Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

EJB DatabaseServerLoginModule and MD5 Problem

 
Florian Schaetz
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I was able to deploy a working EJB using a DatabaseServerLoginModule, which works fine. But now I want to store my passwords hashed, so I tried adding the following to my login-config.xml file:



In my database, I have a user with the login and password "admin", which is stored as "X8oyfUbUbfqE9IWvAW1/3" (the password is stored this way, not the login, of course :-)), which should be the correct MD5ed password in base64, according to this piece of code:



In the client, I use this piece of code to enable authentication:



This works fine when I don't enable hashing in my login-config.xml, but with hashing enabled, every time I try to login, Java tells me "Invalid User", when trying to access the EJB:



Did I miss something? Do I have to modify the client part, too? I thought, the client still sends the non-hashed password, which the server then hashes and compares against the value found in the database? I tried sending the hashed password, too, but this didn't change anything. Any help here would be greatly appreciated.
 
Florian Schaetz
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok, I found a solution, but I don't have any clue what the reason may be:

The code above returned "X8oyfUbUbfqE9IWvAW1/3" as the hashed password, but another code returns "ISMvKXpXpadDiUoOSoAfww==":



Anyone got an idea where the difference may be and why there is one?
 
Florian Schaetz
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I still don't understand the "why", but it seems, that the Base64Util class does return another Base64 string than the Base64Encoder from JBoss. The correct string should be the one from Base64Encoder, so Base64Util doesn't seem to do what I think it does (or it's simply buggy in JBoss 5.0.1).
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic