JBoss EAP 6.1.1
web.xml
<login-config> <auth-method>FORM</auth-method> <realm-name>admin</realm-name> <form-login-config> <form-login-page>/login.htm</form-login-page> <form-error-page>/login.htm?auth-error=true</form-error-page> </form-login-config> </login-config>
standalone.xml
<login-module code="Database" flag="sufficient"> <module-option name="dsJndiName" value="java:jboss/jsi/JSIXADataSource"/> <module-option name="principalsQuery" value="select encode(password, 'hex') from principal where username=?"/> <module-option name="rolesQuery" value="select r.role, r.role_group from role r inner join principal p on r.role = p.role where p.username=?"/> <module-option name="hashAlgorithm" value="SHA-512"/> <module-option name="hashEncoding" value="hex"/> </login-module>
When storing the password I use :
public static byte[] sha512(final byte[] message) { MessageDigest md = null; try { md = MessageDigest.getInstance("SHA-512"); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("Unable to create message digest", e); } return md.digest(message); }
Now I want to add Salting to the password.
I can add salting to the password in the java code before saving it to the database, but how to use the login module then ??
Do I have to create my custom login module ?