Yes, you are correct. If I am login with '5f4dcc3b5aa765d61d8327deb882cf99', then I can able to successfully login.
So you mean to say that we need to write our own class which will extends the DatabaseServerLoginModule and override the convertRawPassword(String rawPassword) method.
I have few dobuts in it.
In the login-config.xml I have included the following configuration related to hashing the password which will be taken care by JBoss server.
I have noticed that the DatabaseServerLoginModule extends UsernamePasswordLoginModule.
The main purpose of configuration related to hasing password in login-config is, so that the UsernamePasswordLoginModule will use it hash the password (I am not sure. If not what is the purpose of above configuration related to hashing).
In that case, why I need to again encrypt/decrypt the password.
And If you look at the code in UsernamePasswordLoginModule, they are handling some hashing realted thing. But I am not sure what they are doing?
What I thought is if we done the configuration as like above, the JBoss will get the clear text password which user enters and if the hash related configration is enabled, it will encrypt the clear text password and then it will compare it against with DB encrypted password and authenticate.
I am using the below program to encrypt the password and I have read in one article that we can't able to decrypt the encrypted value using MD5 Message Digest.
I have encrypted the password "password" as "5f4dcc3b5aa765d61d8327deb882cf99" using MD5.
Is it possible to convert the "5f4dcc3b5aa765d61d8327deb882cf99" to "password"?
To trace the log I have modified the jboss-log4j.xml but I couldn't able to see any log details in either CONSOLE/FILE. Below is my jboss-lo4j.xml.