0 Replies Latest reply on Jul 5, 2006 1:30 PM by Alfred Kwan

    Pls Help! Username Encryption

    Alfred Kwan Newbie

      I want to encrypt (PKI) the username and password before sending to the JBoss Portal for authenticaion. In the login form, i encrypt the ID/Pwd by an applet then pass to the j_security_check. In my custom login module, i decrypt it..

      The user can be authenticated (i.e. the custom login module is passed). BUT, JBoss Portal shows error just after login... Because some codes in JBossPortal (the UserInterceptor) use HttpServletRequest.getRemoteUser() to find user from the UserModule. But the HttpServletRequest.getRemoteUser() will return the encrypted user name submitted to j_security_check... So it fails to find the user.....

      How can i work around it??? Or any other means to provide the end-to-end encryption i intended??

      Please help!


      To illustrate the scenario, below is a simple testing login module attempt to "decrypt" the username/pwd to become "admin/admin"

      package test.auth;
      
      import javax.security.auth.login.LoginException;
      
      import org.jboss.portal.core.security.jaas.ModelLoginModule;
      
      public class MyLoginModule extends ModelLoginModule {
      
       protected String[] getUsernameAndPassword() throws LoginException
       {
       String[] encryptedInfo = super.getUsernameAndPassword();
      
       System.out.println("--> Encrypted username = " + encryptedInfo[0]);
       System.out.println("--> Encrypted password = " + encryptedInfo[1]);
      
       String[] decryptedInfo = new String[2];
       decryptedInfo[0] = "admin";
       decryptedInfo[1] = "admin";
      
       System.out.println("--> Decrypted username = " + decryptedInfo[0]);
       System.out.println("--> Decrypted password = " + decryptedInfo[1]);
      
       return decryptedInfo;
       }
      
       protected String getUsersPassword() throws LoginException
       {
       return "";
       }
      
       protected boolean validatePassword(String inputPassword, String expectedPassword)
       {
       return true;
       }
      
      }
      


      The error i got:

      exception
      
      javax.servlet.ServletException: No such user No such user aaaa
       org.jboss.portal.server.servlet.PortalServlet.doGet(PortalServlet.java:227)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
       org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
      
      
      root cause
      
      org.jboss.portal.core.model.NoSuchUserException: No such user No such user aaaa
       org.jboss.portal.core.impl.user.UserModuleImpl.findUserByUserName(UserModuleImpl.java:123)
       org.jboss.portal.core.aspects.server.UserInterceptor.invoke(UserInterceptor.java:100)
       org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)