Extending DatabaseServerLoginModule
edgar.silva Oct 31, 2005 11:51 AMHi Folks...
I have a particular issue for my application, I am storing the passwords using MD5 Algoritm for improve security issues.
As I am doing it, I created a new class extending DataBaseServerLoginModule, and I just changed the login method.
My change is not working, I just get the plain password sent thrugh BASIC HTTP and I apply MD5 and I´ve comparing one with other, and it does not working.
Somebody could help with some trick to solve it?
The Following code is part of my implementations to that scenario:
public class MD5DatabaseServerLoginModule extends DatabaseServerLoginModule
{
/** The login identity */
private Principal identity;
/** The proof of login identity */
private char[] credential;
/** Perform the authentication of the username and password.
*/
public boolean login() throws LoginException
{
//log to test only here
Logger log = Logger.getLogger(MD5DatabaseServerLoginModule.class);
// See if shared credentials exist
if( super.login() == true )
{
// Setup our view of the user
Object username =
sharedState.get("javax.security.auth.login.name");
if( username instanceof Principal )
identity = (Principal) username;
else
{
String name = username.toString();
identity = new SimplePrincipal(name);
}
Object password =
sharedState.get("javax.security.auth.login.password");
if( password instanceof char[] )
credential = (char[]) password;
else if( password != null )
{
String tmp = password.toString();
credential = tmp.toCharArray();
}
return true;
}
super.loginOk = false;
String[] info = getUsernameAndPassword();
String username = info[0];
String password = info[1];
log.debug("Senha informada vindo do INFO"+ password);
if( username == null && password == null )
{
identity = unauthenticatedIdentity;
//super.log.trace("Authenticating as
unauthenticatedIdentity="+identity);
}
if( identity == null )
{
identity = new SimplePrincipal(username);
// Hash the user entered password if password hashing is in use
// Validate the password supplied by the subclass
String expectedPassword = getUsersPassword();
log.debug("Senha vindo do banco :" + expectedPassword);
password =MD5Cripto.getInstance().criptografar(password);
log.debug("Senha criptografada:"+ password);
log.debug(password+"=="+expectedPassword);
log.info(password+"=="+expectedPassword);
if( validatePassword(password,expectedPassword) == false )
{
throw new FailedLoginException("Password Incorrect/Password
Required");
}
}
if( getUseFirstPass() == true )
{ // Add the username and password to the shared state map
sharedState.put("javax.security.auth.login.name", username);
sharedState.put("javax.security.auth.login.password", credential);
}
loginOk = true;
log.debug("Login?" + loginOk);
return true;
}
}
My class to Apply MD5 is the following :
/**
* Classe Utilitaria para MD5
* @author Edgar Silva
*/
public class MD5Util {
static private final MessageDigest MD5 = getMessageDigest();
static private final char[] INT_TO_CHAR = {'0', '1', '2', '3', '4', '5',
'6',
'7', '8', '9', 'a', 'b', 'c',
'd',
'e', 'f'};
/** Creates a new instance of MD5Util */
private MD5Util() {
}
private static MessageDigest getMessageDigest() {
try {
return MessageDigest.getInstance("MD5");
} catch (NoSuchAlgorithmException nsae) {
throw new ExceptionInInitializerError(nsae);
}
}
public static String encrypt(String senha) {
final StringBuffer ret = new StringBuffer(32);
try {
final byte[] digest = ((MessageDigest)MD5.clone()).digest(
senha.getBytes()
);
int b;
for (int i = 0; i < digest.length; i++) {
b = (digest < 0) ? -digest + 127 : digest;
ret.append(INT_TO_CHAR[(b & 0x00F0) >> 4])
.append(INT_TO_CHAR[b & 0x000F]);
}
return ret.toString();
} catch (CloneNotSupportedException cnse) {
throw new Error(cnse);
}
}
}
I hope that I had explained my trouble and situation...Since now, thanks a lot by any help!
Best Regards
Edgar Silva