4 Replies Latest reply on Aug 8, 2008 9:28 PM by Ragav Gomatam

    DatabaseServerLoginModule with Cipher and PBEWithMD5AndDES

    Katherine Youngblood Newbie

      All of our passwords in our database are encrpyted until the javax.crypto API (Cipher Classes) and PBEWithMD5AndDES hash Algorithm.

      I noticed that jboss 4.2.2 is using the java.security classes for decrypting the database passwords in the DatabaseServerLoginModule class. Is there anyway we can get jboss to PBEWithMD5AndDES with the Cipher classes without having to write additional code?

      Just wondering if there was another class out there that handled this or something I could set up in the configuration.

        • 1. Re: DatabaseServerLoginModule with Cipher and PBEWithMD5AndD
          Ragav Gomatam Novice

          Check out the login-config.xml element in the following :-

          <application-policy name = "testPBEIdentityLoginModule">
           <authentication>
           <login-module code = "org.jboss.resource.security.PBEIdentityLoginModule"
           flag = "required">
           <module-option name = "principal">sa</module-option>
           <module-option name = "userName">sa</module-option>
           <!--
           output from:
           org.jboss.resource.security.PBEIdentityLoginModule
           thesecret testPBEIdentityLoginModule abcdefgh 19 PBEWithMD5AndDES
           -->
           <module-option name = "password">3fp7R/7TMjyTTxhmePdJVk</module-option>
           <module-option name = "ignoreMissigingMCF">true</module-option>
           <module-option name = "pbealgo">PBEWithMD5AndDES</module-option>
           <module-option name = "pbepass">testPBEIdentityLoginModule</module-option>
           <module-option name = "salt">abcdefgh</module-option>
           <module-option name = "iterationCount">19</module-option>
           <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
           </login-module>
           </authentication>
           </application-policy>
           <application-policy name = "testPBEIdentityLoginModuleTmpFilePassword">
           <authentication>
           <login-module code = "org.jboss.resource.security.PBEIdentityLoginModule"
           flag = "required">
           <module-option name = "principal">sa</module-option>
           <module-option name = "userName">sa</module-option>
           <!--
           output from:
           org.jboss.resource.security.PBEIdentityLoginModule
           thesecret2 testPBEIdentityLoginModuleTmpFilePassword abcdefgh 19 PBEWithMD5AndDES
           -->
           <module-option name = "password">2zff525DS/OgTuWuJtHYHa</module-option>
           <module-option name = "ignoreMissigingMCF">true</module-option>
           <module-option name = "pbealgo">PBEWithMD5AndDES</module-option>
           <module-option name = "pbepass">{CLASS}org.jboss.security.plugins.TmpFilePassword:${java.io.tmpdir}/tmp.password,5000</module-option>
           <module-option name = "salt">abcdefgh</module-option>
           <module-option name = "iterationCount">19</module-option>
           <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
           </login-module>
           </authentication>
           </application-policy>
          


          More information available at
          http://wiki.jboss.org/wiki/ConfigJCALoginModule

          • 2. Re: DatabaseServerLoginModule with Cipher and PBEWithMD5AndD
            Katherine Youngblood Newbie

            Yes, I saw that, but I didn't see where the Database fit in with all this. There are no examples on where to put my Users query or Roles query, etc. The documentation does not go into this detail and based on what I see in the source, this does not look up any tables in the database. Is there something else?

            • 3. Re: DatabaseServerLoginModule with Cipher and PBEWithMD5AndD
              Ragav Gomatam Novice

              Well, I guess then you will have to subclass the AbstractServerLoginModule & do a MDS/SHA-1 encrypt/decrypt action yourself. Code for this was posted a while back in this forum