Encrypting DataSource Passwords
1. Encrypt the database password by using SecureIdentityLoginModule in JBoss.
JBoss 3.2.5
|
$ cd jboss-3.2.5 $ java -cp 'lib/jboss-jmx.jar;lib/jboss-common.jar;server/default/deploy/jboss-jca.sar;server/default/lib/jbosssx.jar' org.jboss.resource.security.SecureIdentityLoginModule password Encoded password: 5dfc52b51bd35553df8592078de921bc
|
JBoss 4.0
|
$ cd jboss-4.0 $ java -cp "lib/jboss-jmx.jar;lib/jboss-common.jar;server/default/lib/jboss-jca.jar;server/default/lib/jbosssx.jar" org.jboss.resource.security.SecureIdentityLoginModule password Encoded password: 5dfc52b51bd35553df8592078de921bc
|
(P.S. I fail to generate encoded password by JBoss 3.2.5. Thus I use JBoss 4.0 library to generate it instead.)
2. The datasource oracle-ds.xml should then not use the user-name and password settings, and instead specify the security-domain that maps to the login-config.xml entry for the SecureIdentityLoginModule config.
(JBOSS 3.2.5: If oracle-ds.xml doesn’t exist, copy from “%JBOSS_HOME%docsexamplesjca”)
In oracle-ds.xml ( %JBOSS_HOME%serveralldeploy), replace the <user-name> and <password> with <security-domain> as below:
|
<datasources> <local-tx-datasource> <jndi-name>DefaultDS</jndi-name> <connection-url>jdbc:oracle:thin:@dev-db:1000:abc</connection-url> <driver-class>oracle.jdbc.driver.OracleDriver</driver-class> <blocking-timeout-millis>5000</blocking-timeout-millis> <idle-timeout-minutes>15</idle-timeout-minutes> <max-pool-size>20</max-pool-size> <min-pool-size>10</min-pool-size>
<!-- Use the security domain defined in conf/login-config.xml --> <security-domain>EncryptDBPassword</security-domain>
</local-tx-datasource> </datasources>
|
In login-config.xml (%JBOSS_HOME%serverallconf), add below code with encrypted password:
|
<policy> <!-- Example usage of the SecureIdentityLoginModule --> <application-policy name = "EncryptDBPassword"> <authentication> <login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" flag = "required"> <module-option name = "username">system</module-option> <module-option name = "password">5dfc52b51bd35553df8592078de921bc</module-option> <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option> </login-module> </authentication> </application-policy>
</policy>
|
Test Example Code in Java
| import javax.naming.Context; import javax.naming.InitialContext; import javax.rmi.PortableRemoteObject;
import javax.naming.NamingException; import javax.sql.DataSource; import java.sql.Connection; import java.sql.SQLException;
import java.util.Hashtable; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.ResultSetMetaData;
private String getDSData(){ String a = "Nothing"; try { Object obj = new InitialContext().lookup("java:DefaultDS"); DataSource ds = (DataSource)obj; Connection conn = null; conn = ds.getConnection(); conn.setAutoCommit(true); PreparedStatement pStmt = null;
pStmt = conn.prepareStatement("select * from TABLE1");
ResultSet rs = pStmt.executeQuery();
ResultSetMetaData rsmd = rs.getMetaData(); int numberOfColumns = rsmd.getColumnCount(); String[] columnNames = new String[numberOfColumns]; for (int i=0; i<columnNames.length; i++) { columnNames[i] = rsmd.getColumnName(i+1); }
while (rs.next()) { Hashtable values = new Hashtable(); for (int i=0; i<columnNames.length; i++) { Object value = rs.getObject(columnNames[i]); if (value!=null) values.put(columnNames[i],value); } a = values.toString();
} if (conn!=null) conn.close(); } catch (NamingException ex) { a=ex.toString(); } catch (SQLException ex) { a=ex.toString(); } catch(Exception ex){ a = ex.toString(); } return a; } |
Reference: http://wiki.jboss.org/wiki/Wiki.jsp?page=EncryptingDataSourcePasswords
No comments:
Post a Comment