-
1. Re: Using encrypted password in the DB database login module
fnasser Feb 27, 2014 8:56 AM (in response to marcusdidiusfalco)I had the same issue following the book recipe. I got it working, here are the changes:
1) Either remove the hashStorePassword or change it to hashUserPassword (not needed, the default for that is true)
2) calculate the passwordHash from a String password like this:
passwordHash = Util.createPasswordHash("MD5", "BASE64", null, null, password);
3) To fill your database you can obtain the digests like this:
echo -n 'password' | openssl dgst -md5 -binary | openssl base64
where password is the password you want to use (make sure you use single quotes in case you have special characters in your password; do NOT escape then with a \ as the digest is changed by it).
-
2. Re: Using encrypted password in the DB database login module
polinchw Mar 16, 2014 4:51 PM (in response to marcusdidiusfalco)I've had this exact same problem. I think the book must be wrong. I'm going to try Fernando's solution.
-
3. Re: Using encrypted password in the DB database login module
polinchw Mar 16, 2014 6:14 PM (in response to polinchw)Wow it worked. I used these settings:
<security-domain name="mysqldomain" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/MysqlDS"/>
<module-option name="principalsQuery" value="select password from user where name=?"/>
<module-option name="rolesQuery" value="select role,'Roles' from roles where name=?"/>
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="base64"/>
<module-option name="hashUserPassword" value="true"/>
</login-module>
</authentication>
</security-domain>
private static String hashPassword(String password) {
return org.jboss.crypto.CryptoUtil.createPasswordHash("MD5", "BASE64", null, null, password);
}