4 Replies Latest reply on Mar 5, 2010 1:51 PM by juergen.zimmermann

Keystore and DatabaseServerLoginModule

juergen.zimmermann Mar 2, 2010 9:15 PM

Is there an example on how to use a keystore for password masking and DatabaseServerLoginModule? I was looking at http://server.dzone.com/articles/security-features-jboss-510-0 but I've no idea how to use a keystore with the definition of DatabaseServerLoginModule. Any hint is appreciated.

1. Re: Keystore and DatabaseServerLoginModule

nschweig Mar 3, 2010 2:24 AM (in response to juergen.zimmermann)

Hi Jürgen,

I´m not sure if I understand what you mean but I I think a keystore and DatabaseServerLoginModule are two different things.

I use form based authentication (my frontend is jsf) and the DatabaseServerLoginModule. In the login-form the user has to enter username and password and with the module I compare the data with the entries in my database. (name, password, roles). If you need a detailed description you can look here: http://docs.jboss.org/jbossas/jboss4guide/r5/html/ch8.chapter.html or ask me again.

The keystore is used to configure SSL on JBoss. SSL is a transport protocol that encrypts the data during the transport and I think it has nothing to do with the Security-Modules from JBoss. Do you know this site: http://community.jboss.org/wiki/sslsetup?

I hope this helps. Please ask again for further information.

Greetz,
Nicole
Actions
2. Re: Keystore and DatabaseServerLoginModule

juergen.zimmermann Mar 3, 2010 6:18 AM (in response to juergen.zimmermann)

I'll rephrase my question. So far I've a deployed file myapp-security-jboss-beans.xml:

<?xml version="1.0"?>
<deployment xmlns="urn:jboss:bean-deployer:2.0">
<application-policy xmlns="urn:jboss:security-beans:1.0" name="myDomain">
<authentication>
   <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
    <module-option name="dsJndiName">java:/myDS</module-option>
    <module-option name="unauthenticatedIdentity">guest</module-option>
    <module-option name="principalsQuery">
     ...
    </module-option>
    <module-option name="rolesQuery">
     ...
    </module-option>
    <module-option name="hashAlgorithm">SHA-1</module-option>
    <module-option name="hashEncoding">base64</module-option>
   </login-module>
</authentication>
</application-policy>
<application-policy xmlns="urn:jboss:security-beans:1.0" name="encryptedDbPassword">
<authentication>
   <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
    <module-option name="username">myUsername</module-option>
     <module-option name="password">...myEncryptedPassword...</module-option>
     <module-option name="managedConnectionFactoryName">jboss.jca:name=myDS,service=LocalTxCM</module-option>
   </login-module>
</authentication>
</application-policy>
</deployment>

Is there a possibility to use a keystore instead of encrypted passwords as mentioned at http://server.dzone.com/articles/security-features-jboss-510-0 ?
Actions
3. Re: Keystore and DatabaseServerLoginModule

peterj Mar 4, 2010 2:13 PM (in response to juergen.zimmermann)

"Is there a possibility to use a keystore instead of encrypted passwords"
No. The SecureIdentifyLoginModule only takes a username and encrypted password. Besides when used in conjunction with a database, the password is used to login to the database. Does your database allow you to use a key in a keystore to sign into the database?
Actions
4. Re: Keystore and DatabaseServerLoginModule

juergen.zimmermann Mar 5, 2010 1:51 PM (in response to peterj)

Thank you, Peter. You're right.
Actions

Go to original post