I have password encrypted by Argon2id in database.
How can I change my configuration to let JBoss know that it have to use Argon2 to verify password?
standalone.xml
<security-domain name="databaseDomain">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:/datasources/hotel"/>
<module-option name="principalsQuery" value="select password from users where login=?"/>
<module-option name="rolesQuery" value="SELECT employee.position,'Roles' FROM users, employee WHERE employee.id=users.employeeId and login=?"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
</login-module>
</authentication>
</security-domain>
web.xml
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
jboss-web.xml
<jboss-web>
<security-domain>databaseDomain</security-domain>
</jboss-web>
I added ARGON2 with
<dependency>
<groupId>de.mkammerer</groupId>
<artifactId>argon2-jvm</artifactId>
<version>2.7</version>
</dependency>
I tried adding to standalone.xml
<module-option name="hashAlgorithm" value="ARGON2id"/>
but it didn't work and I wasn't that suprised about this. My form is calling to j_security_check
You need to implement your own login module, sounds scary, but actually it's not.
modules/system/layers/base/org/picketbox/main directory. I.e. for WF 21 the version of Picketbox is 5.0.3.Finalprovided-scoped dependency to your projectorg.jboss.security.auth.spi.DatabaseServerLoginModule class and overriding the convertRawPassword method - this is where you need to convert the user's input into the Argon2 formcode parameter in your login module configuration in standalone.xml. Wildfly will pick it from your deployment and use your implementation instead of the default one.This should work.