3 Replies Latest reply on Nov 6, 2006 5:27 PM by vakuthota

    Custom Password encryption on authentication

    Mahesh Dixit Newbie

      This has been discussed different topics but i did not find the answer iwas looking for. So i am posting it as a new topic.

      I have a Webapp where the password entered by the User for login is encrypted (custom encryption) and stored in the db
      Currently there is no decrypt for the password.
      So, during authentication i would have to encrypt the password entered by the user on the Login form and compare it with the encrypted password stored in db.

      How can i acheive this ?

      We had our application deployed under tomcat earlier and in tomcat there is a way where you can specify the Enrcyption class and the encyrption method.

      Is there a similar way in JBoss ? I have seen people using the custom DatabaseLoginModule, but i don' think i can acheive what i want with that ..

      Any help is appreciated....

      Thanks
      Mahesh

        • 1. Re: Custom Password encryption on authentication
          Mahesh Dixit Newbie

          Ok... Since none replied to this post i had to figure out myself and got it working.

          Here's what i did

          - Created a Custom DatabaseLogonModule which extends jboss - DatabaseServerLoginModule

          public class DatabaseLogonModule extends DatabaseServerLoginModule
          {
           /**
           * @param username the username which is actually ignored
           * @param password the password from which to create the MD5 hash
           * @return the unmodified password
           * @see org.jboss.security.auth.spi.UsernamePasswordLoginModule#createPasswordHash(java.lang.String, java.lang.String)
           */
           protected String createPasswordHash( String username, String password )
           {
           return customEncryption(password);
           }
          


          - create a custom-jboss.jar (or any name you want ) and place it in your webapp.sar folder
          - Modify the login-config.xml
          <login-module code="path.to.your.custom.logon.module.DatabaseLogonModule"
           flag="required">

          And Jboss will now authenticate with the encrypted password provided in the Custom Logon Module.




          • 2. Re: Custom Password encryption on authentication
            vakuthota Newbie

            Hi,

            I have the same requirement. I tried as you said. but it seems that it is not invoked. everytime user login failing.

            I just did what you said..

            I even enabled the trace logging, There it shows my custom login module is loaded. But it is failing.

            Do i need do anything else to make it work ??

            Appreciate your help.

            • 3. Re: Custom Password encryption on authentication
              vakuthota Newbie

              Why do we have to write our own custom class, as per documentation it is supporting the hashalgorithm already.

              if you mention the following options in login-config.xml

              <application-policy name="myapp">
               <authentication>
               <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
               <module-option name="dsJndiName">java:/ngirmDS</module-option>
               <module-option name="principalsQuery">Select PASSWORD from USERS where LOGINNAME =?</module-option>
               <module-option name="rolesQuery">Select GROUPNAME , 'Roles' from USERGRPASSOC where LOGINNAME =?</module-option>
               <module-option name="hashAlgorithm">SHA</module-option>
               <module-option name="hashEncoding">Base64</module-option>
               <module-option name="hashCharset">UTF-8</module-option>
               </login-module>
               </authentication>
               </application-policy>


              But i tried this, it is not working.

              Any idea ??