1 Reply Latest reply on Oct 4, 2012 7:26 AM by michajil_tigrow

    How to configure DatabaseLoginModule for DIGEST authentication?

    michajil_tigrow Newbie

      Hi

      I'm having problems to set up DatabaseLoginModule for DIGEST authentication.

      Passwords in my db are hashed.

      What I managed to do so far, is to set the DatabaseLoginModule to work with BASIC auth.

      Working configuration:

       

      web.xml

       

      {code:xml}

      ...

      <login-config>

            <auth-method>BASIC</auth-method>

            <realm-name>JbossProductionSecurity</realm-name>

         </login-config>

      ...

      {code}

       

      jboss-web.xml

       

      {code:xml}

      <jboss-web>

           <security-domain>JbossProductionSecurity</security-domain>

      </jboss-web>

      {code}

       

      standalone.xml

       

      {code:xml}

      <security-domain name="JbossProductionSecurity" cache-type="default">

                          <authentication>

                              <login-module code="Database" flag="required">

                                  <module-option name="dsJndiName" value="java:jboss/ProductionDS"/>

                                  <module-option name="principalsQuery" value="SELECT password ..."/>

                                  <module-option name="rolesQuery" value="SELECT role.name as Role,         'Roles' FROM ..."/>

                                  <module-option name="hashAlgorithm" value="MD5"/>

                                  <module-option name="hashEncoding" value="base64"/>

                                  <module-option name="ignorePasswordCase" value="false"/>

                              </login-module>

                          </authentication>

                      </security-domain>

      {code}

       

       

      Now, the above works fine.

      When I change BASIC to DIGEST in the web.xml it fails.

      I tried to add a digest callback to the standalone.xml

       

      {code:xml} <module-option name="digestCallback" value="org.jboss.security.auth.callback.RFC2617Digest"/>{code}

      but it does not help.

      What I'm missing?

        • 1. Re: How to configure DatabaseLoginModule for DIGEST authentication?
          michajil_tigrow Newbie

          Ok, I've manage to solve my problem partially.

          At first I switched to the different login module just to understand how this should be done, and this thread helped me a lot https://community.jboss.org/message/744521

           

          So, I had to change the way I encrypt passwords in my db - now they're encrypted the same way RFC2617Digest does it. After that it was simple, I just reused the solution from the above thread with little modifications just to use the db login module.

           

           

          {code:xml}

          <login-module code="Database" flag="required">

                                      <module-option name="dsJndiName" value="..." />

                                      <module-option name="principalsQuery"

                                          value="SELECT password FROM .." />

                                      <module-option name="rolesQuery"

                                          value="SELECT role.name as Role,         'Roles' FROM ..." />

                                      <module-option name="hashAlgorithm" value="MD5"/>

                                      <module-option name="hashEncoding" value="RFC2617"/>

                                      <module-option name="hashUserPassword" value="false"/>

                                      <module-option name="hashStorePassword" value="true"/>

                                      <module-option name="passwordIsA1Hash" value="true"/>

                                      <module-option name="storeDigestCallback" value="org.jboss.security.auth.callback.RFC2617Digest"/>

                                  </login-module>

          {code}