Glassfish安全 - jdbcRealm：如何使用SHA-256摘要配置登录 [英] Glassfish Security - jdbcRealm: How to configure login with SHA-256 digest

问题描述

我在我的glassfish v3.0.1 b22中使用jdbcRealm进行安全性测试。它的设置是为了使用我的数据库中的USER表进行身份验证，方法是访问以下博客： http ：//blogs.oracle.com/foo/entry/mort_learns_jdbc_realm_authentication 。如果我将摘要算法作为纯文本保留，我就能正常工作。但是，当我尝试使用SHA-256摘要算法时，它停止工作。
我所做的是在Glassfish - Security - Realm - jdbcRealm中指定 - 我想要SHA-256（我只是在摘要字段中键入SHA-256）。然后我编写了一个简单的Java程序将密码文本转换为SHA-256哈希。然后将该散列粘贴到数据库中的密码字段中。顺便说一句，密码字段是类型varchar（30）。我不能再登录了。有一件事我注意到，我的简单Java程序每次都为同一文本字段生成不同的散列。

I use jdbcRealm for security in my glassfish v3.0.1 b22. It is set up so that it use the USER table inside my database for authentication by following this blog: http://blogs.oracle.com/foo/entry/mort_learns_jdbc_realm_authentication. I got it working fine, if I leave the digest algorithm as plain text. However when i try to use SHA-256 for digest algorithm, it stop working. What I did is specify in Glassfish - Security - Realm - jdbcRealm - digest that I want SHA-256 (I just type SHA-256 inside digest field). Then I wrote a simple Java program to convert password text into SHA-256 hash. I then paste that hash inside my password field in the database. By the way, password field is type varchar(30). I cant log in anymore. One thing I notice that my simple Java program generated different hash every time for the same text field.

以下是我简单的java程序：

Below are my simple java program:

        MessageDigest md = MessageDigest.getInstance("SHA-256");
        String text = "admin";
        md.update(text.getBytes("UTF-8"));
        byte[] digest = md.digest();
        System.out.println(digest.toString());

推荐答案

jdbcRealm允许编码hex或base64的值。您需要在领域配置和代码中指定其中之一，将字节数组转换为以下格式之一：

The jdbcRealm allows encoding values of hex or base64. You need to specify one of these in your realm configuration and in your code, convert the byte array into one of these formats:

Base64：

import com.sun.org.apache.xml.internal.security.utils.Base64;
...
byte[] digest = md.digest();
System.out.println(Base64.encode(digest));

十六进制：

Hex:

...
byte[] digest = md.digest();
StringBuffer sb = new StringBuffer();
for (int i = 0; i < digest.length; i++) {
    String hex = Integer.toHexString(0xff & digest[i]);
    if (hex.length() == 1) sb.append('0');
    sb.append(hex);
}
System.out.println(sb.toString());

您需要增加密码字段的大小。 SHA-256 base64和hex值分别为45和64个字符。

You'll need to increase the size of your password field. SHA-256 base64 and hex values are 45 and 64 characters in length, respectively.

这篇关于Glassfish安全 - jdbcRealm：如何使用SHA-256摘要配置登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！