hashAlgorithm is not working with DatabaseServerLoginModule
vakuthota Nov 6, 2006 5:21 PMHi,
I have to store the user password in encrypted formated in the Oracle database. This i am achieving like below :
import java.io.UnsupportedEncodingException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import sun.misc.BASE64Encoder; public class PasswordEncrypter { private static PasswordEncrypter instance; private PasswordEncrypter() { } /** * * @return */ public static synchronized PasswordEncrypter getInstance(){ if(instance == null){ instance = new PasswordEncrypter(); } return instance; } /** * * @param plainPassword * @return * @throws Exception */ public synchronized String encrypt(String plainPassword) throws Exception { MessageDigest md = null; //get the message digest for the SHA-1 algorithm try{ md = MessageDigest.getInstance("SHA"); //SHA-1 algorithm }catch(NoSuchAlgorithmException e){ throw new Exception(e.getMessage()); } //feed the utf-8 formatted plain password to message digest try{ md.update(plainPassword.getBytes("UTF-8")); //byte-representation using UTF-8 encoding format }catch(UnsupportedEncodingException e){ throw new Exception(e.getMessage()); } //get the byte representation of digested password byte raw[] = md.digest(); //get the string representation from the byte array String hash = (new BASE64Encoder()).encode(raw); //return the encrypted password return hash; } }
This class encrypts and stores the user password in the database.
To authenticate the user i am using the JAAS with JBoss.
Here is my login-config.xml
<application-policy name="ngirm"> <authentication> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="dsJndiName">java:/ngirmDS</module-option> <module-option name="principalsQuery">Select PASSWORD from USERS where LOGINNAME =?</module-option> <module-option name="rolesQuery">Select GROUPNAME , 'Roles' from USERGRPASSOC where LOGINNAME =?</module-option> <module-option name="hashAlgorithm">SHA</module-option> <module-option name="hashEncoding">Base64</module-option> <module-option name="hashCharset">UTF-8</module-option> </login-module> </authentication> </application-policy>
I have mentioned the hashAlgorithm and encoding in the login-config as above.
But when i am trying to login, it fails everytime.
It simply showing the default error page.
Did i miss any thing ?? i even tried with MD5 algorithm.
I did not get any clue from the log. Here is the snippet from log.
2006-11-06 14:17:02,692 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /ngirm/j_security_check 2006-11-06 14:17:02,692 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authenticating username 'venu1' 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jboss.naming.ENCFactory, false) 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jboss.naming.ENCFactory) 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.jboss.naming.ENCFactory) 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@148b272 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory, false) 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory) 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory) 2006-11-06 14:17:02,702 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException 2006-11-06 14:17:02,712 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@148b272 2006-11-06 14:17:02,712 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent 2006-11-06 14:17:02,712 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.lang.reflect.Proxy, false) 2006-11-06 14:17:02,712 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.lang.reflect.UndeclaredThrowableException, false) 2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.lang.NoSuchMethodError, false) 2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.lang.reflect.InvocationHandler, false) 2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.naming.Name, false) 2006-11-06 14:17:02,732 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@d4a1d3 2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jboss.security.plugins.JaasSecurityManagerService$DefaultCacheObjectFactory, false) 2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories 2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jboss.security.plugins.JaasSecurityManagerService$DefaultCacheObjectFactory) 2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.jboss.security.plugins.JaasSecurityManagerService$DefaultCacheObjectFactory) 2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException 2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@148b272 2006-11-06 14:17:02,732 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent 2006-11-06 14:17:02,742 DEBUG [org.jboss.security.plugins.JaasSecurityManager.ngirm] CachePolicy set to: org.jboss.util.TimedCachePolicy@1cc3baa 2006-11-06 14:17:02,742 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@1cc3baa 2006-11-06 14:17:02,742 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added ngirm, org.jboss.security.plugins.SecurityDomainContext@1611aec to map 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.core.ApplicationDispatcher] servletPath=/error.jsp, pathInfo=null, queryString=null, name=null 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.core.ApplicationDispatcher] Path Based Forward 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.core.StandardWrapper] Returning non-STM instance 2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] JspEngine --> /error.jsp 2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] ServletPath: /error.jsp 2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] PathInfo: null 2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] RealPath: D:\products\jboss-4.0.2\server\ngirm\.\tmp\deploy\tmp57799ngirm-web-exp.war\error.jsp 2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] RequestURI: /ngirm/error.jsp 2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] QueryString: null 2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] Request Params: 2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] j_username = venu1 2006-11-06 14:17:02,902 DEBUG [org.apache.jasper.servlet.JspServlet] j_password = tcs@123 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.apache.jasper.runtime.JspSourceDependent, false) 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.apache.jasper.runtime.JspSourceDependent) 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.apache.jasper.runtime.JspSourceDependent) 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@148b272 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.apache.jasper.runtime.HttpJspBase, false) 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.apache.jasper.runtime.HttpJspBase) 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.apache.jasper.runtime.HttpJspBase) 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@148b272 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(java.lang.Object, false) 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Returning class from cache 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.servlet.ServletRequest, false) 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Returning class from cache 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.servlet.Servlet, false) 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(javax.servlet.Servlet) 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(javax.servlet.Servlet) 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@148b272 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent 2006-11-06 14:17:02,902 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.servlet.ServletResponse, false)