Database login module with encrypted password.
suikast42 Jun 24, 2012 6:04 AMHi Comunity,
I try to login from a JSF application. The user and useruserole should read from database. If I store the no encrypted password in the database then everything works fine. Bur with encrypted password it will not work.
I get this Exception if I try to login:
00:31:45,691 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost-127.0.0.1-8080-2) initialize 00:31:45,691 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost-127.0.0.1-8080-2) Security domain: wmsdomain 00:31:45,691 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost-127.0.0.1-8080-2) Password hashing activated: algorithm = SHA-256, encoding = base64, charset = {default}, callback = null, storeCallback = null 00:31:45,691 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost-127.0.0.1-8080-2) DatabaseServerLoginModule, dsJndiName=java:/datasources/WMSDS 00:31:45,691 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost-127.0.0.1-8080-2) principalsQuery=SELECT PASSWORD FROM WMSUSER WHERE NAME = ? 00:31:45,707 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost-127.0.0.1-8080-2) rolesQuery=select name , 'Roles' from wmsuserrole where ID in( select WMSUSERROLE_ID from wmsuser where name=?) 00:31:45,707 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost-127.0.0.1-8080-2) suspendResume=true 00:31:45,707 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost-127.0.0.1-8080-2) login 00:31:45,722 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost-127.0.0.1-8080-2) suspendAnyTransaction 00:31:45,722 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost-127.0.0.1-8080-2) Excuting query: SELECT PASSWORD FROM WMSUSER WHERE NAME = ?, with username: wmsuser2 00:31:45,863 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost-127.0.0.1-8080-2) Obtained user password 00:31:45,863 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost-127.0.0.1-8080-2) resumeAnyTransaction 00:31:45,863 DEBUG [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost-127.0.0.1-8080-2) Bad password for username=wmsuser2 00:31:45,863 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost-127.0.0.1-8080-2) abort 00:31:45,879 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http-localhost-127.0.0.1-8080-2) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
My security domain:
<security-domain name="wmsdomain" cache-type="default"> <authentication> <login-module code="Remoting" flag="optional"> <module-option name="password-stacking" value="useFirstPass"/> </login-module> <login-module code="Database" flag="required"> <module-option name="dsJndiName" value="java:/datasources/WMSDS" /> <module-option name="principalsQuery" value="SELECT PASSWORD FROM WMSUSER WHERE NAME = ?"/> <module-option name="rolesQuery" value="select name , 'Roles' from wmsuserrole where ID in( select WMSUSERROLE_ID from wmsuser where name=?)"/> <module-option name="password-stacking" value="useFirstPass"/> <module-option name="hashAlgorithm" value ="SHA-256"/> <module-option name="hashEncoding" value="base64"/> </login-module> </authentication> </security-domain>
My encryption :
MessageDigest mdEnc = null; | |
try { | |
mdEnc = MessageDigest.getInstance("SHA-256"); | |
} catch (NoSuchAlgorithmException e) { | |
e.printStackTrace(); | |
} | |
// Encryption algorithm | |
mdEnc.update(aPassword.getBytes(), 0, aPassword.length()); | |
String md5 = new BigInteger(1, mdEnc.digest()).toString(16); // Encrypted string |
Did I miss something ?