In this blog I will show you how to install org.jboss.security.auth.spi.DatabaseServerLoginModule in JBoss 7 AS and store the password in hashed format. The advantage of storing the password in hashed form is that a DB admin can not read the user's password in clear text. Which add a great security value.
Before we begin our tour we need to first install a database driver. In my previous blog I showed you how to install MySQL driver, please see http://magnus-k-karlsson.blogspot.se/2012/08/how-to-install-mysql-datasource-on.html. And in this blog I will continue to use MySQL for my data source. We will also use JBoss in standalone mode, since we are dealing with a single node installation. Remember to look at the new JBoss module capabilities if you are facing a multi node installation and you want to share the same configurations.
After you have installed your data source you can check your configuration by starting JBoss and you should receive something like in your JBoss server log.
Bound data source [java:jboss/datasources/MySQLDS]
Now continue by creating database schema and tables:
Now we continue with add a new security domain, i.e. actually configure our database login module
Now we need a web application. I did not bother to build a maven application for that so I simply created a new folders manually
A simple Index.jsp page
And the standard web application deployment descriptor:
And the corresponding JBoss application deployment descriptor:
Before we can fire up JBoss we need to tell the JBoss container to deploy the exploded web app.
Now we can start JBoss and look for the deployment info log,
Now when we try to access the web application at http://localhost:8080/msc-secure-webapp we are meet by a username and password login window. Since we do not have any user in our database we will not be able to login yet.
Lets create some user. But how do we do that when the password are suppose to be stored in a hased format? Either you can write a small Java program to get the hashed password a easier way is to use openssl. To create a hashed password for admin simple enter
And with that hashed password we can create a new user with the followin sql insert.
Now you can open your web application http://localhost:8080/msc-secure-webapp/ and log in with username "admin" and password "admin".