I recently upgraded Glassfish from 3.1.2 to 4.0 and wanted to configure the JDBCRealm, which I used earlier in my application, which uses FORM-based authentication. Passwords are hashed with SHA-256 in the database (this is the default Digest Algorithm option).
The realm has a feature that has become mandatory in this version of Glassfish: Password Encryption Algorithm. It's pretty unbelievable that the official Glassfish documentation says that it is optional, and a note in the input field says that it is a risk to leave it empty, however you cannot leave it empty, as it is required.
I canβt enter my application that worked before, regardless of what I installed in this property. (This is true for both newly registered and old users.) I worked for several days, but could not find options for this field. What are the options?
In addition, I use Glassfish with MySQL. Does Glassfish send hashed passwords encrypted in the database, or is it just a MySQL instruction to store hashed passwords with this type of encryption?
This question helped me somewhat, but did not solve my problem.
UPDATE: Actually, I am not using classic FORM-based authentication, but a JSF user form with programmatic HttpServletRequest#login() using HttpServletRequest#login() , but I do not think this is important in this matter.
glassfish jaas jdbcrealm
apcuk
source share