0 Replies Latest reply on May 7, 2016 12:35 PM by Michael Wolf

    jboss 7 requires password in an encrypted form

    Michael Wolf Newbie

      My problem is: I keep passwords encrypted in sql database, and JBoss rejects me when I enter them in normal (not hashed) form. What is more, when I try with their hashed forms  i.e. "X8oyfUbUbfqE9IWvAW1/3"  instead of "admin" - it's fine...

      Here is a snippet from my configuration xml file:

        <security-domain name="mysqldomain" cache-type="default">

                          <authentication>

                              <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

                                  <module-option name="dsJndiName" value="java:/MySqlDS"/>

                                  <module-option name="principalsQuery" value="select passwd from USERS where login=?"/>

                                  <module-option name="rolesQuery" value="select role, 'Roles' from USER_ROLES where login=?"/>

                                  <module-option name="hashAlgorithm" value="MD5"/>

                                  <module-option name="hashEncoding" value="BASE64"/>

                                  <module-option name="hashStorePassword" value="true"/>

                                  <module-option name="hashUserPassword" value="true"/>

                              </login-module>

                          </authentication>

        </security-domain>

      I tried evey combination of the last two options, and both normal and encrypted password aren't correct  in the rest of the cases.

       

      My jboss-web.xml file:

      <jboss-web>

        <security-domain>java:/jaas/mysqldomain</security-domain>

      </jboss-web>

       

       

      I would greatly appreciate any help.