10 Replies Latest reply on Aug 9, 2013 1:28 AM by ybxiang.china

    can't login with Arabic password using JAAS in JBoss AS

    romyo0o

      Hello,

       

      The problem is that I can't login to my application with Arabic password although I can login with english password and i'm using the following:

       

      First:(Base64)

      Hashing password before insert it into the DB using below code:

       

       private String getSha1(String text) throws NoSuchAlgorithmException,
         UnsupportedEncodingException {
        MessageDigest md;
        md = MessageDigest.getInstance("SHA-1");
        byte[] sha1hash = new byte[40];
        md.update(text.getBytes("UTF-8"), 0, text.length());
        sha1hash = md.digest();
        return convertToBase64(sha1hash);
       }
       private String convertToBase64(byte[] data) {
        return new String(Base64.encode(data, data.length));
       }

       

      Second:login-config.xml

      adding policy in the login file and add the orange lines below to support hashing password before selecting it from the DB:

       <application-policy name="messageEnginge">
                <authentication>
                <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
                <module-option name="unauthenticatedIdentity">guest</module-option>
                <module-option name="dsJndiName">jndiname</module-option>
                <module-option name="principalsQuery">the query of password   </module-option>
                <module-option name="rolesQuery">thequery of roles        </module-option>
       
       
                    <module-option name="hashCharset">UTF-8</module-option>
                <module-option name="hashAlgorithm">SHA1</module-option>
                <module-option name="hashEncoding">base64</module-option>
          
                </login-module>
                </authentication>
         </application-policy>
      
      

       

      Jboss AS version > 5.0

      using JSF and richfaces for info

       

       

      Also the image below shows the request of login action:

      jsecurity_check.png