Showing posts with label JBoss. Show all posts
Showing posts with label JBoss. Show all posts

Monday, April 1, 2013

How to use encrypted password in JBoss EAP 6 datasource


In order to use encrypted password in EAP 6 datasource follow the bellow mentioned steps:
Step-1). Encrypt the database password by running the following script:
JBOSS_HOME=/apps/jboss-jpp-6.0

echo "Please enter the password to be encrypted"

read password

java -cp $JBOSS_HOME/modules/org/picketbox/main/picketbox-4.0.14.Final-redhat-3.jar:$JBOSS_HOME/modules/org/picketbox/main/picketbox-commons-1.0.0.final-redhat-2.jar:$JBOSS_HOME/modules/org/picketbox/main/picketbox-infinispan-4.0.14.Final-redhat-2.jar:$JBOSS_HOME/modules/org/jboss/logging/main/jboss-logging-3.1.2.GA-redhat-1.jar org.picketbox.datasource.security.SecureIdentityLoginModule $password
Step-2). In your JBoss configuration file like "standalone.xml", "standalone-full.xml", "domain.xml"...etc in the [subsystem xmlns="urn:jboss:domain:security:1.2"] subsystem create a by specifying the encrypted database password as following:
Step-3). Create a DataSource like following by specifying the rather than passing the cleartext username & password:

  jdbc:mysql://localhost:3306/testDB
  com.mysql.jdbc.Driver
  mysql-connector-java-5.1.13-bin.jar
  
   encryptedSecurityDomain
Step-4). Restart your JBoss EAP6 and then with the help of CLI utility you can test your DataSource as following:
In Standalone mode:
[standalone@localhost:9999 /] /subsystem=datasources/data-source=MySqlDS_Pool:test-connection-in-pool { "outcome" => "success", "result" => [true] } Reference : https://access.redhat.com/knowledge/solutions/184963


Posted by at 2 comments:
Labels:

Wednesday, March 28, 2012

How to encrypt database passwords using SecureIdentityLoginModule

1. Encrypt password

For JBoss EAP 4.3, using the script below below:
        
JBOSSHOME=/apps/jboss-epp-5.1/jboss-as
PROFILE=production
echo "Please enter the password to be encrypted"
read password
java -cp $JBOSSHOME/lib/jboss-common.jar:$JBOSSHOME/lib/jboss-jmx.jar:$JBOSSHOME/server/$PROFILE/lib/jbosssx.jar:$JBOSSHOME/server/$PROFILE/lib/jboss-jca.jar org.jboss.resource.security.SecureIdentityLoginModule $password
For JBoss EAP 5.1, using the script below below: 
        
JBOSSHOME=/apps/jboss-epp-5.1/jboss-as
PROFILE=production
echo "Please enter the password to be encrypted"
read password
java -cp $JBOSSHOME/client/jboss-logging-spi.jar:$JBOSSHOME/lib/jbosssx.jar org.jboss.resource.security.SecureIdentityLoginModule $password
2. Set the username and encrypted password (generated in the previous step) and the managedConnectionFactoryName for your datasource

<policy>
    <!-- Example usage of the SecureIdentityLoginModule -->
    <application-policy name="EncryptDBPassword">
        <authentication>
            <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
                <module-option name="username">admin</module-option>
                <module-option name="password">5dfc52b51bd35553df8592078de921bc</module-option>
                <!-- Use this managedConnectionFactoryName for non-XA datasource -->
                <module-option name="managedConnectionFactoryName">jboss.jca:name=PostgresDS,service=LocalTxCM</module-option>                <!-- Use this managedConnectionFactoryName for XA datasource --> 

                <!-- <module-option name="managedConnectionFactoryName">jboss.jca:name=PostgresDS,service=XATxCM</module-option> --&gt; 

            </login-module>
        </authentication>
    </application-policy>
</policy>

3. Edit  your datasource, removing the username and password properties and  adding the security-domain you created in the previous step










<?xml version="1.0" encoding="UTF-8"?>
<datasources>
    <local-tx-datasource>
        <jndi-name>PostgresDS</jndi-name>
        <connection-url>jdbc:postgresql://127.0.0.1:5432/test?protocolVersion=2</connection-url>
        <driver-class>org.postgresql.Driver</driver-class>
        <min-pool-size>1</min-pool-size>
        <max-pool-size>20</max-pool-size>
        <security-domain>EncryptDBPassword</security-domain>
        <metadata>
            <type-mapping>PostgreSQL 8.0</type-mapping>
        </metadata>
    </local-tx-datasource>
</datasources>






4. The login-config.xml entry for the EncryptDBPassword would look like:




<policy>
    <!-- Example usage of the SecureIdentityLoginModule -->
    <application-policy name="EncryptDBPassword">
        <authentication>
            <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
                <module-option name="username">admin</module-option>
                <module-option name="password">5dfc52b51bd35553df8592078de921bc</module-option>
                <module-option name="managedConnectionFactoryName">jboss.jca:name=PostgresDS,service=LocalTxCM</module-option>
            </login-module>
        </authentication>
    </application-policy>
</policy>






Reference to https://community.jboss.org/wiki/EncryptingDataSourcePasswords









Posted by



at





No comments:
  












Labels:













        

      









Subscribe to:
Posts (Atom)