Pls Help! Username Encryption
alfredkwan Jul 5, 2006 1:30 PMI want to encrypt (PKI) the username and password before sending to the JBoss Portal for authenticaion. In the login form, i encrypt the ID/Pwd by an applet then pass to the j_security_check. In my custom login module, i decrypt it..
The user can be authenticated (i.e. the custom login module is passed). BUT, JBoss Portal shows error just after login... Because some codes in JBossPortal (the UserInterceptor) use HttpServletRequest.getRemoteUser() to find user from the UserModule. But the HttpServletRequest.getRemoteUser() will return the encrypted user name submitted to j_security_check... So it fails to find the user.....
How can i work around it??? Or any other means to provide the end-to-end encryption i intended??
Please help!
To illustrate the scenario, below is a simple testing login module attempt to "decrypt" the username/pwd to become "admin/admin"
package test.auth; import javax.security.auth.login.LoginException; import org.jboss.portal.core.security.jaas.ModelLoginModule; public class MyLoginModule extends ModelLoginModule { protected String[] getUsernameAndPassword() throws LoginException { String[] encryptedInfo = super.getUsernameAndPassword(); System.out.println("--> Encrypted username = " + encryptedInfo[0]); System.out.println("--> Encrypted password = " + encryptedInfo[1]); String[] decryptedInfo = new String[2]; decryptedInfo[0] = "admin"; decryptedInfo[1] = "admin"; System.out.println("--> Decrypted username = " + decryptedInfo[0]); System.out.println("--> Decrypted password = " + decryptedInfo[1]); return decryptedInfo; } protected String getUsersPassword() throws LoginException { return ""; } protected boolean validatePassword(String inputPassword, String expectedPassword) { return true; } }
The error i got:
exception javax.servlet.ServletException: No such user No such user aaaa org.jboss.portal.server.servlet.PortalServlet.doGet(PortalServlet.java:227) javax.servlet.http.HttpServlet.service(HttpServlet.java:697) javax.servlet.http.HttpServlet.service(HttpServlet.java:810) org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81) root cause org.jboss.portal.core.model.NoSuchUserException: No such user No such user aaaa org.jboss.portal.core.impl.user.UserModuleImpl.findUserByUserName(UserModuleImpl.java:123) org.jboss.portal.core.aspects.server.UserInterceptor.invoke(UserInterceptor.java:100) org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)