[JBoss-user] [Security & JAAS/JBoss] - Re: Authentication in JBoss (login)
Hi pilhuhn, But there's a problem. When a user (scott) creates an account he has to enter a password. this password will be stored in the database, using EJB. Before this password is stored I would like to encrypt it, that the db-admin can't read it (in the ejbStore()-method). When this user (scott) want's to login and fill in the password in the from, then jboss would compare it with the stored password in the database and logicially it doesn't match, beacause it is stored encrypted! so that never matches. But there should surely be a way to say jboss how the password is stored (with wich encryption) in the db, that jboss could match the entered password with the encrypted... isnt't it? thanks a lot for repy View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3837128#3837128 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3837128 --- This SF.Net email is sponsored by the new InstallShield X. >From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - servlet to login a user as guets
I would like to give unregistered user acces to my webapp. therefore I would like to to create an user (guest) with the role guest. This is already done. but now there's a problem: because I've stored the role in the db, I have to login the guest-user automatically as a user with the guest-role. Therefor I would like to write a GuestLoginServlet, which only authorized this user as guest, that the method: isUserInRole("guest") return true! But how should I do that? (by the way, I've got a solution with constraints in the web.xml, but that could'nt be the right solution). Is there a possibility to login a user in a servlet? or can I determine a default role, which a not authorized user has? and where do I have to determine this role and has this role to exist in the db? my login-config.xml looks as following: java:/DefaultDS select password from users where login=? select role, 'Roles' from roles where login=? Thank a lot for any hints... View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3837080#3837080 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3837080 --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: Authentication in JBoss (login)
do you mean this sequence: base64 But this is only for the login-sequence. the password is stored as a hashed value. I understand, that JBoss would compare the stored (and hashed) password with the password filled in by the user to login. But when a new user register himself by the ejb-application, he must enter his password. then, when the user entity is stored in the DB, the password should be encrypted, so that jboss could compare the entered password for login with the stored. Which algorihm do I have to take that this will match? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3836975#3836975 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3836975 --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: Authentication in JBoss (login)
Oh, thanks very much for your hints. It seems as it would work with my application. I've solved it with a FORM-based authentication. This authentication I would need to get into my application. This application is a distributed EJB-application. a user can register himself to get access to it. the password, choosen by the user, would be stored encrypted in the Database (mysql). Which algorithm should I take to store this password in the DB? The problem is, that it should be automatically decrypted for Form-based login. If the encrypt and decrypt-alg, doesn't match, you can never login, as you know. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3836886#3836886 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3836886 --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Authentication in JBoss (login)
Is there a good tutorial or website about the authentication in JBoss. the aim is, that I've got a table with users and theirs passwords, so that I can be sure, that only the specific user can login and use my application. has anybody a hint? thanks. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3836451#3836451 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3836451 --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user