jboss 7.1.1 EJB call from remote client with digest database authentication
vajry987 Dec 20, 2013 5:31 PMHi!
I have simple EJB for testing, that I need to call from standalone java application.
I was sucesful with authentication against jboss properties files (application-roles.properties and application-users.properties)
i was succesful with authorization against database, sending plain usersname and password from client ..
but i want to send password secured, so i wanted to use digest-md5 authentication ...
digest auth works fine with default ApplicationRealm and files - i checked communication in wireshark, server sends nonce and then gets hashed password
when i tried the same against database, client always sends plain password ..
in server.log i see:
23:04:52,791 TRACE [org.jboss.remoting.remote.server] (Remoting "tomino-pc" read-1) Added mechanism JBOSS-LOCAL-USER
23:04:52,796 TRACE [org.jboss.remoting.remote.server] (Remoting "tomino-pc" read-1) Trying SASL server factory org.jboss.sasl.digest.DigestMD5ServerFactory@c3d808c
23:04:52,806 TRACE [org.jboss.remoting.remote.server] (Remoting "tomino-pc" read-1) Excluding mechanism DIGEST-MD5 because it is not in the allowed list
23:04:52,815 TRACE [org.jboss.remoting.remote.server] (Remoting "tomino-pc" read-1) Trying SASL server factory org.jboss.sasl.plain.PlainServerFactory@19c26d9b
23:04:52,823 TRACE [org.jboss.remoting.remote.server] (Remoting "tomino-pc" read-1) Added mechanism PLAIN
So after long research my main question is - how can i add digest-md5 to allowed list for database login module?
I read many discussions and tried many configurations:
ie.:
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/postgresDS"/>
<module-option name="principalsQuery" value="select passwd from users where username=?"/>
<module-option name="rolesQuery" value="SELECT userroles, 'Roles' FROM userroles WHERE username=?"/>
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="RFC2617"/>
<module-option name="hashUserPassword" value="false"/>
<module-option name="hashStorePassword" value="true"/>
<module-option name="passwordIsA1Hash" value="true"/>
</login-module>
i tried different enconding, i tried to add this line:
<module-option name="storeDigestCallback" value="org.jboss.security.auth.callback.RFC2617Digest"/>
a guess i tried almost everything, but no digest authentication ;-(
can anybody give me some hint or a functional configuration?
Thanks a lot,
Tomas