I have this working in Glassfish, and if I do not hash my passwords (so they are plain text) it works fine.
But, if I try to use hashing, I can't get it to work. In my Java code, when I create a new user, I hash the password like this (using the defaults for charset encoding)
MessageDigest md5 = MessageDigest.getInstance("MD5");
byte[] hashedPassword = md5.digest(password.getBytes());
return new String(hashedPassword);
And in the properties for the realm I set the "password.digest" property to MD5.
Note, I'll be using SHA-512 in reality but am trying MD5 for simplicity, since it's mentioned in the docs for FlexibleJDBCRealm.
Any ideas? Thanks
PS is there is a more 'official' version of this kind of realm included with Java nowadays? It would be great if FlexibleJDBCRealm (or similar) was built-in to Java EE at some point.
I was doing two things wrong:
I was not consistently using charset encoding. I now use Charset.defaultCharset().name() which is also the default used by FJDBCR:
MessageDigest sha = MessageDigest.getInstance("MD5");
byte[] digestedPassword = sha.digest(password.getBytes(Charset.defaultCharset().name()));
return new String(digestedPassword, Charset.defaultCharset().name());
Note it is used in BOTH the second and third lines in the above code.
I was also not setting the password.encoding property (assuming TEXT would be used as the default).
All works now. Just going to add a seed next, and use SHA-512 and I should be up and running