Hi, I try to configure DIGEST authentication to protect a web app on JBoss 5.1 and 5.0. This is how I configured login-config.xml:
| <application-policy name="MyApp"> | <authentication> | <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" | flag="required"> | <module-option name="usersProperties">props/pbdigest-users.properties</module-option> | <module-option name="rolesProperties">props/pb-roles.properties</module-option> | <module-option name="hashAlgorithm">MD5</module-option> | <module-option name="hashEncoding">rfc2617</module-option> | <module-option name="hashUserPassword">false</module-option> | <module-option name="hashStorePassword">true</module-option> | <module-option name="passwordIsA1Hash">true</module-option> | <module-option name="storeDigestCallback"> | org.jboss.security.auth.spi.RFC2617Digest | </module-option> | </login-module> | </authentication> | </application-policy> | Now the problem is, that it simple does not work. I cannot authenticate and I have no idea why it fails. The only thing I can think of is that I have stored plain-text-passwords in users.properties. The whole setup works perfectly when I switch to BASIC authentication. Unfortunately I cannot create encrypted password hashes for users.properties. I've tried this command: | java -cp server/default/lib/jbosssx.jar org.jboss.security.auth.spi.RFC2617Digest admin2 "JBoss JMX Console" admin2 | It does not work: I get this error: Exception in thread "main" java.lang.NoClassDefFoundError: org/jboss/security/auth/spi/RFC2617Digest Does anybody have an idea what's wrong here? Many thanks in advance, Michael View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4250992#4250992 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4250992 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user