>
 <module-option name="rolesQuery">Select GROUPNAME , 'Roles' from USERGRPASSOC where LOGINNAME =?</module-option>
 <module-option name="hashAlgorithm">SHA</module-option>
 <module-option name="hashEncoding">Base64</module-option>
 <module-option name="hashCharset">UTF-8</module-option>
 </login-module>
 </authentication>
 </application-policy>


              But i tried this, it is not working.

              Any idea ??

                • Actions