Database Login Module encrypted password error
sfriesen Aug 16, 2011 12:37 AMHi,
I'm trying to get an AS7 security domain set up to use a database login module and am having some difficulty with the encryption part. Here is my security domain configuration:
<security-domain name="other"> <authentication> <login-module code="Database" flag="required"> <module-option name="dsJndiName" value="java:/myds"/> <module-option name="principalsQuery" value="select password from app_user where username=?"/> <module-option name="rolesQuery" value="select r.rolename,'Roles' from role r, app_user u, app_user_role_xref x where u.useridx=x.useridx and x.roleidx=r.roleidx and u.username=?"/> <module-option name="hashAlgorithm" value="SHA-256"/> <module-option name="hashEncoding" value="base64"/> </login-module> </authentication> </security-domain>
I am accessing this from a JSF page and am having success if I remove the hashAlgorithm and hashEncoding module-options from the configuration, and then put a plain text password in the database. So, I take the same password and go to a website with a SHA-256 algorithm and encrypt the password and then take that and go to a website the encodes to base 64 and encode the encrypted value, and I put that in the database. Is that right?
I guess the answer is 'no' because it doesn't work. Below is the logfile. If anybody has any suggestions I would greatly appreciate it.
-Steve
log:
21:14:22,204 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--0.0.0.0-8080-1) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:252) [picketbox-4.0.0.Final.jar:4.0.0.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_24]
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) [:1.6.0_24]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) [:1.6.0_24]
at java.lang.reflect.Method.invoke(Unknown Source) [:1.6.0_24]
at javax.security.auth.login.LoginContext.invoke(Unknown Source) [:1.6.0_24]
at javax.security.auth.login.LoginContext.access$000(Unknown Source) [:1.6.0_24]
at javax.security.auth.login.LoginContext$4.run(Unknown Source) [:1.6.0_24]
at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_24]
at javax.security.auth.login.LoginContext.invokePriv(Unknown Source) [:1.6.0_24]
at javax.security.auth.login.LoginContext.login(Unknown Source) [:1.6.0_24]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:411) [picketbox-infinispan-4.0.0.Final.jar:4.0.0.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.0.Final.jar:4.0.0.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:154) [picketbox-infinispan-4.0.0.Final.jar:4.0.0.Final]
at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:127) [jboss-as-web-7.1.0.Alpha1-SNAPSHOT.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:280) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:372) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57) [jboss-as-web-7.1.0.Alpha1-SNAPSHOT.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952) [jbossweb-7.0.0.CR4.jar:7.1.0.Alpha1-SNAPSHOT]
at java.lang.Thread.run(Unknown Source) [:1.6.0_24]