0 Replies Latest reply on May 7, 2004 9:27 AM by George -.IO.-

    Using Password Hashing problem !!???

    George -.IO.- Newbie

      Hi all,

      In my database I have the following table in order to keep users and each roles :

      CREATE TABLE public.jboss_users
      (
       id bigserial NOT NULL,
       name varchar(64),
       passwd varchar(100),
       therole varchar(100),
       CONSTRAINT jboss_users_pkey PRIMARY KEY (id)
      )
      


      and my login-config.xml :
      <application-policy name="sms">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
       flag="required">
       <module-option name="dsJndiName">java:/PostgresDS</module-option>
       <module-option name="principalsQuery"> select passwd from Jboss_users where name=?</module-option>
       <module-option name="rolesQuery"> select therole,'Roles' from Jboss_users where name=?</module-option>
       </login-module>
       </authentication>
      
       </application-policy>
      

      Until now all goes fine BUT when I tried to use password hashing technique I get a login error.
      I change my login-config.xml to
      <application-policy name="sms">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
       flag="required">
       <module-option name="dsJndiName">java:/PostgresDS</module-option>
       <module-option name="hashAlgorithm">MD5</module-option>
       <module-option name="hashEncoding">base64</module-option>
       <module-option name="principalsQuery"> select passwd from Jboss_users where name=?</module-option>
       <module-option name="rolesQuery"> select therole,'Roles' from Jboss_users where name=?</module-option>
       </login-module>
       </authentication>
       </application-policy>
      


      Also in database the password is stored in MD5 format:

      java -classpath ./jbosssx.jar org.jboss.security.Base64Encoder passwd MD5
      


      Did I miss something ??
      Does anyone succeed setting up this password hashing feature ??

      Thanks in advance
      George