Another VERY important point.
Look at your realm configuration for the digest-algorithm value. Here is mine:
<property name="digest-algorithm" value="MD5"/>
If you have a digest-algorithm set in there -- then the passwords in your DB have to be digests. I.e. the realm at runtime will get a clear-text password from the user. The realm will digest it and turn it into a "HEX String". Then it will compare that String to whatever is in the DB.
If you have this issue there are 2.5 ways to solve it:
1) temporary solution: set digest-algorithm to a blank or delete the property
-- You want encrypted passwords in your DB eventually, but it's somewhat of a hassle point when you're just trying to get things to work!
2) Use the code below to change a clear-test password to the right format for the DB
2.5) If your digest algorithm is set to MD5, here is a sample password you can put into the DB:
"xyz" --> d16fb36f0911f878998c136191af705e
public static String hashPassword(String password)
{
MessageDigest md;
try
{
md = MessageDigest.getInstance("MD5");
}
catch (NoSuchAlgorithmException ex)
{
// can't happen!
return password;
}
byte[] bytes = password.getBytes();
synchronized(md)
{
md.reset();
bytes = md.digest(bytes);
}
return hexEncode(bytes);
}
private static String hexEncode(byte[] bytes)
{
StringBuilder sb = new StringBuilder(2 * bytes.length);
for (int i = 0; i < bytes.length; i++)
{
int low = (int)(bytes[i] & 0x0f);
int high = (int)((bytes[i] & 0xf0) >> 4);
sb.append(HEXADECIMAL[high]);
sb.append(HEXADECIMAL[low]);
}
return sb.toString();
}
private static final char[] HEXADECIMAL = { '0', '1', '2', '3',
'4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
[Message sent by forum member 'bnevins' (bnevins)]
http://forums.java.net/jive/thread.jspa?messageID=239231