Hello, I'm using JAAS based security on JBoss2.4.3_Tomcat3.2.3.
Authentification works via the Database LoginModule which looks
for authentification in the two database tables Roles and Principals.
Now I want to store the passwords in a encoded form because it is to
dangerous for us to store them in a plain readable form.
But then the LoginModule needs to encode the passwords the user enters
before comparing it with the database entry.
Is there an easy way to do this or do I need to change some Login classes
or write them new. If yes, which classes are these and where do I get the
sources of the momentary classes?
Thanks in advance,
Encoded password support was added in the newest release, 2.4.4
Take a look at the class org.jboss.security.auth.spi.UsernamePasswordLoginModule
which is a base class for many login modules, yours probably as well. I'm using following parameters