-
1. Re: Compare a VarBinary Password
smokingapipe Feb 16, 2007 7:50 PM (in response to aeguzmanv)Why are you using var binary for storing a password? Why not just store it as chars and use some reasonable encoding, like UTF-8?
-
2. Re: Compare a VarBinary Password
smokingapipe Feb 16, 2007 9:09 PM (in response to aeguzmanv)Oh and to answer your question: It sounds to me like you might need to write a custom subclass of one of JBoss's LoginModule classes. It's not hard to do. But what you're doing doesn't sound like it makes sense. If your passwords are hashed, you should hex encode them before storing them, and then DatabaseServerLoginModule will be able to handle them with the proper config settings.
-
3. Re: Compare a VarBinary Password
aeguzmanv Feb 19, 2007 1:41 PM (in response to aeguzmanv)Hi, and thank for your reply... I resolved the situacion easy, I just convert the bytes to Hex and change the hashEncoding to "Hex" instead of "Base64"
login-config.xml
<application-policy name = "Servipago-domain">
<login-module code = "com.servi.seguridad.jboss.ServiDatabaseServerLoginModule" flag="required">
<module-option name = "dsJndiName">java:/ServiDS</module-option>
<module-option name = "principalsQuery">
SELECT Co_Clave AS Password FROM Usuario_Sistema_Internet WHERE Di_Correo=?
</module-option>
<module-option name = "rolesQuery">
SELECT r.de_rol AS Role, 'Roles' FROM rol r, usuario_sistema_internet usi WHERE usi.di_correo= ? AND usi.co_rol = r.co_rol
</module-option>
<module-option name = "hashAlgorithm">MD5</module-option>
<module-option name = "hashEncoding">hex</module-option>
<module-option name = "password-stacking">useFirstPass</module-option>
</login-module>
</application-policy>
ServiDatabaseServerLoginModule.java overwrite method convertRawPassword:
protected String convertRawPassword(String rawPassword)
{
rawPassword = Hex.toString(rawPassword.getBytes());
return rawPassword;
}
Thanks,
Alejandro