0 Replies Latest reply on Dec 20, 2013 5:31 PM by vajry987

    jboss 7.1.1 EJB call from remote client with digest database authentication

    vajry987
    vajry987 Dec 20, 2013 5:31 PM

      Hi!

      I have simple EJB for testing, that I need to call from standalone java application.

      I was sucesful with authentication against jboss properties files (application-roles.properties and application-users.properties)

      i was succesful with authorization against database, sending plain usersname and password from client ..

      but i want to send password secured, so i wanted to use digest-md5 authentication ...

      digest auth works fine with default ApplicationRealm and files - i checked communication in wireshark, server sends nonce and then gets hashed password

      when i tried the same against database, client always sends plain password ..

      in server.log i see:


      23:04:52,791 TRACE [org.jboss.remoting.remote.server] (Remoting "tomino-pc" read-1) Added mechanism JBOSS-LOCAL-USER

      23:04:52,796 TRACE [org.jboss.remoting.remote.server] (Remoting "tomino-pc" read-1) Trying SASL server factory org.jboss.sasl.digest.DigestMD5ServerFactory@c3d808c

      23:04:52,806 TRACE [org.jboss.remoting.remote.server] (Remoting "tomino-pc" read-1) Excluding mechanism DIGEST-MD5 because it is not in the allowed list

      23:04:52,815 TRACE [org.jboss.remoting.remote.server] (Remoting "tomino-pc" read-1) Trying SASL server factory org.jboss.sasl.plain.PlainServerFactory@19c26d9b

      23:04:52,823 TRACE [org.jboss.remoting.remote.server] (Remoting "tomino-pc" read-1) Added mechanism PLAIN

       

      So after long research my main question is - how can i add digest-md5 to allowed list for database login module?

      I read many discussions and tried many configurations:

      ie.:

                          <login-module code="Database" flag="required">

                                  <module-option name="dsJndiName" value="java:jboss/postgresDS"/>

                                  <module-option name="principalsQuery" value="select passwd from users where username=?"/>

                                  <module-option name="rolesQuery" value="SELECT userroles, 'Roles' FROM userroles WHERE username=?"/>

                                  <module-option name="password-stacking" value="useFirstPass"/>

                                  <module-option name="hashAlgorithm" value="MD5"/> 

                                  <module-option name="hashEncoding" value="RFC2617"/> 

                                  <module-option name="hashUserPassword" value="false"/> 

                                  <module-option name="hashStorePassword" value="true"/> 

                                  <module-option name="passwordIsA1Hash" value="true"/> 

                              </login-module>

      i tried different enconding, i tried to add this line:

           <module-option name="storeDigestCallback" value="org.jboss.security.auth.callback.RFC2617Digest"/> 

      a guess i tried almost everything, but no digest authentication ;-(

      can anybody give me some hint or a functional configuration?

      Thanks a lot,

      Tomas