Em Andamento

Security Jboss

> > *We need to develop and authentication policy using jboss4.2.3 to access to a sqlserver database that has encripted the password using the following .NET Function.

> > *

> >

> >

> > **********************

> > **********************

## Deliverables

*public static string Encrypt(string clearText, string Password)*

**{**

*** byte[] clearData = [url removed, login to view](<wbr />*clearText);**

**** PasswordDeriveBytes bytes = new PasswordDeriveBytes(Password, new byte[] { 0x49, 0x76, 0x61, 110, 0x20, 0x4d, 0x65, 100, 0x76, 0x65, 100, 0x65, 0x76 });****

***** return [url removed, login to view](<wbr />*Encrypt(clearData, [url removed, login to view](0x20), [url removed, login to view](0x10)));****

******}******

******* *******

********public static byte[] Encrypt(byte[] clearData, byte[] Key, byte[] IV)********

*********{*********

********** MemoryStream stream = new MemoryStream();**********

*********** Rijndael rijndael = [url removed, login to view]();***********

************ [url removed, login to view] = Key;************

************* [url removed, login to view] = IV;*************

************** CryptoStream stream2 = new CryptoStream(stream, [url removed, login to view](), [url removed, login to view]);**************

*************** [url removed, login to view](clearData, 0, [url removed, login to view]);***************

**************** [url removed, login to view]();****************

***************** return [url removed, login to view]();*****************

******************}******************

*******************Name: System.Security.Cryptography.**R<wbr />**ijndael found in

*******************

Assembly: mscorlib, Version=1.0.5000.0. There is no password encription

The idea it to include a clase in the login-config xml able to connect to the database and validate the user password against a table. At this moment we have in our java web code.

<security-constraint>

<web-resource-collection>

<web-resource-name>Administrador</web-resource-name>

<url-pattern>/administracion/*</url-pattern>

<http-method>GET</http-method>

<http-method>POST</http-method>

</web-resource-collection>

<auth-constraint>

<role-name>WebDescargasCompleto</role-name>

</auth-constraint>

<user-data-constraint>

<transport-guarantee>NONE</transport-guarantee>

</user-data-constraint>

</security-constraint>

<login-config>

<auth-method>FORM</auth-method>

<form-login-config>

<form-login-page>/[url removed, login to view]</form-login-page>

<form-error-page>/[url removed, login to view]</form-error-page>

</form-login-config>

</login-config>

<security-role>

<description>Controla los accesos al Administrador</description>

<role-name>WebDescargasCompleto</role-name>

</security-role>

But we need to adjust it in order to connect to the sqlserver and retrieve the password. Once the user login the system must validate the user against the server and using a similar algorythm implemented in java.

At this moment we are connecting to the database directly but we have the problem that the password is encrypted so we must change the implementation in order to validate the user.

<application-policy name = "conjuntosreferenciaSIB">

<authentication>

<login-module code = "[url removed, login to view]"

flag = "required">

<module-option name = "dsJndiName">java:/seguridadDS</module-option>

<module-option name = "principalsQuery">SELECT clave as password FROM suscriptor WHERE email=?</module-option>

<module-option name = "rolesQuery">SELECT nomcontrato as role, 'Roles' from contrato ct, suscriptorcontrato sct, suscriptor s WHERE nomcontrato = 'WebDescargasCompleto' AND ct.id_contrato = [url removed, login to view] AND [url removed, login to view] = s.id_suscriptor AND [url removed, login to view] =?</module-option>

<module-option name="debug">true</module-option>

</login-module>

</authentication>

</application-policy>**********************

**********************

Habilidades: Engenharia, Java, Javascript, Microsoft Access, MySQL, PHP, Arquitetura de software, Teste de Software, Hospedagem Web, Gestão de Site , Teste de Website

Ver mais: web assembly, the algorythm, string pattern, server assembly, sct transport, pattern string, module assembly, jboss login, jboss 7, java web xml login config, java to assembly, java assembly, error page in jsp, database assembly, c string pattern, convert assembly to java, assembly xml, assembly web, assembly java, assembly database, encrypt php code, unicode system, server roles, security s, need a new security code

Acerca do Empregador:
( 8 comentários ) Colombia

ID do Projeto: #2932946

Premiar a:

dennisivw

See private message.

$127.5 USD em 24 dias
(106 Avaliações)
7.2

2 freelancers are bidding on average $121 for this job

altafrehman

See private message.

$114.75 USD in 24 dias
(4 Comentários)
2.3