Tuesday, July 13, 2010

How to use encrypted password in JBoss datasource


Target audience: Beginners
Version: JBoss 4.x

We configure the datasources in *-ds.xml files and place those files under \server\xxx\deploy location. The JBoss will scan any *-ds.xml under this location and create datasources.

I’m going to explain only how to use encrypted password in datasource configuration and i hope you all know how to configure the datasource. In this section, i going to configure a XA datasource with encrypted password.

JBoss provides a way to do configure datasource using encrypted password. The way is to use a “security-domain” property in the -ds.xml. This property should be mapped to a policy in login-config.xml under \server\xxx\conf location.

Look at the following sample -ds.xml files . I have commented out the section that are used when a clear text password is used. 



  
    XAOracleDS
    
    false
    oracle.jdbc.xa.client.OracleXADataSource
    jdbc:oracle:oci8:@tc
    
    
    OracleDSEncryptedLogon
    org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter
    
      
         Oracle9i
      
  

           name="jboss.jca:service=OracleXAExceptionFormatter">
    jboss:service=TransactionManager



A “security-domain” property is defined(or mapped) with a value “OracleDSEncryptedLogon”. This “OracleDSEncryptedLogon” is called login policy and it should be defined in login-config.xml .
Ok, How do we define the login policy?. The bellow section shows how to defined a login policy in login-config.xml under \server\xxx\conf location. 


.....


    
       
          
             scott
             5dfc52b51bd35553df8592078de921bc
             jboss.jca:name=XAOracleDS,service=XATxCM



As you see, A “OracleDSEncryptedLogon” is defined with a user name and a password. The password is a encrypted password and it should be an encrypted password. The org.jboss.resource.security.SecureIdentityLoginModule is used as code. This org.jboss.resource.security.SecureIdentityLoginModule is a JBoss’s built in tool to encrypt and decrypt text.
Note: As i use XA datatsource, i have configured “managedConnectionFactoryName” module option with the jndi name “XAOracleDS” given in -ds.xml file and with the service “XATxCM”.

Ok, Now we know how to configure the encrypted password. But i think we have to encrypt the password . It can be done with the same jboss tool org.jboss.resource.security.SecureIdentityLoginModule. Follow the steps
Step 1.Open a command prompt
Step 2. Go to your JBoss home (C:/Tools/jboss-4.2.3.GA/)
Step 3. Set /bin to the path if it has not been set yet.
Step 4. Excecute bellow command to run the encryption tool to generate the encrypted password.

java -cp lib/jboss-common.jar:lib/jboss-jmx.jar:server/default/lib/jbosssx.jar:server/default/lib/jboss-jca.jar org.jboss.resource.security.SecureIdentityLoginModule password
you will see the 
Encoded password: 5dfc52b51bd35553df8592078de921bc
Once you configured everything then just restart the server.
Hope this note will be helpful for you.
Posted by Kannan at 8:38 PM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)