0 Replies Latest reply on Jul 5, 2006 1:30 PM by Alfred Kwan

    Pls Help! Username Encryption

    Alfred Kwan Newbie

      I want to encrypt (PKI) the username and password before sending to the JBoss Portal for authenticaion. In the login form, i encrypt the ID/Pwd by an applet then pass to the j_security_check. In my custom login module, i decrypt it..

      The user can be authenticated (i.e. the custom login module is passed). BUT, JBoss Portal shows error just after login... Because some codes in JBossPortal (the UserInterceptor) use HttpServletRequest.getRemoteUser() to find user from the UserModule. But the HttpServletRequest.getRemoteUser() will return the encrypted user name submitted to j_security_check... So it fails to find the user.....

      How can i work around it??? Or any other means to provide the end-to-end encryption i intended??

      Please help!

      To illustrate the scenario, below is a simple testing login module attempt to "decrypt" the username/pwd to become "admin/admin"

      package test.auth;
      import javax.security.auth.login.LoginException;
      import org.jboss.portal.core.security.jaas.ModelLoginModule;
      public class MyLoginModule extends ModelLoginModule {
       protected String[] getUsernameAndPassword() throws LoginException
       String[] encryptedInfo = super.getUsernameAndPassword();
       System.out.println("--> Encrypted username = " + encryptedInfo[0]);
       System.out.println("--> Encrypted password = " + encryptedInfo[1]);
       String[] decryptedInfo = new String[2];
       decryptedInfo[0] = "admin";
       decryptedInfo[1] = "admin";
       System.out.println("--> Decrypted username = " + decryptedInfo[0]);
       System.out.println("--> Decrypted password = " + decryptedInfo[1]);
       return decryptedInfo;
       protected String getUsersPassword() throws LoginException
       return "";
       protected boolean validatePassword(String inputPassword, String expectedPassword)
       return true;

      The error i got:

      javax.servlet.ServletException: No such user No such user aaaa
      root cause
      org.jboss.portal.core.model.NoSuchUserException: No such user No such user aaaa