7 Replies Latest reply on May 19, 2003 6:31 AM by Soni

    storing encrypted password in user.properties in UsersRolesL

    Soni Newbie

      hi,
      is it possible to store an encrypted password in user.properties in UsersRolesLoginModule authentication?
      -Soni

        • 1. Re: storing encrypted password in user.properties in UsersRo
          medthomas Newbie

          Soni,

          Yes it is possible. You need to modify the XML login configuration file to set the hashAlgorithm module option for the UsersRolesLoginModule.

          More detail information (including some examples) can be found on pages 84-85 of the JBoss 3.0 Quick Start Guide which is available from the download pages.

          Mark

          • 2. Re: storing encrypted password in user.properties in UsersRo
            Soni Newbie

            hi mark,
            as u said, i just placed
            <module-option name="hashAlgorithm">MD5</module-option>
            this line in login-config.xml( which was specified in quickstart guide ). But when i restarted the server and run the client it throwed the following exceptions at server and client side....
            If i remove the above line and restart server and run client it works fine....

            At server side:
            16:01:29,712 ERROR [SecurityInterceptor] Authentication exception, principal=scott
            16:01:29,722 ERROR [LogInterceptor] EJBException, causedBy:
            java.lang.SecurityException: Authentication exception, principal=scott
            at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:173)
            at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:94)
            at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:129)
            at org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionContainer.java:300)
            at org.jboss.ejb.Container.invoke(Container.java:730)
            at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:517)
            at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:382)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:324)
            at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
            at sun.rmi.transport.Transport$1.run(Transport.java:148)
            at java.security.AccessController.doPrivileged(Native Method)
            at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
            at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
            at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
            at java.lang.Thread.run(Thread.java:536)

            and
            at client side:
            [java] java.rmi.ServerException: RemoteException occurred in server thread;
            nested exception is:
            [java] java.rmi.ServerException: EJBException:; nested exception is:
            [java] javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
            [java] Authentication exception, principal=scott
            [java] at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:292)
            [java] at sun.rmi.transport.Transport$1.run(Transport.java:148)
            [java] at java.security.AccessController.doPrivileged(Native Method)
            [java] at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
            [java] at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
            [java] at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
            [java] at java.lang.Thread.run(Thread.java:536)
            [java] at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:247)
            [java] at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:223)
            [java] at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:133)
            [java] at org.jboss.invocation.jrmp.server.JRMPInvoker_Stub.invoke(Unknown Source)
            [java] at org.jboss.invocation.jrmp.interfaces.JRMPInvokerProxy.invoke(JRMPInvokerProxy.java:138)
            [java] at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:108)
            [java] at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:77)
            [java] at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:80)
            [java] at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:198)
            [java] at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:76)
            [java] at $Proxy0.create(Unknown Source)
            [java] at org.jboss.docs.jaas.howto.SessionClient.main(SessionClient.java:90)
            [java] Caused by: java.rmi.ServerException: EJBException:; nested exception is:
            [java] javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
            [java] Authentication exception, principal=scott
            [java] at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:357)
            [java] at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:133)
            [java] at org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionContainer.java:300)
            [java] at org.jboss.ejb.Container.invoke(Container.java:730)
            [java] at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:517)
            [java] at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:382)
            [java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            [java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
            [java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            [java] at java.lang.reflect.Method.invoke(Method.java:324)
            [java] at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
            [java] at sun.rmi.transport.Transport$1.run(Transport.java:148)
            [java] at java.security.AccessController.doPrivileged(Native Method)
            [java] at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
            [java] at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
            [java] at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
            [java] at java.lang.Thread.run(Thread.java:536)
            [java] Caused by: javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
            [java] Authentication exception, principal=scott
            [java] at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:174)
            [java] at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:94)
            [java] at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:129)
            [java] ... 15 more

            what is the problem?
            :(
            Soni

            • 3. Re: storing encrypted password in user.properties in UsersRo
              medthomas Newbie

              Soni,

              I have tried to post an example web app where everything works but there seems to be some problem with me posting attachments. I'll try again tomorrow from a different PC.

              In the mean time, I found that base64 encoding failed but hex encoding worked. I sugest you try this as a first step. I think this is because the base64 encoded output included a '=' character and this is used in users.properties to seperate the username and password. It may well have confused things.

              I used a clear text password of:
              password

              and a MD5 hash, hex encoded text of:
              5f4dcc3b5aa765d61d8327deb882cf99

              I also noticed you refered to 'user.properties' in your post title. The default filename is 'users.properties'.

              Hope the above helps. Let me know how you get on.

              Mark

              • 4. Re: storing encrypted password in user.properties in UsersRo
                Soni Newbie

                Mark,
                could u pls show me the encryption program of MD5 using Hex encoding..
                -Soni

                • 6. Re: storing encrypted password in user.properties in UsersRo
                  medthomas Newbie

                  And here is a very quick and dirty way to generate hex encoded MD5 hashes.

                  It uses the existing JBoss classes to do it. I have also included the Forte .classpath file I used to compile it. The .classpath is just as quick and dirty - it refers to every single JBoss jar.

                  In an ideal world (one where I had a lot more free time) I wouldn't do it like this, but hey - it works ;)

                  Mark

                  • 7. Re: storing encrypted password in user.properties in UsersRo
                    Soni Newbie

                    thx Mark....
                    ur suggetions helped me a lot....
                    -Soni