2 Replies Latest reply on May 12, 2003 10:19 AM by Wes

    MD5/base64 doesn't work with DatabaseServerLoginModule

    Roger Foxcroft Newbie

      I have auth with mySql working a treat, and so have tried to set up md5 encryption of passwords, but now auth always fails. The relevant extract of my login-config.xml is:

      <application-policy name="RocktheNetAuth">

      <login-module flag="required" code="org.jboss.security.auth.spi.DatabaseServerLoginModule">
      <module-option name="dsJndiName">java:/MySqlDS</module-option>
      <module-option name="principalsQuery">SELECT mobile_phone,password FROM Users WHERE mobile_phone=?</module-option>
      <module-option name="rolesQuery">SELECT role,'Roles' FROM Users WHERE mobile_phone=?</module-option>
      <module-option name="hashAlgorithm">MD5</module-option>
      <module-option name="hashEncoding">base64</module-option>
      </login-module>

      </application-policy>

      Basically - if I comment out the hashAlgorithm and hashEncoding lines, and set the password to plain text in the database it works ok. Do I need to do anything else to get MD5, base64 working? I understood that this should just work.

      Thanks

      R

        • 1. Re: MD5/base64 doesn't work with DatabaseServerLoginModule
          Wes Newbie

          I have the same setup, however I do not specify the base64, maybe that is the default.

          Here is what I have
          <application-policy name = "status">

          <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
          <module-option name = "dsJndiName">java:/StatusDS</module-option>
          <module-option name = "principalsQuery">select password from user where userId=?</module-option>
          <module-option name = "rolesQuery">select role, 'Roles' from userrole where userId=?</module-option>
          <module-option name = "hashAlgorithm">MD5</module-option>
          </login-module>

          </application-policy>

          ----

          Then, the other thing to investigate is how are you getting the encrypted passwords into the database?

          I had to write a short java app that would generate encrpypted passwords to get things going. Then I would cut and paste the encrpyted password into the db to get the auth to work. (eventually, you'll have an admin screen, or something, to create new users)

          I found a Base64 encoding utility class at:
          http://iharder.sourceforge.net/base64/
          Then I used this in combination with the MessageDigest class from the JDK to do the following:

          String plainPassword = "password";
          MessageDigest md=MessageDigest.getInstance("MD5");
          System.out.println( Base64.encodeBytes(md.digest(plainPassword.getBytes())));

          • 2. Re: MD5/base64 doesn't work with DatabaseServerLoginModule
            Wes Newbie

            My first reply here didn't show up, so here goes again:

            I am not specifying the base64, maybe try taking that element out of your xml config. (or try making it all caps)

            The other thing is, how are you getting the encrypted password into the database? I had to locate a Base64 encoding utility: http://iharder.sourceforge.net/base64/ then use this in conjunction with the MessageDigest class from the JDK.

            As follows:

            // password is the plaintext password
            // this returns the encrpyted password

            MessageDigest md=MessageDigest.getInstance("MD5");
            return Base64.encodeBytes(md.digest(password.getBytes()));

            Hope this helps,
            Wes