Ok. Then perhaps I am not being clear. That is precisely what I am trying to do.
I have (correctly) encrypted and encoded passwords stored in my database. We are using the database server login module. It works fine for clear text passwords -- that is passwords stored and entered as plain text. However, when we try to turn on the encryption/encoding it does not work any differently than it did when we did not have these options enabled. You can see my config set up in the first post. Here is what happens. For purposes of this test, I have stored one user with a plain text password. Scenario 1: User has plain text (clear) password stored. Logon with correct plain text password works. It should not work with encryption turned on. (I can provide a excerpt of the server log file if you need it, but it is lengthy.) Scenario 2: User has plain text password stored. Logon with incorrect password. It fails, which is the expected outcome. Here is an excerpt from the server log. 2006-12-11 15:58:13,656 DEBUG [org.jboss.security.auth.spi.DatabaseServerLoginModule] Bad password for username=E0andre 2006-12-11 15:58:13,656 DEBUG [org.jboss.seam.contexts.Lifecycle] >>> Begin web request 2006-12-11 15:58:13,656 DEBUG [org.jboss.seam.Component] instantiating Seam component: org.jboss.seam.core.manager 2006-12-11 15:58:13,656 DEBUG [org.jboss.seam.core.Manager] No stored conversation 2006-12-11 15:58:13,656 DEBUG [org.jboss.seam.contexts.Contexts] found in application context: org.jboss.seam.core.init 2006-12-11 15:58:13,656 DEBUG [org.jboss.seam.jsf.AbstractSeamPhaseListener] After restoring conversation context: ConversationContext(5) 2006-12-11 15:58:13,656 DEBUG [org.jboss.seam.Component] instantiating Seam component: facesMessages 2006-12-11 15:58:13,687 DEBUG [org.jboss.seam.core.Manager] Discarding conversation state: 5 2006-12-11 15:58:13,687 DEBUG [org.jboss.seam.contexts.Lifecycle] flushing page context 2006-12-11 15:58:13,687 DEBUG [org.jboss.seam.core.Manager] Discarding conversation state: 5 2006-12-11 15:58:13,687 DEBUG [org.jboss.seam.contexts.Lifecycle] flushing page context 2006-12-11 15:58:13,703 DEBUG [org.jboss.seam.contexts.Lifecycle] After render response, destroying contexts 2006-12-11 15:58:13,703 DEBUG [org.jboss.seam.contexts.Lifecycle] destroying event context 2006-12-11 15:58:13,703 DEBUG [org.jboss.seam.contexts.Contexts] destroying: javax.servlet.forward.request_uri 2006-12-11 15:58:13,703 DEBUG [org.jboss.seam.contexts.Contexts] destroying: javax.servlet.forward.context_path 2006-12-11 15:58:13,703 DEBUG [org.jboss.seam.contexts.Contexts] destroying: javax.servlet.forward.servlet_path 2006-12-11 15:58:13,703 DEBUG [org.jboss.seam.contexts.Contexts] destroying: org.jboss.seam.core.manager 2006-12-11 15:58:13,703 DEBUG [org.jboss.seam.contexts.Contexts] destroying: class org.apache.myfaces.renderkit.html.util.JavascriptUtils.OLD_VIEW_ID 2006-12-11 15:58:13,703 DEBUG [org.jboss.seam.contexts.Contexts] destroying: org.apache.myfaces.application.jsp.JspStateManagerImpl.SERIALIZED_VIEW 2006-12-11 15:58:13,703 DEBUG [org.jboss.seam.contexts.Contexts] destroying: com.sun.facelets.legacy.ELCONTEXT 2006-12-11 15:58:13,703 DEBUG [org.jboss.seam.contexts.Lifecycle] destroying conversation context 2006-12-11 15:58:13,703 DEBUG [org.jboss.seam.contexts.Contexts] destroying: facesMessages 2006-12-11 15:58:13,703 DEBUG [org.jboss.seam.contexts.Lifecycle] flushing server-side conversation context 2006-12-11 15:58:13,703 DEBUG [org.jboss.seam.contexts.Lifecycle] <<< End web request Scenario 3. User has (correctly) encrypted password stored in the database. Logon using matching plain text password. It fails as it should not. Here is the excerpt from the server.log 2006-12-11 16:03:06,343 DEBUG [org.jboss.security.auth.spi.DatabaseServerLoginModule] Bad password for username=E0ewade 2006-12-11 16:03:06,343 DEBUG [org.jboss.seam.contexts.Lifecycle] >>> Begin web request 2006-12-11 16:03:06,343 DEBUG [org.jboss.seam.Component] instantiating Seam component: org.jboss.seam.core.manager 2006-12-11 16:03:06,343 DEBUG [org.jboss.seam.core.Manager] No stored conversation 2006-12-11 16:03:06,343 DEBUG [org.jboss.seam.contexts.Contexts] found in application context: org.jboss.seam.core.init 2006-12-11 16:03:06,343 DEBUG [org.jboss.seam.jsf.AbstractSeamPhaseListener] After restoring conversation context: ConversationContext(14) 2006-12-11 16:03:06,343 DEBUG [org.jboss.seam.Component] instantiating Seam component: facesMessages 2006-12-11 16:03:06,343 DEBUG [org.jboss.seam.core.Manager] Discarding conversation state: 14 2006-12-11 16:03:06,343 DEBUG [org.jboss.seam.contexts.Lifecycle] flushing page context 2006-12-11 16:03:06,359 DEBUG [org.jboss.seam.core.Manager] Discarding conversation state: 14 2006-12-11 16:03:06,359 DEBUG [org.jboss.seam.contexts.Lifecycle] flushing page context 2006-12-11 16:03:06,359 DEBUG [org.jboss.seam.contexts.Lifecycle] After render response, destroying contexts 2006-12-11 16:03:06,359 DEBUG [org.jboss.seam.contexts.Lifecycle] destroying event context 2006-12-11 16:03:06,359 DEBUG [org.jboss.seam.contexts.Contexts] destroying: javax.servlet.forward.request_uri 2006-12-11 16:03:06,359 DEBUG [org.jboss.seam.contexts.Contexts] destroying: javax.servlet.forward.context_path 2006-12-11 16:03:06,359 DEBUG [org.jboss.seam.contexts.Contexts] destroying: javax.servlet.forward.servlet_path 2006-12-11 16:03:06,359 DEBUG [org.jboss.seam.contexts.Contexts] destroying: org.jboss.seam.core.manager 2006-12-11 16:03:06,359 DEBUG [org.jboss.seam.contexts.Contexts] destroying: class org.apache.myfaces.renderkit.html.util.JavascriptUtils.OLD_VIEW_ID 2006-12-11 16:03:06,359 DEBUG [org.jboss.seam.contexts.Contexts] destroying: org.apache.myfaces.application.jsp.JspStateManagerImpl.SERIALIZED_VIEW 2006-12-11 16:03:06,359 DEBUG [org.jboss.seam.contexts.Contexts] destroying: com.sun.facelets.legacy.ELCONTEXT 2006-12-11 16:03:06,359 DEBUG [org.jboss.seam.contexts.Lifecycle] destroying conversation context 2006-12-11 16:03:06,359 DEBUG [org.jboss.seam.contexts.Contexts] destroying: facesMessages 2006-12-11 16:03:06,359 DEBUG [org.jboss.seam.contexts.Lifecycle] flushing server-side conversation context 2006-12-11 16:03:06,359 DEBUG [org.jboss.seam.contexts.Lifecycle] <<< End web request Scenario 4: User has encrypted password stored in the database. Logon is done with the encrypted string. Result: Logon succeeds when it should fail. (Again this is a really long log entry. But it is exactly like scenario 1) In summary, even though I have done my very best to enable ecryption (hashing) and encoding, the login module is behaving as though these things are not turned on. What do I need to do to get it to work? Elise View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3992922#3992922 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3992922 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user