1 Reply Latest reply on May 25, 2009 4:06 PM by Vijay Phagura

    Problem with encrypting passwords in Dynamic Login Config on

    Vijay Phagura Newbie

      I need to encrypt the user passwords in the Db and I'm using Dynamic Login Config. here is my file called as META-INF/dynamic-login-config.xml(in the EAR)

      <policy>
      
      <application-policy name = "reservator-security-domain">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
       <module-option name="dsJndiName">
       java:/ReservatorDS
       </module-option>
       <module-option name="hashAlgorithm">MD5</module-option>
       <module-option name="hashEncoding">base64</module-option>
       <module-option name="principalsQuery">
       select passwd from Users userName where userName=?
       </module-option>
       <module-option name="rolesQuery">
       select userRoles, 'Roles' from UserRoles where userName=?
       </module-option>
       </login-module>
       </authentication>
      </application-policy>
      
      </policy>


      And I have genrated my encypted passwords using openssl as:

      echo somepassword | openssl dgst -md5 -binary | openssl base64

      which is:PnF0L/NODGgfmihE7O4AAA==

      and put this in the Db but when I login as the user and type in the password it gives me the following error:

      LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
      ControlFlag: LoginModuleControlFlag: required
      Options:
      name=hashAlgorithm, value=MD5
      name=principalsQuery, value=select passwd from Users userName where userName=?
      name=hashEncoding, value=base64
      name=dsJndiName, value=java:/ReservatorDS
      name=rolesQuery, value=select userRoles, 'Roles' from UserRoles where userName=?

      2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) initialize
      2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) Security domain: reservator-security-domain
      2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) Password hashing activated: algorithm = MD5, encoding = base64, charset = {default}, callback = null, storeCallback = null
      2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) DatabaseServerLoginModule, dsJndiName=java:/ReservatorDS
      2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) principalsQuery=select passwd from Users userName where userName=?
      2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) rolesQuery=select userRoles, 'Roles' from UserRoles where userName=?
      2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) suspendResume=true
      2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) login
      2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) suspendAnyTransaction
      2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) Excuting query: select passwd from Users userName where userName=?, with username: vsp
      2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) Obtained user password
      2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) resumeAnyTransaction
      2009-05-25 10:27:09,906 DEBUG [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) Bad password for username=vsp
      2009-05-25 10:27:09,906 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-0.0.0.0-8443-1) abort
      2009-05-25 10:27:09,906 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.reservator-security-domain] (http-0.0.0.0-8443-1) Login failure
      javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
      at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
      at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
      at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
      at java.lang.Thread.run(Thread.java:619)
      2009-05-25 10:27:09,906 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.reservator-security-domain] (http-0.0.0.0-8443-1) End isValid, false
      2009-05-25 10:27:09,906 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-0.0.0.0-8443-1) User: vsp is NOT authenticated
      2009-05-25 10:27:09,906 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-0.0.0.0-8443-1) End authenticate, principal=null
      2009-05-25 10:27:09,921 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-0.0.0.0-8443-1) default, runAs: null
      2009-05-25 10:27:09,921 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-0.0.0.0-8443-1) default, runAs: null
      2009-05-25 10:27:09,937 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-0.0.0.0-8443-1) default, runAs: null
      2009-05-25 10:27:09,937 TRACE [org.jboss.web.tomcat.security.RunAsListener] (http-0.0.0.0-8443-1) default, runAs: null
      2009-05-25 10:27:09,937 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/reservator].[default]] (http-0.0.0.0-8443-1) Disabling the response for futher output
      2009-05-25 10:27:09,937 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-0.0.0.0-8443-1) Failed authenticate() test ??/reservator/html/j_security_check
      2009-05-25 10:27:09,937 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8443-1) Setting threadlocal:null
      2009-05-25 10:27:09,937 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8443-1) Setting threadlocal:null
      2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1243272434812 sessioncount 0
      2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0
      2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1243272434812 sessioncount 0
      2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0
      2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1243272434812 sessioncount 0
      2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0
      2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1243272434812 sessioncount 0
      2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0
      2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1243272434812 sessioncount 0
      2009-05-25 10:27:14,812 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0


      Please help!!