Home > Articles > Security > Software Security

  • Print
  • + Share This
Like this article? We recommend

Like this article? We recommend

login-config.xml file

With this extension to the DatabaseServerLoginModule, the login-config.xml file now has a section that looks like this:

 <application-policy name="example">
  <authentication>
   <login-module code="com.dzrealms.example.LoginModule" flag="required">
    <module-option name = "unauthenticatedIdentity">guest</module-option>
    <module-option name="dsJndiName">java:/DefaultDS</module-option>
    <module-option name="principalsQuery">  
     select passwd from Users where username=? 
    </module-option> 
    <module-option name="isLoggedInQuery">
     select * from ActiveUsers where username=?
    </module-option>
    <module-option name="setLoggedInQuery">
     insert into ActiveUsers (username) values (?)
    </module-option>
    <module-option name="rolesQuery"> 
     select userRoles,'Roles' from UserRoles where username=? 
    </module-option>
    <module-option name="debug">true</module-option>
    <module-option name="hashAlgorithm">MD5</module-option>
    <module-option name="hashEncoding">base64</module-option>
    <module-option name="maxRetries">3</module-option>
    <module-option name="resetCounterQuery">
     update users set fla = 0 where username = ?
    </module-option>
    <module-option name="incrementCounterQuery">
     update users set fla = (select fla from users where username = ?) + 1
    </module-option>
    <module-option name="getCounterQuery">
     select fla from users where username = ?
    </module-option>
   </login-module>
  </authentication>
 </application-policy>

With these changes, the login module is flexible enough to handle a database change without affecting the login module's source code. Each of the variables needed in my login module are contained as module-option parameters in the login-config.xml file. In the case of the maxRetries, it adds a small amount of additional security because it requires a system restart to change the maxRetries.

  • + Share This
  • 🔖 Save To Your Account