3 Replies Latest reply on Aug 26, 2009 7:05 AM by wolfgangknauf

    Configre DIGEST authentication

    meme64310 Aug 22, 2009 4:56 AM

      Hi,

      I try to configure DIGEST authentication to protect a web app on JBoss 5.1 and 5.0. This is how I configured login-config.xml:

      <application-policy name="MyApp">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
 flag="required">
 <module-option name="usersProperties">props/pbdigest-users.properties</module-option>
 <module-option name="rolesProperties">props/pb-roles.properties</module-option>
 <module-option name="hashAlgorithm">MD5</module-option>
 <module-option name="hashEncoding">rfc2617</module-option>
 <module-option name="hashUserPassword">false</module-option>
 <module-option name="hashStorePassword">true</module-option>
 <module-option name="passwordIsA1Hash">true</module-option>
 <module-option name="storeDigestCallback">
 org.jboss.security.auth.spi.RFC2617Digest
 </module-option>
 </login-module>
 </authentication>
</application-policy>


      Now the problem is, that it simple does not work. I cannot authenticate and I have no idea why it fails. The only thing I can think of is that I have stored plain-text-passwords in users.properties.
      The whole setup works perfectly when I switch to BASIC authentication.
      Unfortunately I cannot create encrypted password hashes for users.properties. I've tried this command: 

      java -cp server/default/lib/jbosssx.jar org.jboss.security.auth.spi.RFC2617Digest admin2 "JBoss JMX Console" admin2


      It does not work: I get this error: Exception in thread "main" java.lang.NoClassDefFoundError: org/jboss/security/auth/spi/RFC2617Digest

      Does anybody have an idea what's wrong here?

      Many thanks in advance,
      Michael



      • 1265 Views
      • Tags: