Problem with encrypting passwords in Dynamic Login Config on
I need to encrypt the user passwords in the Db and I'm using Dynamic Login Config. here is my file called as META-INF/dynamic-login-config.xml(in the EAR)
<policy> <application-policy name = "reservator-security-domain"> <authentication> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> <module-option name="dsJndiName"> java:/ReservatorDS </module-option> <module-option name="hashAlgorithm">MD5</module-option> <module-option name="hashEncoding">base64</module-option> <module-option name="principalsQuery"> select passwd from Users userName where userName=? </module-option> <module-option name="rolesQuery"> select userRoles, 'Roles' from UserRoles where userName=? </module-option> </login-module> </authentication> </application-policy> </policy>
And I have genrated my encypted passwords using openssl as:
echo somepassword | openssl dgst -md5 -binary | openssl base64
which is:PnF0L/NODGgfmihE7O4AAA==
and put this in the Db but when I login as the user and type in the password it gives me the following error:
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=hashAlgorithm, value=MD5
name=principalsQuery, value=select passwd from Users userName where userName=?
name=hashEncoding, value=base64
name=dsJndiName, value=java:/ReservatorDS
name=rolesQuery, value=select userRoles, 'Roles' from UserRoles where userName=?
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) initialize
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) Security domain: reservator-security-domain
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) Password hashing activated: algorithm = MD5, encoding = base64, charset = {default}, callback = null, storeCallback = null
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) DatabaseServerLoginModule, dsJndiName=java:/ReservatorDS
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) principalsQuery=select passwd from Users userName where userName=?
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) rolesQuery=select userRoles, 'Roles' from UserRoles where userName=?
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) suspendResume=true
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) login
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) suspendAnyTransaction
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) Excuting query: select passwd from Users userName where userName=?, with username: vsp
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) Obtained user password
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) resumeAnyTransaction
2009-05-25 10:27:09,906 DEBUG [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) Bad password for username=vsp
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) abort
2009-05-25 10:27:09,906 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.reservator-security-domain] (http-0.0.0.0-8443-1) Login failure
javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
2009-05-25 10:27:09,906 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.reservator-security-domain] (http-0.0.0.0-8443-1) End isValid, false
2009-05-25 10:27:09,906 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-0.0.0.0-8443-1) User: vsp is NOT authenticated
2009-05-25 10:27:09,906 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-0.0.0.0-8443-1) End authenticate, principal=null
2009-05-25 10:27:09,921 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-0.0.0.0-8443-1) default, runAs: null
2009-05-25 10:27:09,921 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-0.0.0.0-8443-1) default, runAs: null
2009-05-25 10:27:09,937 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-0.0.0.0-8443-1) default, runAs: null
2009-05-25 10:27:09,937 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-0.0.0.0-8443-1) default, runAs: null
2009-05-25 10:27:09,937 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/reservator].[default]] (http-0.0.0.0-8443-1) Disabling the response for futher output
2009-05-25 10:27:09,937 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-0.0.0.0-8443-1) Failed authenticate() test ??/reservator/html/j_security_check
2009-05-25 10:27:09,937 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8443-1) Setting threadlocal:null
2009-05-25 10:27:09,937 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8443-1) Setting threadlocal:null
2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1243272434812 sessioncount 0
2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0
2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1243272434812 sessioncount 0
2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0
2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1243272434812 sessioncount 0
2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0
2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1243272434812 sessioncount 0
2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0
2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1243272434812 sessioncount 0
2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0
ControlFlag: LoginModuleControlFlag: required
Options:
name=hashAlgorithm, value=MD5
name=principalsQuery, value=select passwd from Users userName where userName=?
name=hashEncoding, value=base64
name=dsJndiName, value=java:/ReservatorDS
name=rolesQuery, value=select userRoles, 'Roles' from UserRoles where userName=?
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) initialize
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) Security domain: reservator-security-domain
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) Password hashing activated: algorithm = MD5, encoding = base64, charset = {default}, callback = null, storeCallback = null
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) DatabaseServerLoginModule, dsJndiName=java:/ReservatorDS
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) principalsQuery=select passwd from Users userName where userName=?
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) rolesQuery=select userRoles, 'Roles' from UserRoles where userName=?
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) suspendResume=true
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) login
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) suspendAnyTransaction
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) Excuting query: select passwd from Users userName where userName=?, with username: vsp
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) Obtained user password
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) resumeAnyTransaction
2009-05-25 10:27:09,906 DEBUG [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) Bad password for username=vsp
2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) abort
2009-05-25 10:27:09,906 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.reservator-security-domain] (http-0.0.0.0-8443-1) Login failure
javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
2009-05-25 10:27:09,906 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.reservator-security-domain] (http-0.0.0.0-8443-1) End isValid, false
2009-05-25 10:27:09,906 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-0.0.0.0-8443-1) User: vsp is NOT authenticated
2009-05-25 10:27:09,906 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-0.0.0.0-8443-1) End authenticate, principal=null
2009-05-25 10:27:09,921 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-0.0.0.0-8443-1) default, runAs: null
2009-05-25 10:27:09,921 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-0.0.0.0-8443-1) default, runAs: null
2009-05-25 10:27:09,937 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-0.0.0.0-8443-1) default, runAs: null
2009-05-25 10:27:09,937 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-0.0.0.0-8443-1) default, runAs: null
2009-05-25 10:27:09,937 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/reservator].[default]] (http-0.0.0.0-8443-1) Disabling the response for futher output
2009-05-25 10:27:09,937 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-0.0.0.0-8443-1) Failed authenticate() test ??/reservator/html/j_security_check
2009-05-25 10:27:09,937 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8443-1) Setting threadlocal:null
2009-05-25 10:27:09,937 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8443-1) Setting threadlocal:null
2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1243272434812 sessioncount 0
2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0
2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1243272434812 sessioncount 0
2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0
2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1243272434812 sessioncount 0
2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0
2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1243272434812 sessioncount 0
2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0
2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1243272434812 sessioncount 0
2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0
Please help!!