3 Replies Latest reply on Feb 19, 2007 1:41 PM by aeguzmanv

    Compare a VarBinary Password

      Hi, I'm trying to Authenticate a user using DatabaseLoginModule, but the password is stored in a binary datatype field of SQL.
      When I do the authentication JBoss always throw me the following errors: Bad password for username=user

      I've been used the same security configuration but the password stored is a varchar datatype fields and its works perfect.

      Does any one knows if their is a special feature to configure to compare binary password instead of text in JBoss ??

      login-config.xml
      <application-policy name = "Servipago-domain">

      <login-module code = "com.servi.seguridad.jboss.ServiDatabaseServerLoginModule" flag="required">
      <module-option name = "dsJndiName">java:/ServiDS</module-option>
      <module-option name = "principalsQuery">
      SELECT Co_Clave AS Password FROM Usuario_Sistema_Internet WHERE Di_Correo=?
      </module-option>
      <module-option name = "rolesQuery">
      SELECT r.de_rol AS Role, 'Roles' FROM rol r, usuario_sistema_internet usi WHERE usi.di_correo= ? AND usi.co_rol = r.co_rol
      </module-option>
      <module-option name = "hashAlgorithm">MD5</module-option>
      <module-option name = "password-stacking">useFirstPass</module-option>
      </login-module>

      </application-policy>

      Thanks in advance..
      Alejandro

        • 1. Re: Compare a VarBinary Password
          smokingapipe

          Why are you using var binary for storing a password? Why not just store it as chars and use some reasonable encoding, like UTF-8?

          • 2. Re: Compare a VarBinary Password
            smokingapipe

            Oh and to answer your question: It sounds to me like you might need to write a custom subclass of one of JBoss's LoginModule classes. It's not hard to do. But what you're doing doesn't sound like it makes sense. If your passwords are hashed, you should hex encode them before storing them, and then DatabaseServerLoginModule will be able to handle them with the proper config settings.

            • 3. Re: Compare a VarBinary Password

              Hi, and thank for your reply... I resolved the situacion easy, I just convert the bytes to Hex and change the hashEncoding to "Hex" instead of "Base64"

              login-config.xml
              <application-policy name = "Servipago-domain">

              <login-module code = "com.servi.seguridad.jboss.ServiDatabaseServerLoginModule" flag="required">
              <module-option name = "dsJndiName">java:/ServiDS</module-option>
              <module-option name = "principalsQuery">
              SELECT Co_Clave AS Password FROM Usuario_Sistema_Internet WHERE Di_Correo=?
              </module-option>
              <module-option name = "rolesQuery">
              SELECT r.de_rol AS Role, 'Roles' FROM rol r, usuario_sistema_internet usi WHERE usi.di_correo= ? AND usi.co_rol = r.co_rol
              </module-option>
              <module-option name = "hashAlgorithm">MD5</module-option>
              <module-option name = "hashEncoding">hex</module-option>
              <module-option name = "password-stacking">useFirstPass</module-option>
              </login-module>

              </application-policy>


              ServiDatabaseServerLoginModule.java overwrite method convertRawPassword:

              protected String convertRawPassword(String rawPassword)
              {
              rawPassword = Hex.toString(rawPassword.getBytes());

              return rawPassword;
              }

              Thanks,
              Alejandro