What are the digestrealm-password-enc-algorithm options for JDBCRealm in
Glassfish 4?
I'm using Glassfish 4 and trying to set up a JDBCRealm (using an excellent
tutorial written for Glassfish 3.x). I'm not clear on how the
digestrealm-password-enc-algorithm works with the digest-algorithm. Given
Jason's comment which says:
Passwords are not encrypted with MD5 or SHA-256. MD5 and SHA-256 are
message digest algorithms. The digest algorithm is applied to the password
before storing the password. This is not a form of encryption. The new
password encryption is an added layer of security which allows the "hash"
(the string after the DA has been applied to the password) to be
encrypted.
What are my password encryption options for
digestrealm-password-enc-algorithm? Can someone provide an example of how
a password of "1234" would be stored? The first step would be getting the
SHA-256 hash, which is
"03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4". I'm
just missing the next step of encrypting the password.
Here's my current realm configuration where I'm missing the property value
for digestrealm-password-enc-algorithm:
<auth-realm name="SimpleCRUD_Realm"
classname="com.sun.enterprise.security.ee.auth.realm.jdbc.JDBCRealm">
<property name="jaas-context" value="jdbcRealm"></property>
<property name="password-column" value="password"></property>
<property name="datasource-jndi" value="jdbc/SimpleCRUD_JDBC"></property>
<property name="group-table" value="user_role_view"></property>
<property name="charset" value="UTF-8"></property>
<property name="user-table" value="user_role_view"></property>
<property name="group-name-column" value="rolename"></property>
<property name="digest-algorithm" value="SHA-256"></property>
<property name="user-name-column" value="username"></property>
<property name="encoding" value="Hex"></property>
<property name="digestrealm-password-enc-algorithm" value="?"></property>
</auth-realm>
No comments:
Post a Comment