[jboss-user] [Security & JAAS/JBoss] - Encrypted Passwords in LDAP

kc5mzr Tue, 26 Dec 2006 10:12:11 -0800

In my LDAP server the userPassword attribute is encrypted looks like:

dn: cn=Jim Yates,ou=userAccounts,dc=accuserverx,dc=com
objectClass: accuserverxPerson
uid: jyates
sn: Yates
userPassword: {CRYPT}VDtMsA.7lGcqY
givenName: Jim
cn: Jim Yates


I can authenticate users with clear text stored in the userPassword attribute, 
but not the encrypted ones.
I've looked at the wiki pages, but I can't figure out how to use the encrypted 
passwords.  I'm using jsp's for most of my application, including the login 
with the j_security_check form.

login-config.xml  fragment

  <application-policy name="accuserverx-security">
        
            <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
                          flag="required">
                <module-option name="java.naming.provider.url">
                    ldap://10.5.80.50:389/
                </module-option>
                <module-option 
name="bindDN">cn=Manager,dc=accuserverx,dc=com</module-option>
            <module-option name="bindCredential">secret</module-option>
            <module-option 
name="baseCtxDN">ou=userAccounts,dc=accuserverx,dc=com</module-option>
            <module-option name="baseFilter">(uid={0})</module-option>
            <module-option 
name="rolesCtxDN">ou=Roles,dc=accuserverx,dc=com</module-option>
            <module-option name="roleFilter">(member={1})</module-option>
            <module-option name="roleAttributeID">cn</module-option>
            <module-option name="roleAttributeIsDN">true</module-option>
            <module-option name="roleNameAttributeID">cn</module-option>
            <module-option name="roleRecursion">-1</module-option>
            <module-option name="searchScope">ONELEVEL_SCOPE</module-option>    
        </login-module>
        
    </application-policy>

web.xml  fragment

        <security-constraint>
                <web-resource-collection>
        <web-resource-name>accuserverx-security</web-resource-name>
                        Require users to authenticate
                        <url-pattern>*.jsp</url-pattern>
                        <url-pattern>*.do</url-pattern>
                        <http-method>POST</http-method>
                        <http-method>GET</http-method>
        </web-resource-collection>
                <auth-constraint>
                        Only allow Authenticated_users role
                        <role-name>Managers</role-name>
                        <role-name>Clerks</role-name>
                </auth-constraint>
                <user-data-constraint>
                        Encryption is not required for the application in 
general.
                        
                        <transport-guarantee>NONE</transport-guarantee>
                </user-data-constraint>
        </security-constraint>
 <security-role>
        The role required to access restricted content 
        <role-name>Managers</role-name>
    </security-role>
 <security-role>
        The role required to access restricted content 
        <role-name>Clerks</role-name>
    </security-role>
        <login-config>
                <auth-method>FORM</auth-method>
                <form-login-config>
                        <form-login-page>login.jsp</form-login-page>
                        <form-error-page>login_error.html</form-error-page>
                </form-login-config>
        </login-config>



View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3996316#3996316

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3996316
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security & JAAS/JBoss] - Encrypted Passwords in LDAP

Reply via email to