-
1. Re: How to create Elytron DB realm users
mchoma Jan 23, 2018 1:10 PM (in response to tstiemerling)Could you paste the API example?
Elytron use concept of modifiable security realms, but jdbc-realm is not one of them. So I doubt so.
-
2. Re: How to create Elytron DB realm users
tstiemerling Jan 23, 2018 1:16 PM (in response to mchoma)This is the PicketLink code we use to create the DB users:
Realm realm = partitionManager.getPartition(Realm.class, IdentityManagementConfiguration.DB_PARTITION);
IdentityManager identityManager = partitionManager.createIdentityManager(realm);
User user = new User(username);
identityManager.add(user);
identityManager.updateCredential(user, new Password(password));
to replace this in Elytron we basically need to know how to create the password hash to put in the DB (we are using bcrypt).
Thanks.
-
3. Re: How to create Elytron DB realm users
tstiemerling Jan 23, 2018 2:19 PM (in response to tstiemerling)ok, it looks like the required code to create hashed password is here:
wildfly-elytron/BCryptPasswordTest.java at master · wildfly-security/wildfly-elytron · GitHub
When creating the bcrypt password mapper, does the salt and iterations have to come from the database, or can they be set as constant values in standalone.xml?
-
4. Re: How to create Elytron DB realm users
tstiemerling Jan 23, 2018 4:01 PM (in response to tstiemerling)Example code for anyone else who needs to do this:
byte[] salt = PasswordUtil.generateRandomSalt(BCRYPT_SALT_SIZE);
PasswordFactory factory = PasswordFactory.getInstance(ALGORITHM_BCRYPT);
BCryptPassword bcrypt = (BCryptPassword) factory.generatePassword(new EncryptablePasswordSpec(
password.toCharArray(), new IteratedSaltedPasswordAlgorithmSpec(DEFAULT_ITERATION_COUNT, salt)));
You then have to store the hash, salt and iterations in the user DB.