8 Replies Latest reply on Aug 16, 2011 4:38 PM by Steve Friesen

    Database Login Module encrypted password error

    Steve Friesen Newbie

      Hi,

       

      I'm trying to get an AS7 security domain set up to use a database login module and am having some difficulty with the encryption part. Here is my security domain configuration:

       

      <security-domain name="other">
                          <authentication>
                              <login-module code="Database" flag="required">
                                  <module-option name="dsJndiName" value="java:/myds"/>
                                  <module-option name="principalsQuery" value="select password from app_user where username=?"/>
                                  <module-option name="rolesQuery" value="select r.rolename,'Roles' from role r, app_user u, app_user_role_xref x where u.useridx=x.useridx and x.roleidx=r.roleidx and u.username=?"/>
                                  <module-option name="hashAlgorithm" value="SHA-256"/>
                                  <module-option name="hashEncoding" value="base64"/>
                              </login-module>
                          </authentication>
                      </security-domain>
      
      

      I am accessing this from a JSF page and am having success if I remove the hashAlgorithm and hashEncoding module-options from the configuration, and then put a plain text password in the database. So, I take the same password and go to a website with a SHA-256 algorithm and encrypt the password and then take that and go to a website the encodes to base 64 and encode the encrypted value, and I put that in the database. Is that right?

       

      I guess the answer is 'no' because it doesn't work. Below is the logfile. If anybody has any suggestions I would greatly appreciate it.

       

      -Steve

       

      log:

      21:14:22,204 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--0.0.0.0-8080-1) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required

      at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:252) [picketbox-4.0.0.Final.jar:4.0.0.Final]

      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_24]

      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) [:1.6.0_24]

      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) [:1.6.0_24]

      at java.lang.reflect.Method.invoke(Unknown Source) [:1.6.0_24]

      at javax.security.auth.login.LoginContext.invoke(Unknown Source) [:1.6.0_24]

      at javax.security.auth.login.LoginContext.access$000(Unknown Source) [:1.6.0_24]

      at javax.security.auth.login.LoginContext$4.run(Unknown Source) [:1.6.0_24]

      at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_24]

      at javax.security.auth.login.LoginContext.invokePriv(Unknown Source) [:1.6.0_24]

      at javax.security.auth.login.LoginContext.login(Unknown Source) [:1.6.0_24]

      at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:411) [picketbox-infinispan-4.0.0.Final.jar:4.0.0.Final]

      at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.0.Final.jar:4.0.0.Final]

      at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:154) [picketbox-infinispan-4.0.0.Final.jar:4.0.0.Final]

      at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:127) [jboss-as-web-7.1.0.Alpha1-SNAPSHOT.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:280) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:372) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57) [jboss-as-web-7.1.0.Alpha1-SNAPSHOT.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]

      at java.lang.Thread.run(Unknown Source) [:1.6.0_24]

        • 1. Re: Database Login Module encrypted password error
          jaikiran pai Master

          Enable TRACE level logging of security packages as explained here http://community.jboss.org/message/617658#617658 and check the logs.

          1 of 1 people found this helpful
          • 2. Re: Database Login Module encrypted password error
            Marcus Moyses Novice

            To encrypt the password to store in the database you can run the following command on Linux:

             

            echo -n "password" | openssl dgst -sha256 -binary | openssl base64

             

            replace password with the actual password.

            In the security domain configuration you are missing the following option:

             

            <module-option name="hashStorePassword" value="true"/>

             

            to indicate the password is stored hashed in the DB.

            • 3. Re: Database Login Module encrypted password error
              Steve Friesen Newbie

              Thanks for the help with tracing Jaikiran. The log is below. There is a ClassNotFoundException with TransactionManagerLocator, but as I see from another one of your posts, that exception can be ignored when tracing is on. So, it looks like I am just having a problem with my password. I am going to move on to Marcus's suggestion and see if I can get the encrypted and encoded password stored correctly in the database.

               

              log with tracing on:

               

              07:44:56,052 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-1) Security checking request GET /sftestlogin/faces/protected/welcome.xhtml
              07:44:56,052 DEBUG [org.apache.catalina.realm.RealmBase] (http--0.0.0.0-8080-1)   Checking constraint 'SecurityConstraint[Protected Pages]' against GET /faces/protected/welcome.xhtml --> true
              07:44:56,052 DEBUG [org.apache.catalina.realm.RealmBase] (http--0.0.0.0-8080-1)   Checking constraint 'SecurityConstraint[Protected Pages]' against GET /faces/protected/welcome.xhtml --> true
              07:44:56,052 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-1)  Calling hasUserDataPermission()
              07:44:56,052 DEBUG [org.apache.catalina.realm.RealmBase] (http--0.0.0.0-8080-1)   User data constraint has no restrictions
              07:44:56,052 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-1)  Calling authenticate()
              07:44:56,052 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http--0.0.0.0-8080-1) Save request in session 'sWgI89eri2jsKuwwbd+XVvcL'
              07:44:56,068 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/sftestlogin].[default]] (http--0.0.0.0-8080-1)  Disabling the response for futher output
              07:44:56,068 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/sftestlogin].[default]] (http--0.0.0.0-8080-1)  The Response is vehiculed using a wrapper: org.apache.catalina.connector.Response
              07:44:56,287 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-1)  Failed authenticate() test
              07:45:01,849 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http--0.0.0.0-8080-1) Security checking request POST /sftestlogin/faces/protected/j_security_check
              07:45:01,849 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http--0.0.0.0-8080-1) Authenticating username 'stevef'
              07:45:01,849 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--0.0.0.0-8080-1) Begin isValid, principal:stevef, cache entry: null
              07:45:01,849 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--0.0.0.0-8080-1) defaultLogin, principal=stevef
              07:45:01,849 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http--0.0.0.0-8080-1) Begin getAppConfigurationEntry(other), size=1
              07:45:01,849 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http--0.0.0.0-8080-1) End getAppConfigurationEntry(other), authInfo=AppConfigurationEntry[]:
              [0]
              LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
              ControlFlag: LoginModuleControlFlag: required
              Options:
              name=hashAlgorithm, value=SHA-256
              name=principalsQuery, value=select password from app_user where username=?
              name=hashEncoding, value=base64
              name=dsJndiName, value=java:/FIS05
              name=rolesQuery, value=select r.rolename,'Roles' from role r, app_user u, app_user_role_xref x where u.useridx=x.useridx and x.roleidx=r.roleidx and u.username=?

              07:45:01,849 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) initialize
              07:45:01,849 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) Security domain: other
              07:45:01,849 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) Password hashing activated: algorithm = SHA-256, encoding = base64, charset = {default}, callback = null, storeCallback = null
              07:45:01,849 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) DatabaseServerLoginModule, dsJndiName=java:/FIS05
              07:45:01,849 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) principalsQuery=select password from app_user where username=?
              07:45:01,849 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) rolesQuery=select r.rolename,'Roles' from role r, app_user u, app_user_role_xref x where u.useridx=x.useridx and x.roleidx=r.roleidx and u.username=?
              07:45:01,849 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) suspendResume=true
              07:45:01,865 TRACE [org.jboss.security.plugins.TransactionManagerLocator] (http--0.0.0.0-8080-1) Exception in getJBossTM:: java.lang.ClassNotFoundException: org.jboss.tm.TransactionManagerLocator from [Module "deployment.sftestlogin.war:main" from Service Module Loader]
              at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:191)
              at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:358)
              at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:307)
              at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:101)
              at org.jboss.security.plugins.TransactionManagerLocator.getJBossTM(TransactionManagerLocator.java:86) [picketbox-4.0.0.Final.jar:4.0.0.Final]
              at org.jboss.security.plugins.TransactionManagerLocator.getTM(TransactionManagerLocator.java:70) [picketbox-4.0.0.Final.jar:4.0.0.Final]
              at org.jboss.security.auth.spi.DatabaseServerLoginModule.getTransactionManager(DatabaseServerLoginModule.java:285) [picketbox-4.0.0.Final.jar:4.0.0.Final]
              at org.jboss.security.auth.spi.DatabaseServerLoginModule.initialize(DatabaseServerLoginModule.java:129) [picketbox-4.0.0.Final.jar:4.0.0.Final]
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_24]
              at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) [:1.6.0_24]
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) [:1.6.0_24]
              at java.lang.reflect.Method.invoke(Unknown Source) [:1.6.0_24]
              at javax.security.auth.login.LoginContext.invoke(Unknown Source) [:1.6.0_24]
              at javax.security.auth.login.LoginContext.access$000(Unknown Source) [:1.6.0_24]
              at javax.security.auth.login.LoginContext$4.run(Unknown Source) [:1.6.0_24]
              at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_24]
              at javax.security.auth.login.LoginContext.invokePriv(Unknown Source) [:1.6.0_24]
              at javax.security.auth.login.LoginContext.login(Unknown Source) [:1.6.0_24]
              at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:411) [picketbox-infinispan-4.0.0.Final.jar:4.0.0.Final]
              at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.0.Final.jar:4.0.0.Final]
              at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:154) [picketbox-infinispan-4.0.0.Final.jar:4.0.0.Final]
              at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:127) [jboss-as-web-7.1.0.Alpha1-SNAPSHOT.jar:7.1.0.Alpha1-SNAPSHOT]
              at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:280) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:372) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
              at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57) [jboss-as-web-7.1.0.Alpha1-SNAPSHOT.jar:7.1.0.Alpha1-SNAPSHOT]
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
              at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
              at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
              at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
              at java.lang.Thread.run(Unknown Source) [:1.6.0_24]

              07:45:01,865 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) login
              07:45:01,865 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) suspendAnyTransaction
              07:45:01,865 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) Excuting query: select password from app_user where username=?, with username: stevef
              07:45:01,990 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) Obtained user password
              07:45:01,990 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) resumeAnyTransaction
              07:45:01,990 DEBUG [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) Bad password for username=stevef
              07:45:01,990 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-1) abort
              07:45:01,990 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--0.0.0.0-8080-1) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
              at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:252) [picketbox-4.0.0.Final.jar:4.0.0.Final]
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_24]
              at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) [:1.6.0_24]
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) [:1.6.0_24]
              at java.lang.reflect.Method.invoke(Unknown Source) [:1.6.0_24]
              at javax.security.auth.login.LoginContext.invoke(Unknown Source) [:1.6.0_24]
              at javax.security.auth.login.LoginContext.access$000(Unknown Source) [:1.6.0_24]
              at javax.security.auth.login.LoginContext$4.run(Unknown Source) [:1.6.0_24]
              at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_24]
              at javax.security.auth.login.LoginContext.invokePriv(Unknown Source) [:1.6.0_24]
              at javax.security.auth.login.LoginContext.login(Unknown Source) [:1.6.0_24]
              at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:411) [picketbox-infinispan-4.0.0.Final.jar:4.0.0.Final]
              at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.0.Final.jar:4.0.0.Final]
              at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:154) [picketbox-infinispan-4.0.0.Final.jar:4.0.0.Final]
              at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:127) [jboss-as-web-7.1.0.Alpha1-SNAPSHOT.jar:7.1.0.Alpha1-SNAPSHOT]
              at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:280) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:372) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
              at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57) [jboss-as-web-7.1.0.Alpha1-SNAPSHOT.jar:7.1.0.Alpha1-SNAPSHOT]
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
              at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
              at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
              at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
              at java.lang.Thread.run(Unknown Source) [:1.6.0_24]

              • 4. Re: Database Login Module encrypted password error
                Steve Friesen Newbie

                Marcus, thanks for the reply. I added the module option in the standalone.xml security-domain section (<module-option name="hashStorePassword" value="true"/>). We don't run Linux here so we tried a couple more websites that calculate SHA-256 and output it in Base 64. The two websites gave the same result which I plugged into the database. Login still failed. You can see the full log in the previous post, but here's the relevant section:

                 

                08:26:25,942 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-2) login
                08:26:25,942 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-2) suspendAnyTransaction
                08:26:25,958 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-2) Excuting query: select password from app_user where username=?, with username: stevef
                08:26:25,958 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-2) Obtained user password
                08:26:25,958 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-2) resumeAnyTransaction
                08:26:25,958 DEBUG [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-2) Bad password for username=stevef
                08:26:25,958 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-2) abort

                I will keep trying things, but wanted to give this update. Thanks.

                 

                -Steve

                • 5. Re: Database Login Module encrypted password error
                  Marcus Moyses Novice

                  The option I meant to add is hashUserPassword and not hashStorePassword. Sorry for the confusion. You can actually leave this option out as it defaults to true. From the log we can see that the password is retrieved from the DB:

                   

                  08:26:25,958 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http--0.0.0.0-8080-2) Obtained user password

                   

                  so the problem should be an issue with the stored password. The passwords don't match.

                  Instead of typing your password in a website to calculate the hash, use the org.jboss.security.auth.spi.Util class (included in modules/org/picketbox/main/picketbox-4.0.0.Final.jar) like this:

                   

                  String hashedPassword = Util.createPasswordHash("SHA-256", "BASE64", null, null, "password");

                   

                  replacing password with your password. The value stored in hashedPassword is what you need to insert into the password column of your app_user table.

                  • 6. Re: Database Login Module encrypted password error
                    Steve Friesen Newbie

                    Marcus, my understanding of this setting, <module-option name="hashStorePassword" value="true"/>, is that it will hash the stored password before doing the comparison with the user-entered password. The password that we have stored in the database is already hashed, so I don't think we want the hashStorePassword option set to "true".

                     

                    I tried setting hashUserPassword to "true", but that's the default value so it shouldn't be needed. It didn't help.

                     

                    It's still not working so I'm not sure what the problem is.

                    • 7. Re: Database Login Module encrypted password error
                      Steve Friesen Newbie

                      You can ignore my last reply--must have been typing at the same time as you. I will try the org.jboss.security.auth.spi.Util class. Thanks.

                       

                      • 8. Re: Database Login Module encrypted password error
                        Steve Friesen Newbie

                        It worked. The problem was that the hash that I put into the database table did not match the hash being created by JBoss. Thank you Marcus for pointing out that the createPasswordHash routing is in the org.jboss.security.auth.spi.Util class. That was helpful and I'll plan to use that in my page for creating user accounts.

                         

                        It's also important when doing these changes to be very sure the security variable are being cleared out when you make changes. I'm not sure what the best way is for this. I restarted JBoss and opened a new browser.

                         

                        Thanks again.