0 Replies Latest reply on Nov 6, 2006 5:21 PM by vakuthota

    hashAlgorithm is not working with DatabaseServerLoginModule

    vakuthota Nov 6, 2006 5:21 PM

      Hi,

      I have to store the user password in encrypted formated in the Oracle database. This i am achieving like below :

      import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

import sun.misc.BASE64Encoder;

public class PasswordEncrypter {

 private static PasswordEncrypter instance;

 private PasswordEncrypter()
 {
 }

 /**
 *
 * @return
 */
 public static synchronized PasswordEncrypter getInstance(){
 if(instance == null){
 instance = new PasswordEncrypter();
 }

 return instance;
 }

 /**
 *
 * @param plainPassword
 * @return
 * @throws Exception
 */
 public synchronized String encrypt(String plainPassword) throws Exception {

 MessageDigest md = null;

 //get the message digest for the SHA-1 algorithm
 try{
 md = MessageDigest.getInstance("SHA"); //SHA-1 algorithm
 }catch(NoSuchAlgorithmException e){
 throw new Exception(e.getMessage());
 }

 //feed the utf-8 formatted plain password to message digest
 try{
 md.update(plainPassword.getBytes("UTF-8")); //byte-representation using UTF-8 encoding format
 }catch(UnsupportedEncodingException e){
 throw new Exception(e.getMessage());
 }

 //get the byte representation of digested password
 byte raw[] = md.digest();

 //get the string representation from the byte array
 String hash = (new BASE64Encoder()).encode(raw);

 //return the encrypted password
 return hash;

 }
}


      This class encrypts and stores the user password in the database.

      To authenticate the user i am using the JAAS with JBoss.
      Here is my login-config.xml 

      <application-policy name="ngirm">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
 <module-option name="dsJndiName">java:/ngirmDS</module-option>
 <module-option name="principalsQuery">Select PASSWORD from USERS where LOGINNAME =?</module-option>
 <module-option name="rolesQuery">Select GROUPNAME , 'Roles' from USERGRPASSOC where LOGINNAME =?</module-option>
 <module-option name="hashAlgorithm">SHA</module-option>
 <module-option name="hashEncoding">Base64</module-option>
 <module-option name="hashCharset">UTF-8</module-option>
 </login-module>
 </authentication>
 </application-policy>


      I have mentioned the hashAlgorithm and encoding in the login-config as above.

      But when i am trying to login, it fails everytime.
      It simply showing the default error page.

      Did i miss any thing ?? i even tried with MD5 algorithm.

      I did not get any clue from the log. Here is the snippet from log. 


      2006-11-06 14:17:02,692 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /ngirm/j_security_check
2006-11-06 14:17:02,692 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authenticating username 'venu1'
2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jboss.naming.ENCFactory, false)
2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jboss.naming.ENCFactory)
2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.jboss.naming.ENCFactory)
2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException
2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@148b272
2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory, false)
2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory)
2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory)
2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException
2006-11-06 14:17:02,712 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@148b272
2006-11-06 14:17:02,712 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
2006-11-06 14:17:02,712 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.lang.reflect.Proxy, false)
2006-11-06 14:17:02,712 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.lang.reflect.UndeclaredThrowableException, false)
2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.lang.NoSuchMethodError, false)
2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.lang.reflect.InvocationHandler, false)
2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.naming.Name, false)
2006-11-06 14:17:02,732 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@d4a1d3
2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jboss.security.plugins.JaasSecurityManagerService$DefaultCacheObjectFactory, false)
2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jboss.security.plugins.JaasSecurityManagerService$DefaultCacheObjectFactory)
2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.jboss.security.plugins.JaasSecurityManagerService$DefaultCacheObjectFactory)
2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException
2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@148b272
2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
2006-11-06 14:17:02,742 DEBUG [org.jboss.security.plugins.JaasSecurityManager.ngirm] CachePolicy set to: org.jboss.util.TimedCachePolicy@1cc3baa
2006-11-06 14:17:02,742 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@1cc3baa
2006-11-06 14:17:02,742 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added ngirm, org.jboss.security.plugins.SecurityDomainContext@1611aec to map
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.core.ApplicationDispatcher] servletPath=/error.jsp, pathInfo=null, queryString=null, name=null
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.core.ApplicationDispatcher] Path Based Forward
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.core.StandardWrapper] Returning non-STM instance
2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] JspEngine --> /error.jsp
2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] ServletPath: /error.jsp
2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] PathInfo: null
2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] RealPath: D:\products\jboss-4.0.2\server\ngirm\.\tmp\deploy\tmp57799ngirm-web-exp.war\error.jsp
2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] RequestURI: /ngirm/error.jsp
2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] QueryString: null
2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] Request Params:
2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] j_username = venu1
2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] j_password = tcs@123
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.apache.jasper.runtime.JspSourceDependent, false)
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.apache.jasper.runtime.JspSourceDependent)
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.apache.jasper.runtime.JspSourceDependent)
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@148b272
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.apache.jasper.runtime.HttpJspBase, false)
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.apache.jasper.runtime.HttpJspBase)
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.apache.jasper.runtime.HttpJspBase)
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@148b272
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.lang.Object, false)
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Returning class from cache
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.servlet.ServletRequest, false)
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Returning class from cache
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.servlet.Servlet, false)
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(javax.servlet.Servlet)
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(javax.servlet.Servlet)
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@148b272
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.servlet.ServletResponse, false)


      • 1365 Views
      • Tags: