The username field in the database should not be hashed. However.....the password field needs to be a hash of a MessageDigest object containing both the username AND the password. That is the way that JBoss handles the hashing for password. It places both into the MessageDigest, hashes it, and uses that as the password value. So generate a hash of the username and password in one MessageDigest object, place that value into the user's password field in the database and you should be good to go.
Hope it helps,
Thank's for replying. Can you attach me an example and step by step how to do it? Thank's before. I'm new in this.
From message on forum, I know that we can use a Util class in org.jboss.security package to generate the hash password but not really sure how to use it. Can somebody give me an example? Thank's
This is out of the UsernamePasswordLoginModule code:
protected String createPasswordHash(String username, String password)
String passwordHash = Util.createPasswordHash(hashAlgorithm, hashEncoding,
hashCharset, username, password);
I suggest downloading the source code for the version you are using and tracking down the Util class. The source code is pretty well documented and you should be able to figure out the specifics of using the Util class. If you use a login module that extends UsernamePasswordLoginModule then all you have to do is supply the correct hash in the database and the correct parameters to the login module (hash algorith, encoding, etc.).
PS.....example login-config.xml entry
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="principalsQuery">SELECT Password FROM Principals WHERE PrincipalID=?</module-option>
<module-option name="rolesQuery">SELECT Role, RoleGroup FROM Roles WHERE PrincipalID=?</module-option>
hi thank's for the reply. What should I put for the hashAlgorithm and hashEncoding??? can you give me example?? how about hashCharset?? I know one of them is a constants variable. Can you give me working example please?