Home/ Questions/Q 8658381
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T15:45:10+00:00

Hi I have read Glassfish 3.1.2's JDBCRealm has a new Password Encryption Algorithm field.

  • 0

Hi I have read Glassfish 3.1.2's JDBCRealm has a new Password Encryption Algorithm field. What is it for? and googled for similar topics but it seems no definitive answer has been published.

In short, I have a jdbc realm working in glassfish 3, when I upgrade to 3.1.2, same configuration does not work. According to the previous thread, I have set the JaasContext to jdbcDigestRealm (in addition to jdbcRealm which also does not work), set the Digest Algorithm to MD5 (I used MD5 in v 3 and it worked). For Password Encryption Algorithm I tried ‘blank’, and ‘hex’, both do not work.

Could someone please tell me how I should configure. My credentials table is based on mysql with MD5 hashed passwords according to http://jugojava.blogspot.hk/2011/02/jdbc-security-realm-with-glassfish-and.html.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I succeed to make it works with the following settings. I add a few comments with my current (mis)understanding.

    • JAASContext = “jdbcRealm” => The value must be set according to file ‘glassfish3/glassfish/domains/domain1/config/login.conf’. By default, the class ‘com.sun.enterprise.security.auth.login.JDBCLoginModule’ (which implement the JDBCrealm) is configured under “jdbcRealm”. There is another login module configured under “jdbcDigestRealm”. This one is not part of the current topic.
    • JNDI = “…” => I put there the name of a datasource that already
      exists for the database of my application.
    • UserTable = “MY_SCHEMA.usertable” => The ‘full qualified name’ of the
      database table.
    • UserNameColumn = “userid” => column name where you store the user
      name
    • PasswordColumn = “password” => column name where you store the (hash
      of the) user passsword.
    • GroupTable = “MY_SCHEMA.grouptable” => The ‘full qualified name’ of
      the database table.
    • GroupTableUserNameColumn = “” => no clue about the usage of this…
    • GroupNameColumn = “groupid” => column name where you store the user
      name
    • AssignGroups = “” => As far as I understand the GF code, this is a way to assign a list of groups to every user registered in the realm. It’s kind of hard-coding. More or less every realm available on GlassFish (could) make use of this property.
    • DatabaseUser = “” => As I understood, you need this if you aren’t
      using the JNDI (the second parameter).
    • DatabasePassword = “” => As I understood, you need this if you aren’t
      using the JNDI (the second parameter).
    • DigestAlgorithm = “SHA-256” => ‘MD5’, ‘SHA-1’ or ‘SHA-256’. ‘SHA-256’
      is the default. Let’s take ‘SHA-256’.
    • PasswordEncryptionAlgorithm = “AES” => The digest algorithm is applied to the password before storing the password. The new password encryption is an added layer of security which allows the “hash” (the string after the DA has been applied to the password) to be encrypted. In this way, if an attacker retrieves the passwords from the database they are encrypted and hashed. It’s highly unlikely that such data would be useful to an attacker.
    • Encoding = “Hex” => You have the choice between ‘Hex’ or ‘Base64’.
      Hex was convenient for me.
    • Charset = “” => As my database does not have an ‘exotic’ charset, I
      do not think I need to set something smart there. I leave it blank
      and it works.

    Hope it will help.

    PS: If somebody have a link to REAL documentation (not the official one which is completly useless at this moment), please, put a link here.

    • 0