Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This is the standard jboss module. For jboss 5 add the following to the login-config.xml file 

Code Block
titleJboss 5 database login
languagexml
<application-policy name="bwselfreg">

...


      <authentication>
          <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

...


              <module-option name="dsJndiName"

...

>java:/

...

selfregDS</module-option>

...


             
 <module-option name="principalsQuery">select bw_pw from 
bw_accounts where bw_account=? and bw_enabled='T'</module-option>

...


             
 <module-option name="rolesQuery">select bw_role, 'Roles' from 
bw_roles where bw_account=?</module-option>

...


              <module-option name="hashAlgorithm">SHA</module-option>

...


              <module-option name="hashEncoding">base64</module-option>

...


          </login-module>

...


      </authentication>

...


  </application-policy>

 

For Wildfly add the following in the security-domains

Code Block
titleWildfly database login config
languagexml
<security-domain name="bwselfreg">
     <authentication>
          <login-module code="Database" flag="required">
             <module-option name="dsJndiName" value="java:/selfregDS"/>
             <module-option name="principalsQuery" value="select bw_pw from bw_accounts where bw_account=? and bw_enabled='T'"/>
             <module-option name="rolesQuery" value="select bw_role, 'Roles' from bw_roles where bw_account=?"/>
            <module-option name="hashAlgorithm" value="SHA"/>
            <module-option name="hashEncoding" value="base64"/>
        </login-module>
    </authentication>
 </security-domain>

 

Flow of messages

As usual with these we use a combination of web pages, captcha and email to try to produce a secure transaction. Fields of importance are the email, userid, a confirmation id (confid), current password (curPw), new password (newPw)

...