Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

How to configure secure DB password

(Based on the information from http://wiki.jboss.org/wiki/Wiki.jsp?page=EncryptingDataSourcePasswords)

  1. Create encrypted password
    From command line in the JBoss installation location: 
    [Windows]
$ java -cp "lib/jboss-jmx.jar;lib/jboss-common.jar;server/default/lib/jboss-jca.jar;server/default/lib/jbosssx.jar"
org.jboss.resource.security.SecureIdentityLoginModule <required_db_password>
Encoded password: 234a8537d08918bbe8baca2bdb0ac31dc3bc376bef610c0a

[Unix-like]
$ java -cp "lib/jboss-jmx.jar:lib/jboss-common.jar:server/default/lib/jboss-jca.jar:server/default/lib/jbosssx.jar"
org.jboss.resource.security.SecureIdentityLoginModule <required_db_password>
Encoded password: 234a8537d08918bbe8baca2bdb0ac31dc3bc376bef610c0a
    (info) Note: <required_db_password> = your database password.
  2. Modify mysql-ds.xml for the database (server\default\deploy\mysql-ds.xml) 
    <datasources>
 <local-tx-datasource>
  <jndi-name>MySqlDS</jndi-name>
  <connection-url>jdbc:mysql://localhost:3306/pacsdb</connection-url>
  <driver-class>com.mysql.jdbc.Driver</driver-class>
  <!-- Remove username/password information from here -->
  <!-- Use the security domain defined in conf/login-config.xml -->
  <security-domain>EncryptDBPassword</security-domain>
  <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.MySQLExceptionSorter</exception-sorter-class-name>
 </local-tx-datasource>
</datasources>
  3. Modify login-config.xml (server\default\conf\login-config.xml) 
    <policy>
  <!-- Example usage of the SecureIdentityLoginModule -->
  <application-policy name="EncryptDBPassword">
    <authentication>
      <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
        <module-option name="username">admin</module-option>
        <module-option name="password">234a8537d08918bbe8baca2bdb0ac31dc3bc376bef610c0a</module-option>
        <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=MySqlDS</module-option>
      </login-module>
    </authentication>
  </application-policy>
</policy>

(info) NOTE: The above configuration is for MySQL server. For all other databases, the proper name of the DB's jndi name has to be specified in the name parameter of the managedConnectionFactoryName. Ex: for MS SQL Server, substitute 'MySqlDS' with 'MSSQLDS'.

Contributors: Vladimir Kleper and Pat Mongkolwat

  • No labels