Data Source password encryption in JBoss
Author: Xiao Hongye 2007.4.7
1. First, let's look at a common data source configuration file.
Code
- <? XML version = "1.0" encoding = "UTF-8"?>
- <Datasources>
- <Local-TX-datasource>
- <JNDI-Name> mysqlds </JNDI-Name> // JNDI name
- <Use-Java-context> false </use-Java-context>
- <Connection-URL> JDBC: mysql: // 10.16.175.20.: 3306/test </connection-URL> // URL
- <Driver-class> com. MySQL. JDBC. Driver </driver-class> // driver
- <User-Name> root </user-Name> // User Name
- <Password> 123456 </password> // Password
- <Exception-sorter-class-Name>
- Org. JBoss. Resource. Adapter. JDBC. Vendor. mysqlexceptionsorter
- </Exception-sorter-class-Name>
- <Metadata>
- <Type-mapping> mysql </type-mapping>
- </Metadata>
- </Local-TX-datasource>
- </Datasources>
Let's take a look at this file. Both the user name and password are stored in plain text, which brings great security to the system. Therefore, we need to add a password for our plaintext password. This is the purpose of this Article.
2. Speaking of password encryption, here we use a class org. JBoss. Resource. Security. sedureidentityloginmodule under JBoss to see how we can use it to encrypt our passwords.
First look at an example of configuring the data source (mysql-ds.xml ):
Code
- <? XML version = "1.0" encoding = "UTF-8"?>
- <Datasources>
- <Local-TX-datasource>
- <JNDI-Name> mysqlds </JNDI-Name>
- <Use-Java-context> false </use-Java-context>
- <Connection-URL> JDBC: mysql: // 192.168.1.91: 3306/atteam </connection-URL>
- <Driver-class> com. MySQL. JDBC. Driver </driver-class>
- <Security-domain> encryptdbpassword </security-domain> // here you do not need to write your user name and password, we can do something in the login-config.xml, it is OK
- <Exception-sorter-class-Name> org. JBoss. Resource. Adapter. JDBC. Vendor. mysqlexceptionsorter </exception-sorter-class-Name>
- <Metadata>
- <Type-mapping> mysql </type-mapping>
- </Metadata>
- </Local-TX-datasource>
- </Datasources>
Next we modify the server/default/CONF/login-config.xml file, add the following configuration file
Code
- <Application-Policy Name = "encryptdbpassword"> // The name here should be the security-domain string you wrote When configuring the data source.
- <Authentication>
- <Login-module code = "org. JBoss. Resource. Security. secureidentityloginmodule"
- Flag = "required">
- <Module-option name = "username"> test </Module-option> // User Name of the database
- <Module-option name = "password"> 64c5fd2979a86168 </Module-option> // password of the database, which is encrypted.
- <Module-option name = "managedconnectionfactoryname"> JBoss. JCA: service = localtxcm, name = mysqlds </Module-option>
- // Note that the name is the same as the JNDI-name of your data source. Here is mysqlds
- </Login-module>
- </Authentication>
- </Application-Policy>
3. To add, where did the encrypted password come from)
Java-CP "D:/tddownload/jboss-4.2.0.CR1/jboss-4.2.0.CR1/lib/jboss-jmx.jar; D:/tddownload/jboss-4.2.0.CR1/jboss-4.2.0.CR1/lib/jboss-common.jar; D: /tddownload/jboss-4.2.0.CR1/jboss-4.2.0.CR1/Server/default/lib/jboss-jca.jar; D:/tddownload/jboss-4.2.0.CR1/jboss-4.2.0.CR1/Server/default/lib/jbosssx. jar "org. JBoss. resource. security. secureidentityloginmodule 123456
Encoded password: 64c5fd2979a86168
Write your own path and the password you want to encrypt. The password I want to encrypt here is 123456. After encryption, it is 64c5fd2979a86168.