4 Replies Latest reply on Mar 5, 2010 1:51 PM by Juergen Zimmermann

    Keystore and DatabaseServerLoginModule

    Juergen Zimmermann Master
      Is there an example on how to use a keystore for password masking and DatabaseServerLoginModule? I was looking at http://server.dzone.com/articles/security-features-jboss-510-0 but I've no idea how to use a keystore with the definition of DatabaseServerLoginModule. Any hint is appreciated.
        • 1. Re: Keystore and DatabaseServerLoginModule
          Nicole Schweighardt Novice

          Hi Jürgen,

           

          I´m not sure if I understand what you mean but I I think a keystore and DatabaseServerLoginModule are two different things.

           

          I use form based authentication (my frontend is jsf) and the DatabaseServerLoginModule. In the login-form the user has to enter username and password and with the module I compare the data with the entries in my database. (name, password, roles). If you need a detailed description you can look here: http://docs.jboss.org/jbossas/jboss4guide/r5/html/ch8.chapter.html or ask me again.

           

          The keystore is used to configure SSL on JBoss. SSL is a transport protocol that encrypts the data during the transport and I think it has nothing to do with the Security-Modules from JBoss. Do you know this site: http://community.jboss.org/wiki/sslsetup?

           

          I hope this helps. Please ask again for further information.

           

          Greetz,

          Nicole

          • 2. Re: Keystore and DatabaseServerLoginModule
            Juergen Zimmermann Master

            I'll rephrase my question. So far I've a deployed file myapp-security-jboss-beans.xml:

             

            <?xml version="1.0"?>
            <deployment xmlns="urn:jboss:bean-deployer:2.0">
            <application-policy xmlns="urn:jboss:security-beans:1.0" name="myDomain">
              <authentication>
               <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
                <module-option name="dsJndiName">java:/myDS</module-option>
                <module-option name="unauthenticatedIdentity">guest</module-option>
                <module-option name="principalsQuery">
                 ...
                </module-option>
                <module-option name="rolesQuery">
                 ...
                </module-option>
                <module-option name="hashAlgorithm">SHA-1</module-option>
                <module-option name="hashEncoding">base64</module-option>
               </login-module>
              </authentication>
            </application-policy>
            <application-policy xmlns="urn:jboss:security-beans:1.0" name="encryptedDbPassword">
              <authentication>
               <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
                <module-option name="username">myUsername</module-option>
                 <module-option name="password">...myEncryptedPassword...</module-option>
                 <module-option name="managedConnectionFactoryName">jboss.jca:name=myDS,service=LocalTxCM</module-option>
               </login-module>
              </authentication>
            </application-policy>
            </deployment>

             

            Is there a possibility to use a keystore instead of encrypted passwords as mentioned at http://server.dzone.com/articles/security-features-jboss-510-0 ?

            • 3. Re: Keystore and DatabaseServerLoginModule
              Peter Johnson Master

              "Is there a possibility to use a keystore instead of encrypted passwords"

              No. The SecureIdentifyLoginModule only takes a username and encrypted password. Besides when used in conjunction with a database, the password is used to login to the database. Does your database allow you to use a key in a keystore to sign into the database?