3 Replies Latest reply on Aug 26, 2009 7:05 AM by Wolfgang Knauf

    Configre DIGEST authentication

    ssssd sdsdsd Newbie


      I try to configure DIGEST authentication to protect a web app on JBoss 5.1 and 5.0. This is how I configured login-config.xml:

      <application-policy name="MyApp">
       <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
       <module-option name="usersProperties">props/pbdigest-users.properties</module-option>
       <module-option name="rolesProperties">props/pb-roles.properties</module-option>
       <module-option name="hashAlgorithm">MD5</module-option>
       <module-option name="hashEncoding">rfc2617</module-option>
       <module-option name="hashUserPassword">false</module-option>
       <module-option name="hashStorePassword">true</module-option>
       <module-option name="passwordIsA1Hash">true</module-option>
       <module-option name="storeDigestCallback">

      Now the problem is, that it simple does not work. I cannot authenticate and I have no idea why it fails. The only thing I can think of is that I have stored plain-text-passwords in users.properties.
      The whole setup works perfectly when I switch to BASIC authentication.
      Unfortunately I cannot create encrypted password hashes for users.properties. I've tried this command:

      java -cp server/default/lib/jbosssx.jar org.jboss.security.auth.spi.RFC2617Digest admin2 "JBoss JMX Console" admin2

      It does not work: I get this error: Exception in thread "main" java.lang.NoClassDefFoundError: org/jboss/security/auth/spi/RFC2617Digest

      Does anybody have an idea what's wrong here?

      Many thanks in advance,