3 Replies Latest reply on Mar 16, 2014 6:14 PM by William Polinchak

    Using encrypted password in the DB database login module

    Hans-Michael Rupp Novice

      Hello,

       

      EAP 6.0

       

      I am trying to use encrypted passwords in the database for authentication

      I have a database login configured. It works without encryption. Following the directions in Francesco Marchioni: JBoss AS 7 Configuration, Deployment, and Administration

      I have added module-options for reading encrypted passwords:

      DatabaseLoginModule1.jpg

      For testing purposes:

      public class Base64Hash {

         

          public static void main(String[] args) {

      //        String password = args[0];

              String password = "jboss";

              MessageDigest md = null;

             

              try {

                  md = MessageDigest.getInstance("MD5");

              } catch (NoSuchAlgorithmException e) {

                  // TODO Auto-generated catch block

                  e.printStackTrace();

              }

              byte[] passwordBytes = password.getBytes();

              byte[] hash = md.digest(passwordBytes);

              String passwordHash = org.jboss.security.Base64Utils.tob64(hash);

              System.out.println(passwordHash);

          }

       

      }

      I have replaced the password in the DB with the produced hash.

      The login does not work any more. When replace the hash in the DB with "jboss", the login works. So it looks like the configuration of the login module does not work for hashing.

      The only ERROR in the log is from the unsucessful login:

      15:33:11,536 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationM

      anager] (http-/127.0.0.1:8080-1) Login failure: javax.security.auth.login.Failed

      LoginException: Password Incorrect/Password Required

              at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(Usernam

      ePasswordLoginModule.java:293) [picketbox-4.0.9.Final-redhat-1.jar:4.0.9.Final-r

      edhat-1].....

       

      Any help would be appreciated

        • 1. Re: Using encrypted password in the DB database login module
          Fernando Nasser Newbie

          I had the same issue following the book recipe.  I got it working, here are the changes:

           

          1) Either remove the hashStorePassword or change it to hashUserPassword (not needed, the default for that is true)

           

          2) calculate the passwordHash from a String password like this:

          passwordHash = Util.createPasswordHash("MD5", "BASE64", null, null, password);

           

          3) To fill your database you can obtain the digests like this:

          echo -n 'password' | openssl dgst -md5 -binary | openssl base64

           

          where password is the password you want to use (make sure you use single quotes in case you have special characters in your password; do NOT escape then with a \ as the digest is changed by it).

          • 2. Re: Using encrypted password in the DB database login module
            William Polinchak Newbie

            I've had this exact same problem.  I think the book must be wrong.  I'm going to try Fernando's solution.

            • 3. Re: Using encrypted password in the DB database login module
              William Polinchak Newbie

              Wow it worked.  I used these settings:

               

              <security-domain name="mysqldomain" cache-type="default">

                                  <authentication>

                                      <login-module code="Database" flag="required">

                                          <module-option name="dsJndiName" value="java:jboss/datasources/MysqlDS"/>

                                          <module-option name="principalsQuery" value="select password from user where name=?"/>

                                          <module-option name="rolesQuery" value="select role,'Roles' from roles where name=?"/>

                                          <module-option name="hashAlgorithm" value="MD5"/>

                                          <module-option name="hashEncoding" value="base64"/>

                                          <module-option name="hashUserPassword" value="true"/>

                                      </login-module>

                                  </authentication>

                              </security-domain>

               

              private static String hashPassword(String password) {

                      return org.jboss.crypto.CryptoUtil.createPasswordHash("MD5", "BASE64", null, null, password);

                  }