Change in the default digest-algorithm of JDBCRealm in Glassfish v3.1

In GlassFish 3.1, a change has been made to make the default-digest algorithm to be used in JDBCRealm configurable in domain.xml, the default configured value being SHA256. Earlier the default-digest-algorithm was MD5. So, for existing applications (which use digest-algorithm MD5) to work seamlessly in the latest builds, the default-digest-algorithm can be changed to MD5 by changing this property in the security-service element of domain.xml:

<property name="default-digest-algorithm" value="SHA-256"></property> 

Another option is to update the specific JDBCRealm to include the digest-algorithm property (MD5). This would override the default-digest-algorithm in the security-service element and set the it to the value specified in the auth-realm element. 


<auth-realm name="test" classname="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm">

<property name="digest-algorithm" value="MD5"></property>

....

</auth-realm> 

If an upgrade is performed from v2 or v3 to v3.1, this change of default algorithm is handled (i.e) for JDBCRealms in Glassfish v2x or v3, that did not specify any digest algorithm , on migration to v3.1, the digest-algorithm is specified as MD5(the old default) in the upgraded version so that the realms in the old versions are compatible in GlassFishv3.1. 

Comments:

Is there any way that in Glassfish v3 the digest algorithms can be configured to use a custom salt to make the algorithms more secure?

Posted by Edward Kennedy on January 27, 2011 at 10:00 AM SCT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

nitkal

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today
Bookmarks