1 Reply Latest reply on Jul 16, 2008 10:06 PM by Ragav Gomatam

    Obtain the plaintext password in LoginModule

    Filip Majernik Newbie

      Hi everybody,
      I am coding a custom LoginModule for jboss to work with a web application(using j_security_check and FORM based authentication). MyLoginModule class implements the LoginModule interface. What I want to do is try to connect to an Oracle database with the username and password provided from the webapp and return true if it succeeds.

      My problem is: I use the PasswordCallback and than the method getPassword():

      ...
      NameCallback nameCallback = new NameCallback("Username"); PasswordCallback passwordCallback = new PasswordCallback("Password", true);
      Callback[] callbacks = new Callback[]{nameCallback, passwordCallback};

      try {
      callbackHandler.handle(callbacks);
      username = nameCallback.getName();

      char[] password = passwordCallback.getPassword();
      ...

      But the password I obtain is encrypted (I suppose some message diggest) and therefor my attempt to connect to the database always fails.

      If anyone knows how to get the password in plaintext, please help.
      Thanks,
      Filip