我是否可以使用jboss提供的API来访问login-config.xml并解密加密的密码?
答案 0 :(得分:5)
“jaas就是这种方式”至少对于较旧的jboss版本(4.x)是默认密钥。你可以尝试这样的东西来解码编码的字节。
public static String decode( String secret ) {
String retString = "";
try {
byte[] kbytes = "jaas is the way".getBytes();
SecretKeySpec key = new SecretKeySpec( kbytes, "Blowfish" );
BigInteger n = new BigInteger( secret, 16 );
byte[] encoding = n.toByteArray();
Cipher cipher = Cipher.getInstance( "Blowfish" );
cipher.init( Cipher.DECRYPT_MODE, key );
byte[] decode = cipher.doFinal( encoding );
retString = new String( decode );
} catch (Exception ignore) {
ignore.printStackTrace();
}
return retString;
}
其他一些信息
http://www.docjar.com/html/api/org/jboss/resource/security/SecureIdentityLoginModule.java.html