This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes JBoss/WildFly and the fly likes EJB DatabaseServerLoginModule and MD5 Problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "EJB DatabaseServerLoginModule and MD5 Problem" Watch "EJB DatabaseServerLoginModule and MD5 Problem" New topic
Author

EJB DatabaseServerLoginModule and MD5 Problem

Florian Schaetz
Greenhorn

Joined: Oct 14, 2009
Posts: 11
Hi,

I was able to deploy a working EJB using a DatabaseServerLoginModule, which works fine. But now I want to store my passwords hashed, so I tried adding the following to my login-config.xml file:



In my database, I have a user with the login and password "admin", which is stored as "X8oyfUbUbfqE9IWvAW1/3" (the password is stored this way, not the login, of course :-)), which should be the correct MD5ed password in base64, according to this piece of code:



In the client, I use this piece of code to enable authentication:



This works fine when I don't enable hashing in my login-config.xml, but with hashing enabled, every time I try to login, Java tells me "Invalid User", when trying to access the EJB:



Did I miss something? Do I have to modify the client part, too? I thought, the client still sends the non-hashed password, which the server then hashes and compares against the value found in the database? I tried sending the hashed password, too, but this didn't change anything. Any help here would be greatly appreciated.
Florian Schaetz
Greenhorn

Joined: Oct 14, 2009
Posts: 11
Ok, I found a solution, but I don't have any clue what the reason may be:

The code above returned "X8oyfUbUbfqE9IWvAW1/3" as the hashed password, but another code returns "ISMvKXpXpadDiUoOSoAfww==":



Anyone got an idea where the difference may be and why there is one?
Florian Schaetz
Greenhorn

Joined: Oct 14, 2009
Posts: 11
I still don't understand the "why", but it seems, that the Base64Util class does return another Base64 string than the Base64Encoder from JBoss. The correct string should be the one from Base64Encoder, so Base64Util doesn't seem to do what I think it does (or it's simply buggy in JBoss 5.0.1).
 
jQuery in Action, 2nd edition
 
subject: EJB DatabaseServerLoginModule and MD5 Problem
 
Similar Threads
Problem in persisting Entity with Composite Key
Call Transactional Remote Session Bean From Spring
Problem javax.persistence.NoResultException: No entity found for query
How to configure Tomcat 6 to use EJB 3 component deployed on JBoss server
Unable to understand exception