File Doc Category Size Date Package
SecureIdentityLoginModule.java API Doc JBoss 4.2.1 6499 Fri Jul 13 21:01:18 BST 2007 org.jboss.resource.security

SecureIdentityLoginModule

java.lang.Object
- AbstractPasswordCredentialLoginModule

public class SecureIdentityLoginModule extends AbstractPasswordCredentialLoginModule

An example of how one could encrypt the database password for a jca connection factory. The corresponding

-207a6df87216de44

jboss.jca:servce=LocalTxCM,name=DefaultDS

This uses a hard-coded cipher algo of Blowfish, and key derived from the phrase 'jaas is the way'. Adjust to your requirements.

author: Scott.Stark@jboss.org
author: Noel Rocher 29, june 2004 username & userName issue
version: $Revision: 57189 $

Fields Summary
private static final Logger
log
Class logger
private String
username
private String
password
Constructors Summary
Methods Summary
public boolean abort()
username = null; password = null; return true;
public boolean commit()
Principal principal = new SimplePrincipal(username); SubjectActions.addPrincipals(subject, principal); sharedState.put("javax.security.auth.login.name", username); // Decode the encrypted password try { char[] decodedPassword = decode(password); PasswordCredential cred = new PasswordCredential(username, decodedPassword); cred.setManagedConnectionFactory(getMcf()); SubjectActions.addCredentials(subject, cred); } catch(Exception e) { log.debug("Failed to decode password", e); throw new LoginException("Failed to decode password: "+e.getMessage()); } return true;
private static char[] decode(java.lang.String secret)
byte[] kbytes = "jaas is the way".getBytes(); SecretKeySpec key = new SecretKeySpec(kbytes, "Blowfish"); BigInteger n = new BigInteger(secret, 16); byte[] encoding = n.toByteArray(); Cipher cipher = Cipher.getInstance("Blowfish"); cipher.init(Cipher.DECRYPT_MODE, key); byte[] decode = cipher.doFinal(encoding); return new String(decode).toCharArray();
private static java.lang.String encode(java.lang.String secret)
byte[] kbytes = "jaas is the way".getBytes(); SecretKeySpec key = new SecretKeySpec(kbytes, "Blowfish"); Cipher cipher = Cipher.getInstance("Blowfish"); cipher.init(Cipher.ENCRYPT_MODE, key); byte[] encoding = cipher.doFinal(secret.getBytes()); BigInteger n = new BigInteger(encoding); return n.toString(16);
protected java.security.Principal getIdentity()
log.trace("getIdentity called, username="+username); Principal principal = new SimplePrincipal(username); return principal;
protected java.security.acl.Group[] getRoleSets()
Group[] empty = new Group[0]; return empty;
public void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler handler, java.util.Map sharedState, java.util.Map options)
super.initialize(subject, handler, sharedState, options); // NR : we keep this username for compatibility username = (String) options.get("username"); if( username == null ) { // NR : try with userName username = (String) options.get("userName"); if( username == null ) { throw new IllegalArgumentException("The user name is a required option"); } } password = (String) options.get("password"); if( password == null ) { throw new IllegalArgumentException("The password is a required option"); }
public boolean login()
log.trace("login called"); if( super.login() == true ) return true; super.loginOk = true; return true;
public static void main(java.lang.String[] args)
Main entry point to encrypt a password using the hard-coded pass phrase
param
args - [0] = the password to encode
throws
Exception
String encode = encode(args[0]); System.out.println("Encoded password: "+encode);