-
1. Re: Keystore and DatabaseServerLoginModule
nschweig Mar 3, 2010 2:24 AM (in response to juergen.zimmermann)Hi Jürgen,
I´m not sure if I understand what you mean but I I think a keystore and DatabaseServerLoginModule are two different things.
I use form based authentication (my frontend is jsf) and the DatabaseServerLoginModule. In the login-form the user has to enter username and password and with the module I compare the data with the entries in my database. (name, password, roles). If you need a detailed description you can look here: http://docs.jboss.org/jbossas/jboss4guide/r5/html/ch8.chapter.html or ask me again.
The keystore is used to configure SSL on JBoss. SSL is a transport protocol that encrypts the data during the transport and I think it has nothing to do with the Security-Modules from JBoss. Do you know this site: http://community.jboss.org/wiki/sslsetup?
I hope this helps. Please ask again for further information.
Greetz,
Nicole
-
2. Re: Keystore and DatabaseServerLoginModule
juergen.zimmermann Mar 3, 2010 6:18 AM (in response to juergen.zimmermann)I'll rephrase my question. So far I've a deployed file myapp-security-jboss-beans.xml:
<?xml version="1.0"?>
<deployment xmlns="urn:jboss:bean-deployer:2.0">
<application-policy xmlns="urn:jboss:security-beans:1.0" name="myDomain">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/myDS</module-option>
<module-option name="unauthenticatedIdentity">guest</module-option>
<module-option name="principalsQuery">
...
</module-option>
<module-option name="rolesQuery">
...
</module-option>
<module-option name="hashAlgorithm">SHA-1</module-option>
<module-option name="hashEncoding">base64</module-option>
</login-module>
</authentication>
</application-policy>
<application-policy xmlns="urn:jboss:security-beans:1.0" name="encryptedDbPassword">
<authentication>
<login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
<module-option name="username">myUsername</module-option>
<module-option name="password">...myEncryptedPassword...</module-option>
<module-option name="managedConnectionFactoryName">jboss.jca:name=myDS,service=LocalTxCM</module-option>
</login-module>
</authentication>
</application-policy>
</deployment>Is there a possibility to use a keystore instead of encrypted passwords as mentioned at http://server.dzone.com/articles/security-features-jboss-510-0 ?
-
3. Re: Keystore and DatabaseServerLoginModule
peterj Mar 4, 2010 2:13 PM (in response to juergen.zimmermann)"Is there a possibility to use a keystore instead of encrypted passwords"
No. The SecureIdentifyLoginModule only takes a username and encrypted password. Besides when used in conjunction with a database, the password is used to login to the database. Does your database allow you to use a key in a keystore to sign into the database?
-
4. Re: Keystore and DatabaseServerLoginModule
juergen.zimmermann Mar 5, 2010 1:51 PM (in response to peterj)Thank you, Peter. You're right.