de.rtner.security.auth.spi
Class SaltedDatabaseServerLoginModule

java.lang.Object
  extended byorg.jboss.security.auth.spi.AbstractServerLoginModule
      extended byorg.jboss.security.auth.spi.UsernamePasswordLoginModule
          extended byorg.jboss.security.auth.spi.DatabaseServerLoginModule
              extended byde.rtner.security.auth.spi.SaltedDatabaseServerLoginModule
All Implemented Interfaces:
javax.security.auth.spi.LoginModule

public class SaltedDatabaseServerLoginModule
extends org.jboss.security.auth.spi.DatabaseServerLoginModule

A JBoss JDBC based login module that supports authentication, role mapping and salted iterated password hashing. Database connection and SQL are inherited from DatabaseServerLoginModule. Actual check is deferred to pluggable cryptographic module. Format of password depends on formatter. Default PBKDF2HexFormmater's format is: Salt(Hex):Iteration Count(decimal):hashed password(Hex)


A free Java implementation of Password Based Key Derivation Function 2 as defined by RFC 2898. Copyright (c) 2007 Matthias Gärtner

This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.

This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

For Details, see http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.

Version:
1.0.4
Author:
Matthias Gärtner
See Also:
DatabaseServerLoginModule

Field Summary
 java.lang.String DEFAULT_ENGINE
          The default engine to use if not specified as a property.
 java.lang.String DEFAULT_FORMATTER
          The default formatter to use if not specified as a property.
 java.lang.String DEFAULT_PARAMETER
          The default engine parameter class to use if not specified as a property.
protected  java.lang.String engineClassName
          Class name of PBKDF2 engine to use.
protected  PBKDF2Formatter formatter
          Instantiation of formatter class.
protected  java.lang.String formatterClassName
          Class name of formatter to use.
protected  java.lang.String hashAlgorithm
          The message digest algorithm used to hash passwords (examples: HMacSHA1, HMacMD5).
protected  java.lang.String hashCharset
          The name of the charset/encoding to use when converting the password String to a byte array.
protected  java.lang.String parameterClassName
          Class name of PBKDF2 engine parameters to use.
 
Fields inherited from class org.jboss.security.auth.spi.DatabaseServerLoginModule
 
Fields inherited from class org.jboss.security.auth.spi.UsernamePasswordLoginModule
 
Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
callbackHandler, log, loginOk, options, sharedState, subject, useFirstPass
 
Constructor Summary
SaltedDatabaseServerLoginModule()
           
 
Method Summary
protected  java.lang.String createPasswordHash(java.lang.String username, java.lang.String password)
          We just return the password unchanged.
protected  PBKDF2 getEngine(PBKDF2Parameters parameters)
          Factory method: instantiate the PBKDF2 engine.
protected  PBKDF2Parameters getEngineParameters()
          Factory method: instantiate the PBKDF2 engine parameters.
protected  PBKDF2Formatter getFormatter()
          Factory method: instantiate the PBKDF2 formatter.
 void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)
           
protected  boolean validatePassword(java.lang.String inputPassword, java.lang.String expectedPassword)
          Actual salt-enabled verification function.
 
Methods inherited from class org.jboss.security.auth.spi.DatabaseServerLoginModule
convertRawPassword, getRoleSets, getUsersPassword
 
Methods inherited from class org.jboss.security.auth.spi.UsernamePasswordLoginModule
getCredentials, getIdentity, getUnauthenticatedIdentity, getUsername, getUsernameAndPassword, login
 
Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
abort, commit, createGroup, getUseFirstPass, logout
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DEFAULT_FORMATTER

public final java.lang.String DEFAULT_FORMATTER
The default formatter to use if not specified as a property.

See Also:
Constant Field Values

DEFAULT_ENGINE

public final java.lang.String DEFAULT_ENGINE
The default engine to use if not specified as a property.

See Also:
Constant Field Values

DEFAULT_PARAMETER

public final java.lang.String DEFAULT_PARAMETER
The default engine parameter class to use if not specified as a property.

See Also:
Constant Field Values

hashAlgorithm

protected java.lang.String hashAlgorithm
The message digest algorithm used to hash passwords (examples: HMacSHA1, HMacMD5). Defaults to HMacSHA1 if unset.


hashCharset

protected java.lang.String hashCharset
The name of the charset/encoding to use when converting the password String to a byte array. Default is the platform's default encoding.


formatterClassName

protected java.lang.String formatterClassName
Class name of formatter to use.

See Also:
PBKDF2Formatter, PBKDF2HexFormatter

formatter

protected PBKDF2Formatter formatter
Instantiation of formatter class. Implementation should be multi-thread safe as this object may be used concurrently by multiple threads inside JBoss.


engineClassName

protected java.lang.String engineClassName
Class name of PBKDF2 engine to use.

See Also:
PBKDF2

parameterClassName

protected java.lang.String parameterClassName
Class name of PBKDF2 engine parameters to use.

See Also:
PBKDF2Parameters
Constructor Detail

SaltedDatabaseServerLoginModule

public SaltedDatabaseServerLoginModule()
Method Detail

initialize

public void initialize(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler callbackHandler,
                       java.util.Map sharedState,
                       java.util.Map options)

createPasswordHash

protected java.lang.String createPasswordHash(java.lang.String username,
                                              java.lang.String password)
We just return the password unchanged. It will be decoded/hashed in validatePassword.

Parameters:
username - ignored in default version
password - the password string to be hashed

validatePassword

protected boolean validatePassword(java.lang.String inputPassword,
                                   java.lang.String expectedPassword)
Actual salt-enabled verification function. Get parameters from database 'password', then compute candidate derived key from user-supplied password and parameters, then compare database derived key and candidate derived key. Login if match.

Parameters:
inputPassword - Password that was supplied by user (candidate password)
expectedPassword - Actually the encoded PBKDF2 string which contains the expected/reference password implicitly. Not a clear-text password. Parameter is named like this because of inherited method parameter name.
Returns:
true if the inputPassword is valid, false otherwise.

getEngineParameters

protected PBKDF2Parameters getEngineParameters()
Factory method: instantiate the PBKDF2 engine parameters. Override or change the class via attribute.

Returns:
Engine parameter object, initialized.

getEngine

protected PBKDF2 getEngine(PBKDF2Parameters parameters)
Factory method: instantiate the PBKDF2 engine. Override or change the class via attribute.

Parameters:
parameters -
Returns:
Engine object

getFormatter

protected PBKDF2Formatter getFormatter()
Factory method: instantiate the PBKDF2 formatter. Override or change the class via attribute.

Returns:
Engine formatter


Copyright © 2007 Matthias Gärtner