Using LdapExtLoginModule with JaasSecurityDomain (securing passwords)


Blog Development
3 December, 2014 0

In our previous post, we wrote about how to connect a JBoss to LDAP defining a LdapExtLoginModule. As suggested by Terry’s comment, the password in the xml is in plain text. In this post, we’ll explain how to secure this password.

This is easy to do as suggested in the JBoss docs; add the following xml to the file $JBOSS_HOME/server/$PROFILE/conf/jboss-service.xml, which will add a JaasSecurityDomain bean to the jmx-console, which will be available for encrypting passwords in Base64:

<mbean code=””name=”,domain=jmx-console”><constructor><arg type=”java.lang.String” value=”jmx-console”></arg></constructor><attribute name=”KeyStorePass”>some_password</attribute><attribute name=”Salt”>abcdefgh</attribute><attribute name=”IterationCount”>66</attribute></mbean>

After this, start the JBoss server and navigate to the JMX Console (http://localhost:8080/jmx-console/ by default) and select the MBean.

On the page, look for the encode64(String password) method. Pass the plain text version of the password being used by the LdapExtLoginModule to this method and invoke it. The return value will be the encrypted version of the password encoded as Base64.

After this, open login-config.xml, edit the LdapExtLoginModule created previously, replacing the password with the encrypted one, and tell the module that the password is in encrypted form. The policy should look have the following lines (adding the jaasSecurityDomain option and editing the bindCredential):

<module-option name=”jaasSecurityDomain”>,domain=jmx-console</module-option><module-option name=”bindCredential”>6gf.s7eQiJi</module-option> <!– LDAP password: –>

Restart the server, and that’s it!

In this case, the keystore password is still as plain text in the jboss-service.xml file, but this password can be stored in a secure location, for example, using a keystore, as suggested in:


Leave a Reply

Your email address will not be published. Required fields are marked *

Wednesday December 3, 2014 - 21:12 Blog, Development
Recent posts
Managing React server state: a simpler approach

The role of the state The state is a property of each component that holds its data, it gives personality […]

Read More…

Continue reading
17 May, 2021
The Importance Of Retrospectives Meetings

What are retrospectives and why are they important? If you know SCRUM you will be familiar with the retrospective meeting […]

Read More…

Continue reading
10 May, 2021
Using Mockito to create Java Unit Test

Let’s start with the definition given by the official page. “Mockito is a mocking framework that tastes really good. It […]

Read More…

Continue reading
1 December, 2020
From idea to deploy

When the great idea and background just isn’t enough […]

Read More…

Continue reading
11 August, 2020