GlassFish 3 custom Realm password-column
https://stackoverflow.com/questions/8058155
-
24-02-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian题
I configured my glassfish custom realm with this properties:
Jaas: jdbcRealm
JNDI: jdbc/myDatasource
User Table: usuario
user name column: nombre
password-column: password
group-table: usuario
group-name column: grupo
this is the refered table in my database:
usuario:
| usuario |
____________________________________________
| nombre | password | grupo |
--------------------------------------------
| SSS | | ADMIN |
--------------------------------------------
| AAA | AAA | ADMIN |
--------------------------------------------
MY PROBLEM IS THIS:
User 'SSS' logs in without problem, so the realm is well done, AAA in the other hand can't get authentication, the password is not matching.
This is my login form:
<p:panel header="Login From">
<form method="POST" action="j_security_check">
Username: <input type="text" name="j_username" />
Password: <input type="password" name="j_password" />
<br />
<input type="submit" value="Login" />
<input type="reset" value="Reset" />
</form>
</p:panel>
One more thing, 'SSS' user logs in even if I write anything for a password for it in the login form.
Please, some help would be great. Thank you in advance.
解决方案
Are you aware that glassfish JDBCRealms use password hashing? So normally you would have to store hashed passwords in your database (Glassfish 3.1 JDBCRealm uses SHA-256 by default, prior versions use MD-5, other Realm types may have even different default hash algorithms).
The case that it works for an empty password may be that the server handles users with empty passwords as "anonymous" who can login without a password or with any password. Then your configuration would be a serious threat.
