[JBoss-user] [Security & JAAS/JBoss] - Re: salted password hashing

We use the user ID (a UUID) as a salt by prepending it to the password before hashing. I know it's easy to subclass the stock module and control the way it tests passwords; I just wondered if it'd do it for me. I guess one problem with supporting this in the built-in modules is that there are so

[JBoss-user] [Security & JAAS/JBoss] - salted password hashing

All, I was delighted to discover that JBoss' built-in login modules now support password hashing. Is there a way to support *salted* hashes out of the box? On another note, I couldn't get the forum search tool to do "search for all terms" properly. For "passwordHash salt," it gave me the same r

[JBoss-user] [HTTPD, Servlets & JSP] - Re: HttpServletRequest.getServerPort() incorrectly returns 8

Another followup: I don't see this behavior in JBoss 3.2.3; getServerPort() correctly returns 8080 with the stock configuration. Is it possible this is a bug introduced between .3 and .5? -- David Norris [EMAIL PROTECTED] View the original post : http://www.jboss.org/index.html?module=bb&op=vi

[JBoss-user] [HTTPD, Servlets & JSP] - Re: HttpServletRequest.getServerPort() incorrectly returns 8

Followup: I tried adding proxyPort="8080" to server.xml. After that, getServerPort() does correctly return 8080. But shouldn't proxyPort default to the actual port setting, which is 8080? I shouldn't need to explicitly specify a proxyPort. Thanks again, -- David Norris [EMAIL PROTECTED] View th

[JBoss-user] [HTTPD, Servlets & JSP] - HttpServletRequest.getServerPort() incorrectly returns 80 ?

All, I'm using JBoss 3.2.5 in a highly vanilla configuration. Specifically, Tomcat's got an HTTP connector on 8080, and I'm *not* using an AJP connector to tunnel requests through Apache. When I'm in a servlet and I call request.getServerPort(), though, it returns port 80, even though I'm acce

[JBoss-user] [Security & JAAS/JBoss] - Re: limitations of ClientLoginModule and security model

"[EMAIL PROTECTED]" wrote : If you don't want the use the embedded NameCallback, PasswordCallback of the ClientLoginModule you chain it with an login module that provides the correct Principal and credentidal. You then specify the password-stacking="useFirstPass" option to indicate that the cred

[JBoss-user] [Security & JAAS/JBoss] - limitations of ClientLoginModule and security model

All, My apologies in advance if this has already been answered... I have looked at past posts but haven't seen anything definitive. I have two questions. The first is about ClientLoginModule and the underlying security classes. It seems these classes are hard-coded to use NameCallback and Pass