3 Replies Latest reply on Feb 19, 2007 1:41 PM by Alejandro Guzman

    Compare a VarBinary Password

    Alejandro Guzman Newbie

      Hi, I'm trying to Authenticate a user using DatabaseLoginModule, but the password is stored in a binary datatype field of SQL.
      When I do the authentication JBoss always throw me the following errors: Bad password for username=user

      I've been used the same security configuration but the password stored is a varchar datatype fields and its works perfect.

      Does any one knows if their is a special feature to configure to compare binary password instead of text in JBoss ??

      login-config.xml
      <application-policy name = "Servipago-domain">

      <login-module code = "com.servi.seguridad.jboss.ServiDatabaseServerLoginModule" flag="required">
      <module-option name = "dsJndiName">java:/ServiDS</module-option>
      <module-option name = "principalsQuery">
      SELECT Co_Clave AS Password FROM Usuario_Sistema_Internet WHERE Di_Correo=?
      </module-option>
      <module-option name = "rolesQuery">
      SELECT r.de_rol AS Role, 'Roles' FROM rol r, usuario_sistema_internet usi WHERE usi.di_correo= ? AND usi.co_rol = r.co_rol
      </module-option>
      <module-option name = "hashAlgorithm">MD5</module-option>
      <module-option name = "password-stacking">useFirstPass</module-option>
      </login-module>

      </application-policy>

      Thanks in advance..
      Alejandro

        • 1. Re: Compare a VarBinary Password
          None None Master

          Why are you using var binary for storing a password? Why not just store it as chars and use some reasonable encoding, like UTF-8?

          • 2. Re: Compare a VarBinary Password
            None None Master

            Oh and to answer your question: It sounds to me like you might need to write a custom subclass of one of JBoss's LoginModule classes. It's not hard to do. But what you're doing doesn't sound like it makes sense. If your passwords are hashed, you should hex encode them before storing them, and then DatabaseServerLoginModule will be able to handle them with the proper config settings.

            • 3. Re: Compare a VarBinary Password
              Alejandro Guzman Newbie

              Hi, and thank for your reply... I resolved the situacion easy, I just convert the bytes to Hex and change the hashEncoding to "Hex" instead of "Base64"

              login-config.xml
              <application-policy name = "Servipago-domain">

              <login-module code = "com.servi.seguridad.jboss.ServiDatabaseServerLoginModule" flag="required">
              <module-option name = "dsJndiName">java:/ServiDS</module-option>
              <module-option name = "principalsQuery">
              SELECT Co_Clave AS Password FROM Usuario_Sistema_Internet WHERE Di_Correo=?
              </module-option>
              <module-option name = "rolesQuery">
              SELECT r.de_rol AS Role, 'Roles' FROM rol r, usuario_sistema_internet usi WHERE usi.di_correo= ? AND usi.co_rol = r.co_rol
              </module-option>
              <module-option name = "hashAlgorithm">MD5</module-option>
              <module-option name = "hashEncoding">hex</module-option>
              <module-option name = "password-stacking">useFirstPass</module-option>
              </login-module>

              </application-policy>


              ServiDatabaseServerLoginModule.java overwrite method convertRawPassword:

              protected String convertRawPassword(String rawPassword)
              {
              rawPassword = Hex.toString(rawPassword.getBytes());

              return rawPassword;
              }

              Thanks,
              Alejandro