5 Replies Latest reply on Oct 8, 2002 7:24 PM by TJ

    how to use MD5 hashalgorithm and base64 hashencoding

    TJ Newbie

      hi;
      Does anybody tell me how to use the
      MD5 hash algorithm and base64 hash Encoding for the FORM based authentication? do I need to hash the both username and password? Only my password is hashed but not username in database. Can anybody give me step by step example of how to use it?

      Here what I put on login-config.xml :
      =====================================
      <application-policy name = "ADomain">

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
      flag = "required">
      <module-option name = "dsJndiName">java:/MSSQLDS</module-option>
      <module-option name = "principal">a</module-option>

      <module-option name = "principalsQuery">select hashed_password from Users where userID=?</module-option>
      <module-option name = "rolesQuery">select a.userRoles, 'Roles' AS ROLE from UserTypes a, Users b where a.userTypeID = b.userTypeID AND b.userID=?</module-option>
      <module-option name="hashAlgorithm">MD5</module-option>
      <module-option name="hashEncoding">base64</module-option>
      <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=MSSQLDS</module-option>

      </login-module>

      </application-policy>

        • 1. Re: how to use MD5 hashalgorithm and base64 hashencoding
          Brian Newbie

          The username field in the database should not be hashed. However.....the password field needs to be a hash of a MessageDigest object containing both the username AND the password. That is the way that JBoss handles the hashing for password. It places both into the MessageDigest, hashes it, and uses that as the password value. So generate a hash of the username and password in one MessageDigest object, place that value into the user's password field in the database and you should be good to go.

          Hope it helps,
          tool

          • 2. Re: how to use MD5 hashalgorithm and base64 hashencoding
            TJ Newbie

            hi ;
            Thank's for replying. Can you attach me an example and step by step how to do it? Thank's before. I'm new in this.


            ^_^

            • 3. Re: how to use MD5 hashalgorithm and base64 hashencoding
              TJ Newbie

              From message on forum, I know that we can use a Util class in org.jboss.security package to generate the hash password but not really sure how to use it. Can somebody give me an example? Thank's

              • 4. Re: how to use MD5 hashalgorithm and base64 hashencoding
                Brian Newbie

                This is out of the UsernamePasswordLoginModule code:

                import org.jboss.security.Util;
                protected String createPasswordHash(String username, String password)
                {
                String passwordHash = Util.createPasswordHash(hashAlgorithm, hashEncoding,
                hashCharset, username, password);
                return passwordHash;
                }

                I suggest downloading the source code for the version you are using and tracking down the Util class. The source code is pretty well documented and you should be able to figure out the specifics of using the Util class. If you use a login module that extends UsernamePasswordLoginModule then all you have to do is supply the correct hash in the database and the correct parameters to the login module (hash algorith, encoding, etc.).
                Brian

                PS.....example login-config.xml entry
                <application-policy name="YourDomain">

                <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
                <module-option name="dsJndiName">java:/yourDS</module-option>
                <module-option name="principalsQuery">SELECT Password FROM Principals WHERE PrincipalID=?</module-option>
                <module-option name="rolesQuery">SELECT Role, RoleGroup FROM Roles WHERE PrincipalID=?</module-option>
                <module-option name="hashAlgorithm">MD5</module-option>
                <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=yourDS</module-option>
                </login-module>

                </application-policy>

                • 5. Re: how to use MD5 hashalgorithm and base64 hashencoding
                  TJ Newbie

                  hi thank's for the reply. What should I put for the hashAlgorithm and hashEncoding??? can you give me example?? how about hashCharset?? I know one of them is a constants variable. Can you give me working example please?

                  Please reply.
                  ^_^