Thank you for your reply, Frank!

So I modified some of my codes like below with your advice,

<security-domain name="my_secure_domain" cache-type="default">

    <authentication>

        <login-module code="Database" flag="required">

            <module-option name="dsJndiName" value="java:jboss/datasources/MySqlDS"/>

            <module-option name="principalsQuery" value="select password from credential where uid=?"/>

            <module-option name="rolesQuery" value="select urole, role_group from credential where uid=?"/>

            <module-option name="hashAlgorithm" value="MD5"/>

            <module-option name="hashEncoding" value="base64"/>

            <module-option name="hashCharset" value="UTF-8"/>

        </login-module>

     </authentication>

</security-domain>

And I encrypted password with this codes

import org.jboss.crypto.CryptoUtil;

public class EncryptPassword {

    public static void main(String[] args) {
        // TODO Auto-generated method stub
        String userName="admin";
        String realmName="WildFly8DigestRealm";
        String password="passwd123";

        String clearTextPassword=userName+":"+realmName+":"+password; 
        String hashedPassword=CryptoUtil.createPasswordHash("MD5", "base64", "UTF-8", null, clearTextPassword);
        System.out.println("clearTextPassword: "+clearTextPassword);
        System.out.println("hashedPassword: "+hashedPassword);
    }

}

But Login was also failed, The log shows that,

2014-07-12 16:09:01,729 TRACE [org.jboss.security] (default task-3) PBOX000200: Begin isValid, principal: org.wildfly.extension.undertow.security.AccountImpl$AccountPrincipal@586034f, cache entry: null
2014-07-12 16:09:01,729 TRACE [org.jboss.security] (default task-3) PBOX000209: defaultLogin, principal: org.wildfly.extension.undertow.security.AccountImpl$AccountPrincipal@586034f
2014-07-12 16:09:01,729 TRACE [org.jboss.security] (default task-3) PBOX000221: Begin getAppConfigurationEntry(my_secure_domain), size: 4
2014-07-12 16:09:01,730 TRACE [org.jboss.security] (default task-3) PBOX000224: End getAppConfigurationEntry(my_secure_domain), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=hashCharset, value=UTF-8
name=hashAlgorithm, value=MD5
name=principalsQuery, value=select password from credential where uid=?
name=hashEncoding, value=base64
name=dsJndiName, value=java:jboss/datasources/MySqlDS
name=rolesQuery, value=select urole, role_group from credential where uid=?

2014-07-12 16:09:01,730 TRACE [org.jboss.security] (default task-3) PBOX000236: Begin initialize method
2014-07-12 16:09:01,731 DEBUG [org.jboss.security] (default task-3) PBOX000281: Password hashing activated, algorithm: MD5, encoding: base64, charset: UTF-8, callback: null, storeCallBack: null
2014-07-12 16:09:01,731 TRACE [org.jboss.security] (default task-3) PBOX000262: Module options [dsJndiName: java:jboss/datasources/MySqlDS, principalsQuery: select password from credential where uid=?, rolesQuery: select urole, role_group from credential where uid=?, suspendResume: true]
2014-07-12 16:09:01,732 TRACE [org.jboss.security] (default task-3) PBOX000240: Begin login method
2014-07-12 16:09:01,733 TRACE [org.jboss.security] (default task-3) PBOX000263: Executing query select password from credential where uid=? with username admin
2014-07-12 16:09:01,736 DEBUG [org.jboss.security] (default task-3) PBOX000283: Bad password for username admin
2014-07-12 16:09:01,736 TRACE [org.jboss.security] (default task-3) PBOX000244: Begin abort method
2014-07-12 16:09:01,736 DEBUG [org.jboss.security] (default task-3) PBOX000206: Login failure: javax.security.auth.login.FailedLoginException: PBOX000070: Password invalid/Password required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:284) [picketbox-4.0.20.Final.jar:4.0.20.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_60]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_60]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_60]
at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_60]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) [rt.jar:1.7.0_60]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_60]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) [rt.jar:1.7.0_60]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) [rt.jar:1.7.0_60]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_60]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) [rt.jar:1.7.0_60]
at javax.security.auth.login.LoginContext.login(LoginContext.java:595) [rt.jar:1.7.0_60]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.20.Final.jar:4.0.20.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.20.Final.jar:4.0.20.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.0.20.Final.jar:4.0.20.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.0.20.Final.jar:4.0.20.Final]
at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(JAASIdentityManagerImpl.java:109)
at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verify(JAASIdentityManagerImpl.java:77)
at io.undertow.security.impl.DigestAuthenticationMechanism.handleDigestHeader(DigestAuthenticationMechanism.java:265) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.security.impl.DigestAuthenticationMechanism.authenticate(DigestAuthenticationMechanism.java:149) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.security.handlers.AuthenticationCallHandler.handleRequest(AuthenticationCallHandler.java:50) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) [undertow-servlet-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:168) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:687) [undertow-core-1.0.0.Final.jar:1.0.0.Final]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_60]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_60]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_60]

2014-07-12 16:09:01,739 TRACE [org.jboss.security] (default task-3) PBOX000201: End isValid, result = false
2014-07-12 16:09:01,741 TRACE [org.jboss.security] (default task-3) PBOX000354: Setting security roles ThreadLocal: null

Do you think my encrypted password is generated wrong? Pls, inform me how you encrypted your password?

Your help will be deeply appreciated. Thanks

I changed encryption java file like below ;

import java.security.MessageDigest;

import org.jboss.security.Base64Encoder;

public class EncryptPassword {

   public static void main(String[] args) {
      // TODO Auto-generated method stub
         String algoritmo = "MD5";
         String clearTextPassword = "passwd123";
         String hashedPassword = null;

         try {
            byte[] hash = MessageDigest.getInstance(algoritmo).digest(clearTextPassword.getBytes());
            hashedPassword = Base64Encoder.encode(hash);
            System.out.println("Clear Text Password : " + clearTextPassword);
            System.out.println("Encrypted Password : " + hashedPassword);
         } catch (Exception e) {
            e.printStackTrace();
        }
   }
}

And also I executed java command on shell like below as well as above java file

C:\>java -cp c:\wildfly-8.1.0.final\modules\system\layers\base\org\picketbox\main\picketbox-4.0.21.Beta1.jar  org.jboss.security.Base64Encoder  passwd123  MD5

Both result brings the same hashed password and hashed password is updated.

Clear Text Password : passwd123

Encrypted Password : EWT55bjO92g5bc1TdOS26w==

However, login is still failed. And in server.log it throws same exception.

I need any help desperately.

Dear Frank!

I think my hashed password is wrong itself, not correctly encrypted. The plain password login in BASIC login-config is successful. Login fails and log throws the same exception only in DIGEST login-config with database login module and even with UsersRoles login module. I am afraid my password encryption source and configuration seem to be totally wrong!! For your information, my configuration file is standalone.xml, not standalone-full.xml.

Any idea or reference site?

Thank you for your immediate reply, Frank !

The hashed password from EncryptPassword.java is the exact  same of the password generated from your above java command.

I think next step is configuration of database login module in standalone.xml.

As i mentioned above, security-configuration is like below,

<authentication>

        <login-module code="Database" flag="required">

            <module-option name="dsJndiName" value="java:jboss/datasources/MySqlDS"/>

            <module-option name="principalsQuery" value="select password from credential where uid=?"/>

            <module-option name="rolesQuery" value="select urole, 'Roles' from credential where uid=?"/>

            <module-option name="hashAlgorithm" value="MD5"/>

            <module-option name="hashEncoding" value="RFC2617"/>

            <module-option name="hashUserPassword" value="false"/>

            <module-option name="hashStorePassword" value="true"/>

            <module-option name="passwordIsA1Hash" value="true"/>

            <module-option name="storeDigestCallback" value="org.jboss.security.auth.callback.RFC2617Digest"/>

        </login-module>

    </authentication>

This database login-module configuration worked well on JBoss AS 7, But on WildFly 8 it throws the following exception,

2014-07-10 20:13:43,023 TRACE [org.jboss.security] (default task-2) PBOX000236: Begin initialize method

2014-07-10 20:13:43,024 DEBUG [org.jboss.security] (default task-2) PBOX000281: Password hashing activated, algorithm: MD5, encoding: RFC2617, charset: null, callback: null, storeCallBack: org.jboss.security.auth.callback.RFC2617Digest

2014-07-10 20:13:43,024 TRACE [org.jboss.security] (default task-2) PBOX000262: Module options [dsJndiName: java:jboss/datasources/MySqlDS, principalsQuery: select password from credential where uid=?, rolesQuery: select urole, 'Roles' from credential where uid=?, suspendResume: true]

2014-07-10 20:13:43,025 TRACE [org.jboss.security] (default task-2) PBOX000240: Begin login method

2014-07-10 20:13:43,182 TRACE [org.jboss.security] (default task-2) PBOX000263: Executing query select password from credential where uid=? with username admin

2014-07-10 20:13:43,198 TRACE [org.jboss.security] (default task-2) PBOX000284: Created DigestCallback org.jboss.security.auth.callback.RFC2617Digest

2014-07-10 20:13:43,199 TRACE [org.jboss.security] (default task-2) PBOX000244: Begin abort method

2014-07-10 20:13:43,200 DEBUG [org.jboss.security] (default task-2) PBOX000206: Login failure: javax.security.auth.login.LoginException: PBOX000055: Failed to invoke CallbackHandler

at org.jboss.security.auth.spi.UsernamePasswordLoginModule.createPasswordHash(UsernamePasswordLoginModule.java:444) [picketbox-4.0.20.Final.jar:4.0.20.Final]

at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:280) [picketbox-4.0.20.Final.jar:4.0.20.Final]

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_60]

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_60]

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_60]

at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_60]

at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) [rt.jar:1.7.0_60]

Is there any update or modification of database module-option of wildfly 8 from the previous JBoss AS7 ?

Your advice will be deeply appreciated! Thanks

Thank you for your reply,Frank! I think we seem to be almost close to solve this issue.

I added the following line into my Database login-module like below:

<security-domain name="my_secure_domain" cache-type="default">

     <authentication>

          <login-module code="Database" flag="required">

               <module-option name="dsJndiName" value="java:jboss/datasources/MySqlDS"/>

               <module-option name="principalsQuery" value="select password from credential where uid=?"/>

               <module-option name="rolesQuery" value="select urole, 'Roles' from credential where uid=?"/>

               <module-option name="hashAlgorithm" value="MD5"/>

               <module-option name="hashEncoding" value="RFC2617"/>

               <module-option name="hashUserPassword" value="false"/>

               <module-option name="hashStorePassword" value="true"/>

               <module-option name="passwordIsA1Hash" value="true"/>

               <module-option name="digestCallback" value="org.jboss.security.auth.callback.DigestCallbackHandler"/>

               <module-option name="storeDigestCallback" value="org.jboss.security.auth.callback.RFC2617Digest"/>

          </login-module>

     </authentication>

</security-domain>

But the log throws the same exceptions and 'caused by' statements

LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=digestCallback, value=org.jboss.security.auth.callback.DigestCallbackHandler
name=hashUserPassword, value=false
name=hashAlgorithm, value=MD5
name=principalsQuery, value=select password from credential where uid=?
name=passwordIsA1Hash, value=true
name=hashEncoding, value=RFC2617
name=dsJndiName, value=java:jboss/datasources/MySqlDS
name=storeDigestCallback, value=org.jboss.security.auth.callback.RFC2617Digest
name=hashStorePassword, value=true
name=rolesQuery, value=select urole, 'Roles' from credential where uid=?

2014-07-18 21:37:45,246 TRACE [org.jboss.security] (default task-3) PBOX000236: Begin initialize method
2014-07-18 21:37:45,246 DEBUG [org.jboss.security] (default task-3) PBOX000281: Password hashing activated, algorithm: MD5, encoding: RFC2617, charset: null, callback: org.jboss.security.auth.callback.DigestCallbackHandler, storeCallBack: org.jboss.security.auth.callback.RFC2617Digest
2014-07-18 21:37:45,247 TRACE [org.jboss.security] (default task-3) PBOX000262: Module options [dsJndiName: java:jboss/datasources/MySqlDS, principalsQuery: select password from credential where uid=?, rolesQuery: select urole, 'Roles' from credential where uid=?, suspendResume: true]
2014-07-18 21:37:45,247 TRACE [org.jboss.security] (default task-3) PBOX000240: Begin login method
2014-07-18 21:37:45,249 TRACE [org.jboss.security] (default task-3) PBOX000263: Executing query select password from credential where uid=? with username admin
2014-07-18 21:37:45,251 TRACE [org.jboss.security] (default task-3) PBOX000284: Created DigestCallback org.jboss.security.auth.callback.RFC2617Digest
2014-07-18 21:37:45,252 TRACE [org.jboss.security] (default task-3) PBOX000244: Begin abort method
2014-07-18 21:37:45,252 DEBUG [org.jboss.security] (default task-3) PBOX000206: Login failure: javax.security.auth.login.LoginException: PBOX000055: Failed to invoke CallbackHandler
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.createPasswordHash(UsernamePasswordLoginModule.java:444) [picketbox-4.0.21.Beta1.jar:4.0.21.Beta1]
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:280) [picketbox-4.0.21.Beta1.jar:4.0.21.Beta1]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_60]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_60]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_60]
at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_60]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) [rt.jar:1.7.0_60]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_60]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) [rt.jar:1.7.0_60]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) [rt.jar:1.7.0_60]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_60]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) [rt.jar:1.7.0_60]
at javax.security.auth.login.LoginContext.login(LoginContext.java:595) [rt.jar:1.7.0_60]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(JAASIdentityManagerImpl.java:111)
at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verify(JAASIdentityManagerImpl.java:77)
at io.undertow.security.impl.DigestAuthenticationMechanism.handleDigestHeader(DigestAuthenticationMechanism.java:265) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.impl.DigestAuthenticationMechanism.authenticate(DigestAuthenticationMechanism.java:149) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:27) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:177) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_60]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_60]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_60]

Caused by: javax.security.auth.callback.UnsupportedCallbackException
at org.jboss.security.auth.callback.JBossCallbackHandler.handleCallBack(JBossCallbackHandler.java:138) [picketbox-4.0.21.Beta1.jar:4.0.21.Beta1]
at org.jboss.security.auth.callback.JBossCallbackHandler.handle(JBossCallbackHandler.java:87) [picketbox-4.0.21.Beta1.jar:4.0.21.Beta1]
at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:947) [rt.jar:1.7.0_60]
at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:944) [rt.jar:1.7.0_60]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_60]
at javax.security.auth.login.LoginContext$SecureCallbackHandler.handle(LoginContext.java:943) [rt.jar:1.7.0_60]
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.createPasswordHash(UsernamePasswordLoginModule.java:434) [picketbox-4.0.21.Beta1.jar:4.0.21.Beta1]
... 49 more

I coded like below as your advice :

<module-option name="digestCallback" value="org.jboss.security.auth.callback.RFC2617Digest"/>

<module-option name="storeDigestCallback" value="org.jboss.security.auth.callback.RFC2617Digest"/>

But login failed and in server.log it throws the same exception.

Any way thanks for your interest.

Dear Frank!

Do you think this issue is caused by the bug of wildfly 8 jaas? and do we have to make JIRA to solve this issue?

If you agree, pls reply me. Thanks!

Thank you for your detail reply, Bradley! But above configuration worked well in JBoss AS 7. So I want to make JIRA issue. If i am wrong, this issue would be solved by the issue assignee any way.

This is the link of JIRA issue, https://issues.jboss.org/browse/WFLY-3659

Why don't  you join with us as well as Frank Langelage