8 Replies Latest reply on Aug 16, 2011 4:38 PM by sfriesen

Database Login Module encrypted password error

sfriesen Aug 16, 2011 12:37 AM

Hi,

I'm trying to get an AS7 security domain set up to use a database login module and am having some difficulty with the encryption part. Here is my security domain configuration:

<security-domain name="other">
                    <authentication>
                        <login-module code="Database" flag="required">
                            <module-option name="dsJndiName" value="java:/myds"/>
                            <module-option name="principalsQuery" value="select password from app_user where username=?"/>
                            <module-option name="rolesQuery" value="select r.rolename,'Roles' from role r, app_user u, app_user_role_xref x where u.useridx=x.useridx and x.roleidx=r.roleidx and u.username=?"/>
                            <module-option name="hashAlgorithm" value="SHA-256"/>
                            <module-option name="hashEncoding" value="base64"/>
                        </login-module>
                    </authentication>
                </security-domain>

I am accessing this from a JSF page and am having success if I remove the hashAlgorithm and hashEncoding module-options from the configuration, and then put a plain text password in the database. So, I take the same password and go to a website with a SHA-256 algorithm and encrypt the password and then take that and go to a website the encodes to base 64 and encode the encrypted value, and I put that in the database. Is that right?

I guess the answer is 'no' because it doesn't work. Below is the logfile. If anybody has any suggestions I would greatly appreciate it.

-Steve

log:

21:14:22,204 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--0.0.0.0-8080-1) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required

at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:252) [picketbox-4.0.0.Final.jar:4.0.0.Final]

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_24]

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) [:1.6.0_24]

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) [:1.6.0_24]

at java.lang.reflect.Method.invoke(Unknown Source) [:1.6.0_24]

at javax.security.auth.login.LoginContext.invoke(Unknown Source) [:1.6.0_24]

at javax.security.auth.login.LoginContext.access$000(Unknown Source) [:1.6.0_24]

at javax.security.auth.login.LoginContext$4.run(Unknown Source) [:1.6.0_24]

at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_24]

at javax.security.auth.login.LoginContext.invokePriv(Unknown Source) [:1.6.0_24]

at javax.security.auth.login.LoginContext.login(Unknown Source) [:1.6.0_24]

at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:411) [picketbox-infinispan-4.0.0.Final.jar:4.0.0.Final]

at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.0.Final.jar:4.0.0.Final]

at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:154) [picketbox-infinispan-4.0.0.Final.jar:4.0.0.Final]

at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:127) [jboss-as-web-7.1.0.Alpha1-SNAPSHOT.jar:7.1.0.Alpha1-SNAPSHOT]

at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:280) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:372) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]

at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57) [jboss-as-web-7.1.0.Alpha1-SNAPSHOT.jar:7.1.0.Alpha1-SNAPSHOT]

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]

at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]

at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]

at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]

at java.lang.Thread.run(Unknown Source) [:1.6.0_24]

1. Re: Database Login Module encrypted password error

jaikiran Aug 16, 2011 7:46 AM (in response to sfriesen)

Enable TRACE level logging of security packages as explained here http://community.jboss.org/message/617658#617658 and check the logs.
1 of 1 people found this helpful
Actions
2. Re: Database Login Module encrypted password error

mmoyses Aug 16, 2011 9:43 AM (in response to sfriesen)

To encrypt the password to store in the database you can run the following command on Linux:

echo -n "password" | openssl dgst -sha256 -binary | openssl base64

replace password with the actual password.
In the security domain configuration you are missing the following option:

<module-option name="hashStorePassword" value="true"/>

to indicate the password is stored hashed in the DB.
Actions
3. Re: Database Login Module encrypted password error

sfriesen Aug 16, 2011 11:01 AM (in response to jaikiran)

Thanks for the help with tracing Jaikiran. The log is below. There is a ClassNotFoundException with TransactionManagerLocator, but as I see from another one of your posts, that exception can be ignored when tracing is on. So, it looks like I am just having a problem with my password. I am going to move on to Marcus's suggestion and see if I can get the encrypted and encoded password stored correctly in the database.

log with tracing on:

07:44:56,052 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-1) Security checking request GET /sftestlogin/faces/protected/welcome.xhtml
07:44:56,052 DEBUG [org.apache.catalina.realm.RealmBase] (http--0.0.0.0-8080-1)   Checking constraint 'SecurityConstraint[Protected Pages]' against GET /faces/protected/welcome.xhtml --> true
07:44:56,052 DEBUG [org.apache.catalina.realm.RealmBase] (http--0.0.0.0-8080-1)   Checking constraint 'SecurityConstraint[Protected Pages]' against GET /faces/protected/welcome.xhtml --> true
07:44:56,052 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-1) Calling hasUserDataPermission()
07:44:56,052 DEBUG [org.apache.catalina.realm.RealmBase] (http--0.0.0.0-8080-1)   User data constraint has no restrictions
07:44:56,052 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-1) Calling authenticate()
07:44:56,052 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http--0.0.0.0-8080-1) Save request in session 'sWgI89eri2jsKuwwbd+XVvcL'
07:44:56,068 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/sftestlogin].[default]] (http--0.0.0.0-8080-1) Disabling the response for futher output
07:44:56,068 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/sftestlogin].[default]] (http--0.0.0.0-8080-1) The Response is vehiculed using a wrapper: org.apache.catalina.connector.Response
07:44:56,287 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-1) Failed authenticate() test
07:45:01,849 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-1) Security checking request POST /sftestlogin/faces/protected/j_security_check
07:45:01,849 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http--0.0.0.0-8080-1) Authenticating username 'stevef'
07:45:01,849 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--0.0.0.0-8080-1) Begin isValid, principal:stevef, cache entry: null
07:45:01,849 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--0.0.0.0-8080-1) defaultLogin, principal=stevef
07:45:01,849 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http--0.0.0.0-8080-1) Begin getAppConfigurationEntry(other), size=1
07:45:01,849 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http--0.0.0.0-8080-1) End getAppConfigurationEntry(other), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=hashAlgorithm, value=SHA-256
name=principalsQuery, value=select password from app_user where username=?
name=hashEncoding, value=base64
name=dsJndiName, value=java:/FIS05
name=rolesQuery, value=select r.rolename,'Roles' from role r, app_user u, app_user_role_xref x where u.useridx=x.useridx and x.roleidx=r.roleidx and u.username=?
07:45:01,849 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) initialize
07:45:01,849 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) Security domain: other
07:45:01,849 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) Password hashing activated: algorithm = SHA-256, encoding = base64, charset = {default}, callback = null, storeCallback = null
07:45:01,849 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) DatabaseServerLoginModule, dsJndiName=java:/FIS05
07:45:01,849 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) principalsQuery=select password from app_user where username=?
07:45:01,849 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) rolesQuery=select r.rolename,'Roles' from role r, app_user u, app_user_role_xref x where u.useridx=x.useridx and x.roleidx=r.roleidx and u.username=?
07:45:01,849 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) suspendResume=true
07:45:01,865 TRACE [org.jboss.security.plugins.TransactionManagerLocator] (http--0.0.0.0-8080-1) Exception in getJBossTM:: java.lang.ClassNotFoundException: org.jboss.tm.TransactionManagerLocator from [Module "deployment.sftestlogin.war:main" from Service Module Loader]
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:191)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:358)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:307)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:101)
at org.jboss.security.plugins.TransactionManagerLocator.getJBossTM(TransactionManagerLocator.java:86) [picketbox-4.0.0.Final.jar:4.0.0.Final]
at org.jboss.security.plugins.TransactionManagerLocator.getTM(TransactionManagerLocator.java:70) [picketbox-4.0.0.Final.jar:4.0.0.Final]
at org.jboss.security.auth.spi.DatabaseServerLoginModule.getTransactionManager(DatabaseServerLoginModule.java:285) [picketbox-4.0.0.Final.jar:4.0.0.Final]
at org.jboss.security.auth.spi.DatabaseServerLoginModule.initialize(DatabaseServerLoginModule.java:129) [picketbox-4.0.0.Final.jar:4.0.0.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_24]
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) [:1.6.0_24]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) [:1.6.0_24]
at java.lang.reflect.Method.invoke(Unknown Source) [:1.6.0_24]
at javax.security.auth.login.LoginContext.invoke(Unknown Source) [:1.6.0_24]
at javax.security.auth.login.LoginContext.access$000(Unknown Source) [:1.6.0_24]
at javax.security.auth.login.LoginContext$4.run(Unknown Source) [:1.6.0_24]
at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_24]
at javax.security.auth.login.LoginContext.invokePriv(Unknown Source) [:1.6.0_24]
at javax.security.auth.login.LoginContext.login(Unknown Source) [:1.6.0_24]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:411) [picketbox-infinispan-4.0.0.Final.jar:4.0.0.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.0.Final.jar:4.0.0.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:154) [picketbox-infinispan-4.0.0.Final.jar:4.0.0.Final]
at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:127) [jboss-as-web-7.1.0.Alpha1-SNAPSHOT.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:280) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:372) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57) [jboss-as-web-7.1.0.Alpha1-SNAPSHOT.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at java.lang.Thread.run(Unknown Source) [:1.6.0_24]
07:45:01,865 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) login
07:45:01,865 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) suspendAnyTransaction
07:45:01,865 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) Excuting query: select password from app_user where username=?, with username: stevef
07:45:01,990 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) Obtained user password
07:45:01,990 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) resumeAnyTransaction
07:45:01,990 DEBUG [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) Bad password for username=stevef
07:45:01,990 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) abort
07:45:01,990 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--0.0.0.0-8080-1) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:252) [picketbox-4.0.0.Final.jar:4.0.0.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_24]
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) [:1.6.0_24]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) [:1.6.0_24]
at java.lang.reflect.Method.invoke(Unknown Source) [:1.6.0_24]
at javax.security.auth.login.LoginContext.invoke(Unknown Source) [:1.6.0_24]
at javax.security.auth.login.LoginContext.access$000(Unknown Source) [:1.6.0_24]
at javax.security.auth.login.LoginContext$4.run(Unknown Source) [:1.6.0_24]
at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_24]
at javax.security.auth.login.LoginContext.invokePriv(Unknown Source) [:1.6.0_24]
at javax.security.auth.login.LoginContext.login(Unknown Source) [:1.6.0_24]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:411) [picketbox-infinispan-4.0.0.Final.jar:4.0.0.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.0.Final.jar:4.0.0.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:154) [picketbox-infinispan-4.0.0.Final.jar:4.0.0.Final]
at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:127) [jboss-as-web-7.1.0.Alpha1-SNAPSHOT.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:280) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:372) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57) [jboss-as-web-7.1.0.Alpha1-SNAPSHOT.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at java.lang.Thread.run(Unknown Source) [:1.6.0_24]
Actions
4. Re: Database Login Module encrypted password error

sfriesen Aug 16, 2011 12:09 PM (in response to mmoyses)

Marcus, thanks for the reply. I added the module option in the standalone.xml security-domain section (<module-option name="hashStorePassword" value="true"/>). We don't run Linux here so we tried a couple more websites that calculate SHA-256 and output it in Base 64. The two websites gave the same result which I plugged into the database. Login still failed. You can see the full log in the previous post, but here's the relevant section:

08:26:25,942 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-2) login
08:26:25,942 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-2) suspendAnyTransaction
08:26:25,958 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-2) Excuting query: select password from app_user where username=?, with username: stevef
08:26:25,958 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-2) Obtained user password
08:26:25,958 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-2) resumeAnyTransaction
08:26:25,958 DEBUG [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-2) Bad password for username=stevef
08:26:25,958 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-2) abort
I will keep trying things, but wanted to give this update. Thanks.

-Steve
Actions
5. Re: Database Login Module encrypted password error

mmoyses Aug 16, 2011 1:32 PM (in response to sfriesen)

The option I meant to add is hashUserPassword and not hashStorePassword. Sorry for the confusion. You can actually leave this option out as it defaults to true. From the log we can see that the password is retrieved from the DB:

08:26:25,958 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-2) Obtained user password

so the problem should be an issue with the stored password. The passwords don't match.
Instead of typing your password in a website to calculate the hash, use the org.jboss.security.auth.spi.Util class (included in modules/org/picketbox/main/picketbox-4.0.0.Final.jar) like this:

String hashedPassword = Util.createPasswordHash("SHA-256", "BASE64", null, null, "password");

replacing password with your password. The value stored in hashedPassword is what you need to insert into the password column of your app_user table.
Actions
6. Re: Database Login Module encrypted password error

sfriesen Aug 16, 2011 1:33 PM (in response to mmoyses)

Marcus, my understanding of this setting, <module-option name="hashStorePassword" value="true"/>, is that it will hash the stored password before doing the comparison with the user-entered password. The password that we have stored in the database is already hashed, so I don't think we want the hashStorePassword option set to "true".

I tried setting hashUserPassword to "true", but that's the default value so it shouldn't be needed. It didn't help.

It's still not working so I'm not sure what the problem is.
Actions
7. Re: Database Login Module encrypted password error

sfriesen Aug 16, 2011 1:35 PM (in response to mmoyses)

You can ignore my last reply--must have been typing at the same time as you. I will try the org.jboss.security.auth.spi.Util class. Thanks.
Actions
8. Re: Database Login Module encrypted password error

sfriesen Aug 16, 2011 4:38 PM (in response to mmoyses)

It worked. The problem was that the hash that I put into the database table did not match the hash being created by JBoss. Thank you Marcus for pointing out that the createPasswordHash routing is in the org.jboss.security.auth.spi.Util class. That was helpful and I'll plan to use that in my page for creating user accounts.

It's also important when doing these changes to be very sure the security variable are being cleared out when you make changes. I'm not sure what the best way is for this. I restarted JBoss and opened a new browser.

Thanks again.
Actions

Go to original post