4 Replies Latest reply on Aug 8, 2008 9:28 PM by ragavgomatam

DatabaseServerLoginModule with Cipher and PBEWithMD5AndDES

kathy90031 Aug 7, 2008 12:18 PM

All of our passwords in our database are encrpyted until the javax.crypto API (Cipher Classes) and PBEWithMD5AndDES hash Algorithm.

I noticed that jboss 4.2.2 is using the java.security classes for decrypting the database passwords in the DatabaseServerLoginModule class. Is there anyway we can get jboss to PBEWithMD5AndDES with the Cipher classes without having to write additional code?

Just wondering if there was another class out there that handled this or something I could set up in the configuration.

1. Re: DatabaseServerLoginModule with Cipher and PBEWithMD5AndD

ragavgomatam Aug 7, 2008 9:05 PM (in response to kathy90031)

Check out the login-config.xml element in the following :-

<application-policy name = "testPBEIdentityLoginModule">
 <authentication>
 <login-module code = "org.jboss.resource.security.PBEIdentityLoginModule"
 flag = "required">
 <module-option name = "principal">sa</module-option>
 <module-option name = "userName">sa</module-option>
 <!--
 output from:
 org.jboss.resource.security.PBEIdentityLoginModule
 thesecret testPBEIdentityLoginModule abcdefgh 19 PBEWithMD5AndDES
 -->
 <module-option name = "password">3fp7R/7TMjyTTxhmePdJVk</module-option>
 <module-option name = "ignoreMissigingMCF">true</module-option>
 <module-option name = "pbealgo">PBEWithMD5AndDES</module-option>
 <module-option name = "pbepass">testPBEIdentityLoginModule</module-option>
 <module-option name = "salt">abcdefgh</module-option>
 <module-option name = "iterationCount">19</module-option>
 <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
 </login-module>
 </authentication>
 </application-policy>
 <application-policy name = "testPBEIdentityLoginModuleTmpFilePassword">
 <authentication>
 <login-module code = "org.jboss.resource.security.PBEIdentityLoginModule"
 flag = "required">
 <module-option name = "principal">sa</module-option>
 <module-option name = "userName">sa</module-option>
 <!--
 output from:
 org.jboss.resource.security.PBEIdentityLoginModule
 thesecret2 testPBEIdentityLoginModuleTmpFilePassword abcdefgh 19 PBEWithMD5AndDES
 -->
 <module-option name = "password">2zff525DS/OgTuWuJtHYHa</module-option>
 <module-option name = "ignoreMissigingMCF">true</module-option>
 <module-option name = "pbealgo">PBEWithMD5AndDES</module-option>
 <module-option name = "pbepass">{CLASS}org.jboss.security.plugins.TmpFilePassword:${java.io.tmpdir}/tmp.password,5000</module-option>
 <module-option name = "salt">abcdefgh</module-option>
 <module-option name = "iterationCount">19</module-option>
 <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
 </login-module>
 </authentication>
 </application-policy>

More information available at
http://wiki.jboss.org/wiki/ConfigJCALoginModule

2. Re: DatabaseServerLoginModule with Cipher and PBEWithMD5AndD

kathy90031 Aug 8, 2008 8:12 AM (in response to kathy90031)

Yes, I saw that, but I didn't see where the Database fit in with all this. There are no examples on where to put my Users query or Roles query, etc. The documentation does not go into this detail and based on what I see in the source, this does not look up any tables in the database. Is there something else?
Actions
3. Re: DatabaseServerLoginModule with Cipher and PBEWithMD5AndD

ragavgomatam Aug 8, 2008 9:03 PM (in response to kathy90031)

Well, I guess then you will have to subclass the AbstractServerLoginModule & do a MDS/SHA-1 encrypt/decrypt action yourself. Code for this was posted a while back in this forum
Actions
4. Re: DatabaseServerLoginModule with Cipher and PBEWithMD5AndD

ragavgomatam Aug 8, 2008 9:28 PM (in response to kathy90031)

Check this out from the forums...May or may not be of help..But this could give some pointers

http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4130521#4130521
Actions

Go to original post