0 Replies Latest reply on Jan 30, 2014 2:10 PM by klind

    Salting passwords

    klind Newbie

      JBoss EAP 6.1.1

       

      web.xml

      <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>admin</realm-name>
        <form-login-config>
        <form-login-page>/login.htm</form-login-page>
        <form-error-page>/login.htm?auth-error=true</form-error-page>
        </form-login-config>
        </login-config>
      
      

       

       

      standalone.xml

      <login-module code="Database" flag="sufficient">
                                  <module-option name="dsJndiName" value="java:jboss/jsi/JSIXADataSource"/>
                                  <module-option name="principalsQuery" value="select encode(password, 'hex') from principal where username=?"/>
                                  <module-option name="rolesQuery" value="select r.role, r.role_group from role r inner join principal p on r.role = p.role where p.username=?"/>
                                  <module-option name="hashAlgorithm" value="SHA-512"/>
                                  <module-option name="hashEncoding" value="hex"/>
                              </login-module>
      
      

       

      When storing the password I use :

       

      public static byte[] sha512(final byte[] message) {
      
      
              MessageDigest md = null;
              try {
                  md = MessageDigest.getInstance("SHA-512");
              } catch (NoSuchAlgorithmException e) {
                  throw new RuntimeException("Unable to create message digest", e);
              }
              return md.digest(message);
      
      
          }
      
      

       

       

      Now I want to add Salting to the password.

      I can add salting to the password in the java code before saving it to the database, but how to use the login module then ??

       

      Do I have to create my custom login module ?