diff --git a/elytron/src/main/java/org/wildfly/extension/elytron/JdbcRealmDefinition.java b/elytron/src/main/java/org/wildfly/extension/elytron/JdbcRealmDefinition.java
diff --git a/elytron/src/main/resources/org/wildfly/extension/elytron/LocalDescriptions.properties b/elytron/src/main/resources/org/wildfly/extension/elytron/LocalDescriptions.properties
@@ -655,12 +655,15 @@ elytron.jdbc-realm.principal-query.algorithm=The algorithm for a specific passwo
 elytron.jdbc-realm.principal-query.password-index=The column index from an authentication query that represents the user's password.
 elytron.jdbc-realm.principal-query.salt-index=The column index from an authentication query that represents the password's salt, if supported.
 elytron.jdbc-realm.principal-query.iteration-count-index=The column index from an authentication query that represents the password's iteration count, if supported.
+elytron.jdbc-realm.principal-query.hash-encoding=The encoding of the user's password hash.
+elytron.jdbc-realm.principal-query.salt-encoding=The encoding of the password's salt.
 # Password Mapper Complex Attributes
 elytron.jdbc-realm.principal-query.clear-password-mapper=A key mapper that maps a column returned from a SQL query to a Clear Password key type.
 elytron.jdbc-realm.principal-query.bcrypt-mapper=A key mapper that maps a column returned from a SQL query to a Bcrypt key type.
 elytron.jdbc-realm.principal-query.salted-simple-digest-mapper=A key mapper that maps a column returned from a SQL query to a Salted Simple Digest key type.
 elytron.jdbc-realm.principal-query.simple-digest-mapper=A key mapper that maps a column returned from a SQL query to a Simple Digest key type.
 elytron.jdbc-realm.principal-query.scram-mapper=A key mapper that maps a column returned from a SQL query to a Scram key type.
+elytron.jdbc-realm.principal-query.modular-crypt-mapper=A key mapper that maps a column returned from a SQL query to a Modular Crypt key type.
 # Attribute Mapping Attributes
 elytron.jdbc-realm.principal-query.attribute-mapping=The attribute mappings defined for this resource.
 elytron.jdbc-realm.principal-query.index=The column index from a query that representing the mapped attribute.

diff --git a/elytron/src/main/resources/schema/wildfly-elytron_5_0.xsd b/elytron/src/main/resources/schema/wildfly-elytron_5_0.xsd
@@ -1098,6 +1098,7 @@
             <xs:element name="simple-digest-mapper" type="simpleDigestMapperType" minOccurs="0"/>
             <xs:element name="salted-simple-digest-mapper" type="saltedSimpleDigestMapperType" minOccurs="0"/>
             <xs:element name="scram-mapper" type="scramMapperType" minOccurs="0"/>
+            <xs:element name="modular-crypt-mapper" type="modularCryptMapperType" minOccurs="0"/>
             <xs:element name="attribute-mapping" type="jdbcAttributeMappingType" minOccurs="0"/>
         </xs:all>
         <xs:attribute name="sql" type="xs:string" use="required">
@@ -1211,6 +1212,32 @@
                 </xs:restriction>
             </xs:simpleType>
         </xs:attribute>
+        <xs:attribute name="hash-encoding" default="base64">
+            <xs:annotation>
+                <xs:documentation>
+                    The encoding of the password hash.
+                </xs:documentation>
+            </xs:annotation>
+            <xs:simpleType>
+                <xs:restriction base="xs:string">
+                    <xs:enumeration value="base64"/>
+                    <xs:enumeration value="hex"/>
+                </xs:restriction>
+            </xs:simpleType>
+        </xs:attribute>
+        <xs:attribute name="salt-encoding" default="base64">
+            <xs:annotation>
+                <xs:documentation>
+                    The encoding of the password salt.
+                </xs:documentation>
+            </xs:annotation>
+            <xs:simpleType>
+                <xs:restriction base="xs:string">
+                    <xs:enumeration value="base64"/>
+                    <xs:enumeration value="hex"/>
+                </xs:restriction>
+            </xs:simpleType>
+        </xs:attribute>
     </xs:complexType>
 
     <xs:complexType name="saltedSimpleDigestMapperType">
@@ -1264,6 +1291,32 @@
                 </xs:restriction>
             </xs:simpleType>
         </xs:attribute>
+        <xs:attribute name="hash-encoding" default="base64">
+            <xs:annotation>
+                <xs:documentation>
+                    The encoding of the password hash.
+                </xs:documentation>
+            </xs:annotation>
+            <xs:simpleType>
+                <xs:restriction base="xs:string">
+                    <xs:enumeration value="base64" />
+                    <xs:enumeration value="hex" />
+                </xs:restriction>
+            </xs:simpleType>
+        </xs:attribute>
+        <xs:attribute name="salt-encoding" default="base64">
+            <xs:annotation>
+                <xs:documentation>
+                    The encoding of the password salt.
+                </xs:documentation>
+            </xs:annotation>
+            <xs:simpleType>
+                <xs:restriction base="xs:string">
+                    <xs:enumeration value="base64" />
+                    <xs:enumeration value="hex" />
+                </xs:restriction>
+            </xs:simpleType>
+        </xs:attribute>
     </xs:complexType>
 
     <xs:complexType name="simpleDigestMapperType">
@@ -1301,6 +1354,19 @@
                 </xs:restriction>
             </xs:simpleType>
         </xs:attribute>
+        <xs:attribute name="hash-encoding" default="base64">
+            <xs:annotation>
+                <xs:documentation>
+                    The encoding of the password hash.
+                </xs:documentation>
+            </xs:annotation>
+            <xs:simpleType>
+                <xs:restriction base="xs:string">
+                    <xs:enumeration value="base64" />
+                    <xs:enumeration value="hex" />
+                </xs:restriction>
+            </xs:simpleType>
+        </xs:attribute>
     </xs:complexType>
 
     <xs:complexType name="scramMapperType">
@@ -1360,6 +1426,52 @@
                 </xs:restriction>
             </xs:simpleType>
         </xs:attribute>
+        <xs:attribute name="hash-encoding" default="base64">
+            <xs:annotation>
+                <xs:documentation>
+                    The encoding of the password hash.
+                </xs:documentation>
+            </xs:annotation>
+            <xs:simpleType>
+                <xs:restriction base="xs:string">
+                    <xs:enumeration value="base64" />
+                    <xs:enumeration value="hex" />
+                </xs:restriction>
+            </xs:simpleType>
+        </xs:attribute>
+        <xs:attribute name="salt-encoding" default="base64">
+            <xs:annotation>
+                <xs:documentation>
+                    The encoding of the password salt.
+                </xs:documentation>
+            </xs:annotation>
+            <xs:simpleType>
+                <xs:restriction base="xs:string">
+                    <xs:enumeration value="base64" />
+                    <xs:enumeration value="hex" />
+                </xs:restriction>
+            </xs:simpleType>
+        </xs:attribute>
+    </xs:complexType>
+
+    <xs:complexType name="modularCryptMapperType">
+        <xs:annotation>
+            <xs:documentation>
+                A key mapper that maps a column returned from a SQL query to a Modular Crypt key type.
+            </xs:documentation>
+        </xs:annotation>
+        <xs:attribute name="password-index" use="required">
+            <xs:annotation>
+                <xs:documentation>
+                    The column index from an authentication query that represents the user password in Modular Crypt Format.
+                </xs:documentation>
+            </xs:annotation>
+            <xs:simpleType>
+                <xs:restriction base="xs:int">
+                    <xs:minInclusive value="1"/>
+                </xs:restriction>
+            </xs:simpleType>
+        </xs:attribute>
     </xs:complexType>
 
     <xs:complexType name="keyStoreRealmType">

diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/SubsystemTransformerTestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/SubsystemTransformerTestCase.java
@@ -16,8 +16,10 @@
 
 package org.wildfly.extension.elytron;
 
+import static org.jboss.as.model.test.FailedOperationTransformationConfig.REJECTED_RESOURCE;
 import static org.jboss.as.model.test.ModelTestControllerVersion.EAP_7_1_0;
 import static org.junit.Assert.assertTrue;
+import static org.wildfly.extension.elytron.ElytronDescriptionConstants.JDBC_REALM;
 
 import java.io.IOException;
 import java.util.List;
@@ -87,7 +89,18 @@ public void testRejectingTransformersEAP710() throws Exception {
     @Test
     public void testRejectingTransformersEAP720() throws Exception {
         // TODO Once the controller version EAP_7_2_0 is available this should switch to use it.
-        testRejectingTransformers(EAP_7_1_0, "elytron-transformers-4.0-reject.xml", new FailedOperationTransformationConfig());
+        testRejectingTransformers(EAP_7_1_0, "elytron-transformers-4.0-reject.xml", new FailedOperationTransformationConfig()
+                .addFailedAttribute(SUBSYSTEM_ADDRESS.append(PathElement.pathElement(ElytronDescriptionConstants.KERBEROS_SECURITY_FACTORY)),
+                        new FailedOperationTransformationConfig.NewAttributesConfig(KerberosSecurityFactoryDefinition.FAIL_CACHE)
+                )
+                .addFailedAttribute(SUBSYSTEM_ADDRESS.append(PathElement.pathElement(JDBC_REALM, "JdbcBcryptHashHex")), REJECTED_RESOURCE)
+                .addFailedAttribute(SUBSYSTEM_ADDRESS.append(PathElement.pathElement(JDBC_REALM, "JdbcBcryptSaltHex")), REJECTED_RESOURCE)
+                .addFailedAttribute(SUBSYSTEM_ADDRESS.append(PathElement.pathElement(JDBC_REALM, "JdbcSaltedSimpleDigestHashHex")), REJECTED_RESOURCE)
+                .addFailedAttribute(SUBSYSTEM_ADDRESS.append(PathElement.pathElement(JDBC_REALM, "JdbcSaltedSimpleDigestSaltHex")), REJECTED_RESOURCE)
+                .addFailedAttribute(SUBSYSTEM_ADDRESS.append(PathElement.pathElement(JDBC_REALM, "JdbcSimpleDigestHashHex")), REJECTED_RESOURCE)
+                .addFailedAttribute(SUBSYSTEM_ADDRESS.append(PathElement.pathElement(JDBC_REALM, "JdbcScramHashHex")), REJECTED_RESOURCE)
+                .addFailedAttribute(SUBSYSTEM_ADDRESS.append(PathElement.pathElement(JDBC_REALM, "JdbcScramSaltHex")), REJECTED_RESOURCE)
+                .addFailedAttribute(SUBSYSTEM_ADDRESS.append(PathElement.pathElement(JDBC_REALM, "JdbcModularCrypt")), REJECTED_RESOURCE));
     }
 
     @Test

diff --git a/elytron/src/test/resources/org/wildfly/extension/elytron/elytron-subsystem-5.0.xml b/elytron/src/test/resources/org/wildfly/extension/elytron/elytron-subsystem-5.0.xml
@@ -48,6 +48,19 @@
                 <scram-mapper algorithm="scram-sha-512" password-index="1" salt-index="2" iteration-count-index="10000"/>
             </principal-query>
         </jdbc-realm>
+        <jdbc-realm name="JdbcRealm">
+            <principal-query sql="SELECT role, password, salt, ic FROM User WHERE username = ?" data-source="ExampleDS">
+                <attribute-mapping>
+                    <attribute index="1" to="role"/>
+                </attribute-mapping>
+                <clear-password-mapper password-index="2"/>
+                <bcrypt-mapper password-index="2" salt-index="3" iteration-count-index="4" hash-encoding="hex" salt-encoding="hex"/>
+                <salted-simple-digest-mapper password-index="2" salt-index="3" algorithm="password-salt-digest-sha-1" hash-encoding="hex" salt-encoding="hex"/>
+                <simple-digest-mapper password-index="2" hash-encoding="hex" algorithm="simple-digest-sha-1"/>
+                <scram-mapper password-index="2" salt-index="3" iteration-count-index="4" hash-encoding="hex" salt-encoding="hex" algorithm="scram-sha-1"/>
+                <modular-crypt-mapper password-index="2"/>
+            </principal-query>
+        </jdbc-realm>
         <properties-realm name="PropRealm">
             <users-properties path="users-hashed.properties" relative-to="jboss.server.config.dir"/>
         </properties-realm>

diff --git a/elytron/src/test/resources/org/wildfly/extension/elytron/elytron-transformers-1.2.xml b/elytron/src/test/resources/org/wildfly/extension/elytron/elytron-transformers-1.2.xml
@@ -22,7 +22,7 @@
     <mappers>
         <simple-permission-mapper name="SimplePermissionMapperLegacy" mapping-mode="and">
             <permission-mapping match-all="true">
-                <permission class-name="a.b.MyPermission" />
+                <permission class-name="java.security.AllPermission" />
             </permission-mapping>
         </simple-permission-mapper>
         <simple-permission-mapper name="SimplePermissionMapper" mapping-mode="and">
@@ -36,10 +36,10 @@
     </mappers>
     <permission-sets>
         <permission-set name="my-permission">
-            <permission class-name="a.b.MyPermission" />
+            <permission class-name="java.io.FilePermission" target-name="/tmp" action="read,write" />
         </permission-set>
         <permission-set name="user-permissions">
-            <permission class-name="a.b.UserPermission" />
+            <permission class-name="java.io.FilePermission" target-name="/home" action="read" />
         </permission-set>
     </permission-sets>
     <policy name="elytron-a">

diff --git a/elytron/src/test/resources/org/wildfly/extension/elytron/elytron-transformers-4.0-reject.xml b/elytron/src/test/resources/org/wildfly/extension/elytron/elytron-transformers-4.0-reject.xml
@@ -1,2 +1,44 @@
 <subsystem xmlns="urn:wildfly:elytron:5.0">
+    <security-realms>
+        <jdbc-realm name="JdbcBcryptHashHex">
+            <principal-query sql="SELECT role, password, salt, ic FROM User WHERE username = ?" data-source="ExampleDS">
+                <bcrypt-mapper password-index="2" salt-index="3" iteration-count-index="4" hash-encoding="hex"/>
+            </principal-query>
+        </jdbc-realm>
+        <jdbc-realm name="JdbcBcryptSaltHex">
+            <principal-query sql="SELECT role, password, salt, ic FROM User WHERE username = ?" data-source="ExampleDS">
+                <bcrypt-mapper password-index="2" salt-index="3" iteration-count-index="4" salt-encoding="hex"/>
+            </principal-query>
+        </jdbc-realm>
+        <jdbc-realm name="JdbcSaltedSimpleDigestHashHex">
+            <principal-query sql="SELECT role, password, salt, ic FROM User WHERE username = ?" data-source="ExampleDS">
+                <salted-simple-digest-mapper password-index="2" salt-index="3" algorithm="password-salt-digest-sha-1" hash-encoding="hex"/>
+            </principal-query>
+        </jdbc-realm>
+        <jdbc-realm name="JdbcSaltedSimpleDigestSaltHex">
+            <principal-query sql="SELECT role, password, salt, ic FROM User WHERE username = ?" data-source="ExampleDS">
+                <salted-simple-digest-mapper password-index="2" salt-index="3" algorithm="password-salt-digest-sha-1" salt-encoding="hex"/>
+            </principal-query>
+        </jdbc-realm>
+        <jdbc-realm name="JdbcSimpleDigestHashHex">
+            <principal-query sql="SELECT role, password, salt, ic FROM User WHERE username = ?" data-source="ExampleDS">
+                <simple-digest-mapper password-index="2" hash-encoding="hex" algorithm="simple-digest-sha-1"/>
+            </principal-query>
+        </jdbc-realm>
+        <jdbc-realm name="JdbcScramHashHex">
+            <principal-query sql="SELECT role, password, salt, ic FROM User WHERE username = ?" data-source="ExampleDS">
+                <scram-mapper password-index="2" salt-index="3" iteration-count-index="4" hash-encoding="hex" algorithm="scram-sha-1"/>
+            </principal-query>
+        </jdbc-realm>
+        <jdbc-realm name="JdbcScramSaltHex">
+            <principal-query sql="SELECT role, password, salt, ic FROM User WHERE username = ?" data-source="ExampleDS">
+                <scram-mapper password-index="2" salt-index="3" iteration-count-index="4" salt-encoding="hex" algorithm="scram-sha-1"/>
+            </principal-query>
+        </jdbc-realm>
+        <jdbc-realm name="JdbcModularCrypt">
+            <principal-query sql="SELECT role, password, salt, ic FROM User WHERE username = ?" data-source="ExampleDS">
+                <modular-crypt-mapper password-index="2"/>
+            </principal-query>
+        </jdbc-realm>
+    </security-realms>
 </subsystem>